Manchester Center, VT-based general merchandise cataloger Vermont Country Store in February was victim to a series of fraudulent overseas orders totaling $36,439. But two alert employees at its call center and distribution facility prevented a bad situation from becoming much worse.

“Our people caught this problem early after recognizing that multiple, very large orders were being placed for identical products,” says president Bob Allen.“We were able to contact FedEx, and they held up most of the merchandise.” Nonetheless, $5,339 worth of fradulent orders did slip through.

From Feb. 4 though Feb. 19, Vermont Country Store received 65 fraudulent orders — all placed over the Internet — ranging in value from $300 to $4,765. The cataloger’s average order is closer to $60.

According to the vice president of operations Randy Kruml, 15 names and addresses were used multiple times, each time with different credit card numbers that were issued on foreign banks. Although all authorizations for the fraudulent orders were approved by Vermont Country Store’s payment processor, Salem, MA-based Paymentech, the orders were coded “U,” which signifies that no billing address was available at the time authorization was sought.

Kruml says that Vermont Country Store’s policy was to suspend all orders with an authorization code of “U” as potentially fraudulent, releasing them for shipment only after confirmation that the orders were legitimate. According to Paymentech, since most domestic banks subscribe to an address verification service (AVS), this code almost never appears on authorizations to cards issued by domestic banks, but it may come up when the credit card was issued by an offshore bank.

“Because our overseas business is almost zero, and we have not experienced high chargeback rates due to disputes from customers with cards resulting in the authorization code ‘U,’ our practice until now has been to accept the authorization and ship the order,” Allen says.

Vermont Country Store initially feared that it was the victim of the notorious hacker who recently stole more than 8 million credit-card numbers from Omaha, NE-based credit-card transaction processor Data Processors International (DPI). But that doesn’t appear to be the case. The companies involved now believe it was just a coincidence that Vermont Country Store’s fraudulent Web orders began coming through at about the same time that the hacker infiltrated DPI’s systems.

For the most up-to-date industry news, visit Catalog Age online at www.CatalogAgemag.com.

Manchester Center, VT-based general merchandise cataloger Vermont Country Store earlier this month was victim to a series of fraudulent overseas orders totaling $36,439. But two alert employees at its call center and distribution facility prevented a bad situation from becoming much worse.

From Feb. 4 though Feb. 19, Vermont Country Store received a total of 65 fraudulent orders—all placed over the Internet—ranging in order value from $300 to $600; the largest order totaled $4,765. The cataloger’s average order is closer to $60. “Our people caught this problem early after recognizing that multiple, very large orders, were being placed for identical product,” says president Bob Allen.

According to the cataloger’s vice president of operations Randy Kruml, 15 different names and addresses were used multiple times, each time with different credit card numbers that were issued on foreign banks. Although all authorizations for the fraudulent orders were approved by Vermont Country Store’s payment processor, Salem, MA-based Paymentech, the orders were coded “U,” which signifies that no billing address was available at the time authorization was sought.

Kruml says that all orders with an authorization code of “U” are suspended and reviewed as potentially fraudulent and released for shipment only after confirmation that the order is legitimate. According to Paymentech, since most domestic banks subscribe to address verification service (AVS), this code almost never appears on authorizations to cards issued by domestic banks but may come up when the credit card was issued by an offshore bank.

“Because our overseas business is almost zero, and we have not experienced high chargeback rates due to disputes from customers with cards resulting in the authorization code “U”, our practice until now has been to accept the authorization and ship the order,” Allen says.

But the number of orders and the high average order values were a red flag, plus, Allen notes, most of the merchandise ordered was going to same address. Vermont Country Store has been able to mitigate a significant potion of the damage, however. “We were able to contact Fedex and they’ve held up most of the merchandise,” he says, but orders totaling $5,339 slipped through.

Could this be the work of the notorious hacker who recently stole more than 8 million credit card numbers from Omaha, NE-based credit card transaction processor Data Processors International (DPI)? No one can say for sure at this point, but Allen, for one, believes there’s a connection. Vermont Country Store’s fraudulent Web orders began coming through about the same time, in early February, that the hacker infiltrated DPI’s systems.