Preventing Internet Fraud
Contributor: Mike de Sousa, Director, AbleStable®

One of the most significant decisions an Internet business takes is whether to handle on-line transactions. The first question you'll be asked is whether you have a merchant account. If you don't you might like to skip to the next section below entitled Options for start-ups: hand over your transactions.

Ensure your transaction budget covers all the bullet points below. If you are not confident your business can handle any one of the following issues our advice is to entrust a clearing bank or Internet payment transaction service to undertake your transactions. These services have invested heavily in security measures and transaction protocols that are designed to ensure the user and goods provider enjoy a trouble free payment pathway.

If you have a merchant account or are able to open one and you are confident about your companies ability to conduct your own on-line transactions there are a number of important issues you should consider before taking the plunge:

• Does your company have experience in implementing an effective server Firewall? We're not talking about an off-the-self solution here. Your systems must be water tight in order to prevent fraud, and should be custom installed and continuously monitored by expert staff. If credit card data from customers can be hacked and accessed your company will be potentially liable if it is shown your systems are not up to scratch.

• Is your data completely secure? If you answer yes to this question you're kidding yourself. Consider what risks you are willing to accept and make a judgement accordingly.

• Has your company developed internal security protocols that prevents any unauthorised member of your staff from accessing sensitive data on your server?

• Does your company fully comply with the Data Protection laws of your country?

• Do you have real-time backup procedures in place if your secure server fails?

• Do you have insurance against potential legal action from clients regarding disputed on-line transactions?

Finally, you must also ensure your web site supports transaction errors and carries FAQ's and a help section on your payment procedure.

Options for start-ups: hand over your transactions
For start-up businesses opening a merchant account can appear a catch 22 situation as you'll require at least six months evidence of your ability to trade in a responsible manner before being considered for a merchant account. All is not lost however as there are a number of specialist services such as PayPal, WorldPay and NetBanx who provide affordable solutions to single or multiple on-line transactions without the need for merchant status.

In all the above scenarios the customer is taken to a different site when making payment then returned to the original site upon payment completion. If you keep the customer informed at all times of the payment process, and provide clear information about the transaction service they will be visiting, customers are generally very happy to move from your server to a secure server and back again.

PayPal offers a model where prospective customers open an account at the PayPal web site and pay for goods via their PayPal account in the knowledge their card details are never passed on to the goods provider. The down side here is that despite the tens of thousands of Internet users who use PayPal, it is not a universal payment process like Visa. Users will in all probability not carry on with a payment process if they are required to consider a new third party registration, regardless of its' status or how simple it is. PayPal does however work for businesses who are targeting particular markets where their potential clients are of a certain demographic (below 30 years old for instance) and/or more likely to have a PayPal account.

Companies such as WorldPay and NetBanx offer traditional merchant accounts but also provide 'bureau' transaction services. For an additional percentage fee they will handle your on-line transactions. You'll need to visit as many transaction services as possible in order to find the service that best fits your needs. The costs associated with this method of handling on-line transactions is greater (up to around 8% of each transaction cost) but the advantages are great as all card data and payment handling is the responsibility of the transaction service.

Chargebacks: common sense advice
Merchant concern about online credit card fraud and chargebacks is rising at a significant rate. As e-commerce continues to flourish the number of instances of credit card fraud and chargebacks will continue to mount higher. Below you'll find six straight forward guidelines to help keep this unwelcome feature of Internet e-commerce under control:

1. On your order confirmation page provide the customer with: the product and/or service the customer has paid for; and the name, phone number, and e-mail address of your company (or the name that will appear on the customers bill) so your customer will recognise it when it appears on their monthly credit card statement.

2. Include the same information above (1) in the e-mail confirmation that your customers get when an order is placed.

3. Use Address Verification. People ordering products using a stolen card number will never use the real cardholder's billing address, so this is your chance to stop the order before it's too late.

4. If an order seems suspicious, phone or e-mail the customer and attempt to verify anything you can about them.

5. If you ship a product, include the customers invoice. Always keep copies so if you're ever challenged you have records.

6. Be wary of accepting orders from people who used a free e-mail address when ordering (i.e. Hotmail, Yahoo, etc.). Tracking people who used a free e-mail address is almost impossible, it's much easier for them to get away then if they used their Internet Service Provider (ISP) e-mail address. You may wish to add certain conditions in your payment process about what e-mail addresses are acceptable.

Profit or loss
By the end of this article you're probably wondering why any business in their right mind would directly support on-line transactions when all the responsibility for them can be so easily handed over.

The only persuasive reason for handling your own on-line transactions is to reduce your transaction costs and increase profits. If you think the investment's are worth it because you've carefully costed out all the alternatives and you're willing and able to meet the additional development and deployment costs, you may decide to dive in.

A final word
Although there are many companies who get away with implementing far less than we've advised here, the bottom line is that it's your business, your livelihood, and your responsibility. Always remember, if a customer has a bad experience with your payment procedure you'll loose their business on a permanent basis.