Mar

15

10 Measures to Reduce Online Credit Card Fraud

Filed Under Security Issues, E-Commerce | Leave a Comment

During the last few years there has been an increase in online fraud of global scope and geometrically increasing proportions. There are now actual companies that specialize in spam and other illegal marketing techniques, like Phishing and Hacking, that take every opportunity to make a few pennies. Even though their net income per person is miniscule, it becomes significant when multiplied by hundreds of thousands or even millions. Added to this threat are the man amateur fraud artists around the world who troll the Internet for credit card and financial information to use for fraudulent purposes. Finally, identity thieves are reaping high rewards at the expense of both the target and the online retailer.

Credit card fraud on the Internet has reached gigantic proportions, and the merchants providing goods and services over the net are suffering tremendous losses through chargebacks from the financial institutions who serve the targeted credit card holders. Merchants who offer a product or service online have to take the risk of losing the cost of the product sold online, plus the added cost of chargeback fees, and they even face the possibility of having their merchant account terminated by the financial institutions serving them. While this cost can ultimately be passed on to the consumer, the development of this environment hurts business as a whole, and particularly hurts the small business owner.

The purpose of this article

is to introduce 10 preventative measures that merchants can take in order to minimize credit card fraud.

1. Geolocation by IP address

In the world of e-commerce, knowing the online buyers geographic information can help to prevent fraud. Geolocation technology provides the absolute geographic location by IP address of the computer from which the order is made in real-time e-commerce transactions, which can identify locations where the probability of fraud is the highest.

Geolocation by IP address can identify the user’s exact location or calculate the distance between billing address of online buyers and actual location of persons entering the orders. As a result, it allows the merchants to apply additional authentication measures or identification for those transactions which show a great difference of distance. As a result, Geolocation technology delivers data that helps merchants determine which transactions to review and which to allow. This creates a beneficial balance between the risk of fraud losses and that of blocking legitimate customers. Legitimate customers will actually welcome legitimate authentication measures, which will protect them from credit card fraud also and keep the costs of doing business on the Internet down, especially if the customer is properly informed and advised by the merchant of these protection measures.

2. Comparison of the IP address country with the billing address country

An IP address is a unique network identifier issued by an Internet Service Provider to a user’s computer every time they are logged on to the Internet. Make sure the IP address country and the billing address country are the same. If the customers billing and shipping addresses are in the US, but the person placing the order is logged in from an IP in Russia, this will require closer scrutiny, and will often trigger anti-fraud precautions. Although this situation could be legitimate, but it’s probably worth a phone call to the customer’s US phone number or other measures to confirm the order and the identity of the credit card user.

3. Check whether the country is a “high risk” country

Always require closer inspection for orders that being shipped to an international address. Pay more attention if the card or the shipping address is in an area prone to credit card fraud. According to a ClearCommerce® survey, the top 12 international sources for online fraud are Ukraine, Indonesia, Yugoslavia, Lithuania, Egypt, Romania, Bulgaria, Turkey, Russia, Pakistan, Malaysia, and Israel. The same survey also showed that the 12 countries with the lowest fraud rates are Austria, New Zealand, Taiwan, Norway, Spain, Japan, Switzerland, South Africa, Hong Kong, the UK, France, and Australia. While the fact that an order originates or is being delivered to one of the high risk countries is not, in itself, an indication of fraud, nor is the indication that the order originates in a low risk country any guarantee of its legitimacy, the trends and statistics are there, and merchants must use information about the origin and delivery addresses as a guide to how much authentication they should require from customers.

4. Check whether a free or anonymous e-mail address was used

Be aware that online buyers using free anonymous e-mail providers such as hotmail.com or yahoo.com are virtually untraceable. There is a much higher incidence of fraud coming from free email services than from paid service providers. Virtually everyone who has a free, web-based email address or forwarding address also has a traceable ISP address. While many legitimate customers use free email addresses, because they are convenient and economical. It is also true that most fraudsters use free email addresses in order to remain anonymous. However, most businesses purchasing a business product have their own domain names and even if they do not, they would not use a free email address. For these reasons, you need to have some way to get additional information when a free email address is used, such as the ability to locate the customer geographically when they place their order, so you will know which orders need further checking for authenticity. Keep an eye out for newly registered domain names. This is because fraudsters can register a new domain easily using the stolen credit card to pose as a new business entity.

5. Check whether an anonymous proxy server was used to place the order

Anonymous proxy servers allow Internet users to hide their actual IP address. The main purpose using a proxy server is to remain anonymous or to avoid being detected. While well known businesses use this to protect internal networks, fraudsters hide themselves behind anonymous proxy servers. It is not easy to detect anonymous proxy servers because they appear and disappear from time to time.

6. Check whether the mailing address is a mailbox or ship-forward service

Fraudsters prefer to stay untraceable but still need to collect physical merchandise. One way is to use a public P.O.Box, a private mailbox, or a drop shipment forwarding address as a temporary point of receiving. Never send merchandise to a public rented mailbox, a P.O. Box (except for those you identify as legitimate major companies by phoning their listed number), or shipping forwarder, because the actual location and identity of the receiver is undetectable.

7. Check whether the phone number is valid and located within the correct ZIP code

Often, merchant will discover orders with invalid zip codes or a mismatch between the zip code and area code will produce fraud rates that are significantly higher than usual. They may wish to apply more rigorous fraud prevention standards by verifying the validity of zip code and the area code. In addition, if the phone is identified as a V.O.I.P phone, offered by many services these days, a delay in shipment until the payment clears may be in order, especially for non-times sensitive items.

8. Compare the credit card issuing bank’s country with the billing address country

Another key point to bear in mind is to check the issuing country and the billing address. Make sure the issuing country and billing address country are the same. This is especially important, because minor banks may not have rigorous identification procedures.

9. Call the credit card issuing bank to verify the validity of credit card

If online merchants have any suspicions about an order and need to confirm the details of the order, they can call the issuing bank and ask to confirm the general account details. This is to make sure that the card is not stolen. The issuing bank phone number is based on the first 6 digits of credit card number known as the Bank Identification Number (BIN).

10. Request more identification if in doubt

While consumers value their privacy and require quick web site ordering facilities, it is important to gather sufficient customer identity details during the ordering process. The customers’ name, credit card number and expiry date is not enough. Merchants should call them for verification through phone or request a photo ID to be faxed if they have any doubts.

In Summary

Every merchant should aware of online credit card fraud, although it is something that can never be completely eliminated, but rather something that must be managed. One of the most important factors in controlling fraud is understanding the customer and implementing security measures that can adapt to the level of risk in each transaction. This white paper focuses on preventative methods and procedures that merchants can perform in order to limit credit card fraud.

 

Feb

14

Choosing the right hosting service for your site

Filed Under Companies, General Issues, E-Commerce | Leave a Comment

Explosive growth in use of information systems and the Internet for all manner of business applications has made provision of proper web hosting services. Whether novice or expert, you can find some useful information in this article to learn about some of the considerations to look at when you choose a web hosting service.

The cost of hosting services that you can find on the net varies a lot. Options like disk space, bandwidth allowance, control panel and operating system in a hosting account determines the price that you have to pay. First, to start finding a host for your site, you need to determine your requirements for your site. For the sake of the beginners, I will consider shared and dedicated hosting only.

1) Size, scalability and disk space.

Will your website and content grow from time to time or you just need to publish a set of content that will expire after some time?

> A corporate site with less than 20 web pages, a disk space of less than 40MB should be enough.
> If you want to start a site about a certain topic or industry, consider getting a hosting account with at least 60MB disk space for a start.
> If you intend to publish a site with a lot of pictures or mp3 for users to download or purchase, consider a 100MB disk space hosting account.
> For personal sites, consider a 30MB MB disk space hosting account.
> If you are in charge of an enterprise that needs to publish a lot of information and offer intranet system and public services, consider a dedicated server instead.

These days, many hosting providers offer hosting services that exceed the disk space requirement standard for any given websites. Although more is better, it is not always necessary. Disk space can be purchased from time to time if it is not sufficient. So choose a hosting account appropriately depending on how much space you will need.

Secondly, consider hosting providers that can support the growth of your website and business, so that you can scale your website affordably. Ask about the companies’ application, network, disk space cost, facilities and the solution they can offer as your site grows.

The features of a hosting account has a lot to do with what you can do for your site. It is of utmost importance to find a host that matches your skills and interest. Let’s go step by step!

2) Platform and hardware requirements.

The most popular web server nowadays runs on Windows 2000, Apache, Cobalt or Linux®. The design goals of both Unix®/Linux® and Windows are very similar in nature. These operating system are portability, extensibility, and an ability to run on various different computers, whether they are desktop PCs or departmental servers. Your choice of operating system will classify the service and type of software that you can deploy and the kind of applications that your site can run on.

Windows NT® or Windows 2000 servers are configured to be compatible with Microsoft® applications, such as FrontPage, Access and MS SQL. NT/Windows 2000 servers also offer programming environments such as Active Server Pages (ASP), Visual Basic Scripts, MS Index Server and Cold Fusion. So if you are familiar with Microsoft®’s Internet Technologies, consider Windows NT® or Windows 2000 hosting services. Also, consider the speed of the processor and the amount of RAM (memory) that is installed on the server. Compare and choose the hosting provider that can offer you high processor speed and bigger amount of RAM (memory) at a reasonable price.

The Unix® platform offers tried and tested stability and the speed for enterprise level e-business. Linux® should also be mentioned when talking about Unix®. Many people do not realize that Linux® falls under the realm of Unix®. This is because Linux® is actually a Unix® derivative. Unix® or Linux® hosting often comes with telnet access, mySQL database, Perl, PHP and CGI support. If you are familiar with Unix® file naming, PERL or PHP applications, consider a Unix® or Linux® hosting account.

If you are not familiar with any of these operating systems, and if you prefer an easy to use platform, consider a Windows 2000 hosting account. If you are looking forward to learning the Perl programming language or if reliability or stability is a concern, consider an Unix® or Linux® hosting account.

Whichever platform that you choose, determine your goals for your site and find out the requirements to run your site. Based on your needs, determine the compatibility of the application or programming language that you need to use. Once you have all these in mind, you can safely and easily decide which platform is most suitable for your need.

3) Email Accounts.

Look for email accounts with web based access as well as POP3. The best ones are those with administrator control. Generally, you should have at least 5 email accounts for 3 users. Depending on the number users that have in your organization, you should have least 2 to 5 standby email accounts. Some hosting providers offer unlimited email accounts as well. Features like auto responders, email aliases and email forwarding is very common nowadays.

4) Software and services.

Web hosting in the open Internet market today is very competitive. A good hosting provider will offer speedy internet connection, proper security measures, featured rich hosting, and reliable server uptime. There are over a 100 types of features that a host can offer. Look for only what you need. Some of the most widely offered features include.

a) Database

Determine your requirements and decide if database is required. If you need to store a lot of records or transactions, a database can be very helpful. MS Access, mySQL and MS SQL Server are some of the most widely used database on the internet. If you are decide a Unix® or Linux® hosting is your preferred choice, mySQL suits perfectly for your site. Alternatively, if a Windows 2000 server hosting is your option, you have the choice of either a MS Access or a MS SQL server.

b) Scripting language

If you think Microsoft® Active Server Pages can’t be used in Linux® or Unix®, you are wrong. With more and more new and advanced technologies coming up to support cross platform, virtually all popular scripting languages can be used on either Windows 2000 and Unix®. Nevertheless, it is advisable that you still stick to the platform and scripting language that you know best. If Perl, Cgi, Php and mySQL are your favorite scripting languages and tools, stick to Linux® or Unix®. Find the host that supports the latest version. Insist that they inform you so that you maximize the latest web technologies for the fee that you pay.

c) Microsoft® FrontPage Support

This configuration allows you to use Microsoft® FrontPage to design, create and manage your website.

d) FTP Accounts

This is by default the standard method of uploading and downloading files from your computer to your site.

e) Raw Log Access

Often you don’t need raw log. Each log size is very big and it is very hard to interpret it into useful information. Instead insist the host provider offer web statistics software for your site so that you can harness the detailed analytics buried deep within gigabytes of raw log and provide you the insights you need to market your site successfully.

f) Control Panel

Control Panel is a service provided by the host to help manage your web hosting account efficiently. This a is very useful tool that you need when you want things to be done quickly and dynamically. Check out this feature when you are looking for a host to sign up with

g) Ecommerce Options

If you want to sell a service or product online, you need to find a hosting provider that offers a selection of ecommerce features and payment processing services. Shopping cart, SSL security certificate and credit card merchant providers are some of the options you need to consider. Currently, the easiest and most widely used ecommerce system is Miva® Merchant. Look for a host that supports this. Other shopping cart systems are also available and some hosting providers offer this feature for free as part of the hosting plan.

h) Components

Many scripting languages require third party extensions or additional extension to develop cutting-edge web technologies. Some of these components are available at an additional cost. View carefully and ask if required whether the hosting company provides the components that you need.

For example, if want to develop a site using Microsoft® Active Server Pages, you may want to know if the host provides additional third party components like SAFileup, ASPMail, and BrowserHawk.

5) Speed

Web users do not tolerate slow websites, and to a certain extent, you can avoid the problem by choosing a hosting provider that is committed to supply high speed connection and redundant lines to ensure your site remains responsive and that your data moves quickly even if your primary Internet connections are temporarily unavailable.

Although the speed of a site can be caused by various and complicated problem areas, ranging from routing, web server set up, and local area networks, the main and major concern of how fast your site is depends very much on the types of network connections. The general types of network connections that a hosting provider often provides are given below.

Many hosting providers still connect to the Internet through T1, or T3 connections, although there has been an increase of hosting services using OC (Optical Carrier) lines.

A T1 line will offer data transfer rate of 1.5 Mbps (megabits per second), while a T3 line can supply data transfer rates of 43Mbps. Ultra-High Speed OC3 and OC12 lines offers 155Mbps and 622Mbps respectively. Some hosting providers have connections to major internet backbones at the speed of OC48 (2488Mbps).

Thus, consider finding a host that provides reasonable internet connections. You can do a speed test to determine the average response time from a hosting provider’s site to your computer. Ping displays a report that includes the time it takes to receive a control packet from the remote host. High values of packet loss and response time indicate low connection performances, while low response time often means more reliable and faster connection. Please take note that the user’s experience of response time is not limited to server’s connection, but the throughput of the web server, the Internet itself, and user’s connection.

6) Bandwidth.

Bandwidth is the amount of files and data that you can transfer per month. The standard allowance you get is 1 gigabyte of bandwidth per month. Every time a visitor views your site they are downloading files from your site, this uses your bandwidth. If you have a page that is 30kb in size including images and 10 people view that page you would have used 300kilobytes of bandwidth.(1 gigabyte = approximately 1,000,000 kilobytes)

When choosing a hosting provider, the amount of bandwidth you have can be crucial to the success of your site. Generally speaking, the more bandwidth you have, the more traffic your site will be able to handle at one time. Consider finding a host that provides at least 2.5GB of monthly bandwidth allowance. If your site acts as a portal for web users to find information, consider 6GB of monthly bandwidth allowance for a start. Some hosting providers offer unlimited bandwidth. We suggest that you read its Terms of Use before signing up.

7) Reliability and Scalability.

Choose a provider offering a guarantee that your Website will be open for business at least 99% of the time. Excellent Web hosting providers can offer this guarantee because they have invested in the best automatic monitoring equipment, hired experienced engineers who can anticipate problems and emergencies, and installed redundant back-up systems to take over the moment anything goes wrong.

8) Support.

Maintaining and running a web hosting company is not easy. In fact, finding highly experienced web technicians to respond and support inquiries 24 hours and 7 days a week is even harder. Because successful implementation of a web hosting company often depends on how the management team executes its plan, policies, and goals, you can easily test if the web hosting company will respond to you quickly by asking them questions through email a few times.

There are a few things you can do to find a host with good technical support.

Find out if the company provides online knowledgebase and FAQ support. Check if the system is frequently updated and used. Online knowledgebase and FAQ are very handy tools when you have trouble with your website at anytime.

Find out if a control panel is available for your site. Control Panel allows you to change and manage your hosting account remotely at anytime without any support intervention.

Find out the company’s current status and how many years the company has been operating. Hosting providers that do not determine the needs of their customers have ceased or will eventually cease operations in this industry, leaving only the best-of-breed hosting providers to progress and move ahead.

Find out if the company has any technical certification in supporting and providing the service you purchase

9) Cost.

Check the cost of the hosting plans carefully. Some hosting features are optional. You can also save some cost if you prepay a yearly payment. The cost of shared hosting plans and dedicated hosting plans varies a lot.

Feb

14

eCommerce Online Payment Options

Filed Under E-Commerce | 1 Comment

The ever increasing market for ecommerce has created a wide variety of methods by which a budding entrepreneur may do bushiness online. This article will review the most common methods available to allow customers to pay for goods on a website. These include, in rough order of complexity, online check solutions, 3rd party processors, and finally merchant account / payment gateways. Depending on the nature of your business, one of these will probably suffice. Larger businesses may even consider providing multiple payment methods in order to cover as many potential customers as possible.

Online Check Solutions
Online check solutions allow customers to submit payment via their checking account. This requires the customer provide their checking account number and routing information to the processor in order to complete payment. In theory online check payment will reach a broad range of potential customers, since it is more likely to find someone with a checking account and no credit cards than with a credit card and no checking account. Online check solutions may also be able to hook up with an existing business checking account and not require the opening of additional banking accounts, unlike most merchant account solutions. Broad reach and ease of use are the main positives, but there is a negative. Increasing emphasis on Internet fraud has created a public concern about the safety of doing business online. Some may not wish to make online purchases with their checking account, in absence of the easier resource a chargeback on a credit card provides.

3rd Party Processors
Increasing in popularity, 3rd party processors allow online shop owners to take credit card payments but alleviates the need for them to apply for their own merchant accounts. As the term implies, 3rd party processors perform the credit card transactions through their own merchant accounts, and charge a percentage of the transaction, plus perhaps other fees, to the merchant. These transaction fees are usually higher than a merchant would pay through their own personal merchant account, but the inconvenience of obtaining a merchant account is part of the broad appeal of 3rd party processors. The most well known of the 3rd party processors is PayPal. There are competing services, though. Some, such as ClickBank are geared towards so-called “downloadables,” and others like CCBill target other niche markets such as subscription websites.

If you are considering the use of a 3rd party processor, first think about the nature of your business and the volume you can reasonably expect. If you are selling downloadables like software packages, or are considering a subscription site, PayPal may not be the best choice. If you are selling physical products, then think in terms of volume. With a 3rd party processor you will be paying higher percentage fees and transaction fees, which, if you start doing a brisk business, will cost you more over time. If your volume goes up, it might be better to consider the use of a merchant account with favorable terms. Finally, keep in mind one downside to 3rd party processors. In the eyes of a prospective customer, they can make the store appear less reliable and reputable. The very difficulty of getting a merchant account does lend it an air of respectability, as theoretically, the owner had to provide more credentials and undergo closer scrutiny.

Merchant Accounts
Full merchant accounts allow store owners to charge customer credit cards directly, without the help of a 3rd party company. The money charged goes directly into their account. Having a merchant account can create a more secure identity in the minds of your client, as they are not as easily obtained as a 3rd party processor. Unlike the comparatively small selection of 3rd party processors, there is a much wider selection in merchant account providers. This makes careful shopping a must. Again, look at your product and try to estimate demand. There are a variety of fees associated with a merchant account, and how a specific account assesses these fees can make all the difference. Stores that sell a low volume of goods in a monthly period should look for a merchant account with a higher transaction fee in exchange for a lower base monthly fee. Higher volume stores should look for the opposite, lower transactions fees and a higher monthly fee. More money may be saved with the higher monthly fee in concert with a low transaction fee percentage. Some merchant account providers, like PayQuake, offer a variety of tiered services to meet both kinds of need.

Where to look for a merchant account? You may want to start with your current bank. Most banks have merchant account solutions, and starting with an institution with which you are already a member may have some benefits. Make sure you discuss merchant account solutions for online transactions, as their accounts and fees (as well as approval difficulty) may differ from those designed for “brick and mortar” store fronts where a card is physically swiped for payment. Prospective online shopkeeps are by no means restricted to working with their current bank for merchant services. A number of large institutions provide merchant account services over the web. CardService International is one such organization, as is PayQuake (mentioned earlier), but there are many others. Shop around and look for the deal thats best for your particular needs. What might be right for one business won’t be the best fit for another.

With any merchant account from any provider, verify it provides a payment gateway that is compatible with your ecommerce store software. The payment gateway is the bridge between your online storefront and your merchant account. There are a great deal of them, just like different store software, but most perform equally as well as the next. There will probably be a “gateway fee” charged as part of a merchant account package’s costs. Most of the common store packages support a variety of payment gateways, so finding one that is compatible with a chosen merchant account shouldn’t be too difficult.

Conclusions
A number of options have been considered. Online checks, though common, may make customers uncomfortable in a world where Internet fraud is such a hot topic. 3rd party processors make taking credit cards easy, but that same ease works against them in the eyes of the picky consumer who won’t take a PayPal store “seriously”. Merchant accounts provide the most common, respected means to take payment, but they can be difficult to obtain and the sheer number of choices can be confusing. No matter what option, or options, chosen, do the necessary research and find the solution that works best for your individual needs.