Mar

15

10 Measures to Reduce Online Credit Card Fraud

Filed Under Security Issues, E-Commerce | Leave a Comment

During the last few years there has been an increase in online fraud of global scope and geometrically increasing proportions. There are now actual companies that specialize in spam and other illegal marketing techniques, like Phishing and Hacking, that take every opportunity to make a few pennies. Even though their net income per person is miniscule, it becomes significant when multiplied by hundreds of thousands or even millions. Added to this threat are the man amateur fraud artists around the world who troll the Internet for credit card and financial information to use for fraudulent purposes. Finally, identity thieves are reaping high rewards at the expense of both the target and the online retailer.

Credit card fraud on the Internet has reached gigantic proportions, and the merchants providing goods and services over the net are suffering tremendous losses through chargebacks from the financial institutions who serve the targeted credit card holders. Merchants who offer a product or service online have to take the risk of losing the cost of the product sold online, plus the added cost of chargeback fees, and they even face the possibility of having their merchant account terminated by the financial institutions serving them. While this cost can ultimately be passed on to the consumer, the development of this environment hurts business as a whole, and particularly hurts the small business owner.

The purpose of this article

is to introduce 10 preventative measures that merchants can take in order to minimize credit card fraud.

1. Geolocation by IP address

In the world of e-commerce, knowing the online buyers geographic information can help to prevent fraud. Geolocation technology provides the absolute geographic location by IP address of the computer from which the order is made in real-time e-commerce transactions, which can identify locations where the probability of fraud is the highest.

Geolocation by IP address can identify the user’s exact location or calculate the distance between billing address of online buyers and actual location of persons entering the orders. As a result, it allows the merchants to apply additional authentication measures or identification for those transactions which show a great difference of distance. As a result, Geolocation technology delivers data that helps merchants determine which transactions to review and which to allow. This creates a beneficial balance between the risk of fraud losses and that of blocking legitimate customers. Legitimate customers will actually welcome legitimate authentication measures, which will protect them from credit card fraud also and keep the costs of doing business on the Internet down, especially if the customer is properly informed and advised by the merchant of these protection measures.

2. Comparison of the IP address country with the billing address country

An IP address is a unique network identifier issued by an Internet Service Provider to a user’s computer every time they are logged on to the Internet. Make sure the IP address country and the billing address country are the same. If the customers billing and shipping addresses are in the US, but the person placing the order is logged in from an IP in Russia, this will require closer scrutiny, and will often trigger anti-fraud precautions. Although this situation could be legitimate, but it’s probably worth a phone call to the customer’s US phone number or other measures to confirm the order and the identity of the credit card user.

3. Check whether the country is a “high risk” country

Always require closer inspection for orders that being shipped to an international address. Pay more attention if the card or the shipping address is in an area prone to credit card fraud. According to a ClearCommerce® survey, the top 12 international sources for online fraud are Ukraine, Indonesia, Yugoslavia, Lithuania, Egypt, Romania, Bulgaria, Turkey, Russia, Pakistan, Malaysia, and Israel. The same survey also showed that the 12 countries with the lowest fraud rates are Austria, New Zealand, Taiwan, Norway, Spain, Japan, Switzerland, South Africa, Hong Kong, the UK, France, and Australia. While the fact that an order originates or is being delivered to one of the high risk countries is not, in itself, an indication of fraud, nor is the indication that the order originates in a low risk country any guarantee of its legitimacy, the trends and statistics are there, and merchants must use information about the origin and delivery addresses as a guide to how much authentication they should require from customers.

4. Check whether a free or anonymous e-mail address was used

Be aware that online buyers using free anonymous e-mail providers such as hotmail.com or yahoo.com are virtually untraceable. There is a much higher incidence of fraud coming from free email services than from paid service providers. Virtually everyone who has a free, web-based email address or forwarding address also has a traceable ISP address. While many legitimate customers use free email addresses, because they are convenient and economical. It is also true that most fraudsters use free email addresses in order to remain anonymous. However, most businesses purchasing a business product have their own domain names and even if they do not, they would not use a free email address. For these reasons, you need to have some way to get additional information when a free email address is used, such as the ability to locate the customer geographically when they place their order, so you will know which orders need further checking for authenticity. Keep an eye out for newly registered domain names. This is because fraudsters can register a new domain easily using the stolen credit card to pose as a new business entity.

5. Check whether an anonymous proxy server was used to place the order

Anonymous proxy servers allow Internet users to hide their actual IP address. The main purpose using a proxy server is to remain anonymous or to avoid being detected. While well known businesses use this to protect internal networks, fraudsters hide themselves behind anonymous proxy servers. It is not easy to detect anonymous proxy servers because they appear and disappear from time to time.

6. Check whether the mailing address is a mailbox or ship-forward service

Fraudsters prefer to stay untraceable but still need to collect physical merchandise. One way is to use a public P.O.Box, a private mailbox, or a drop shipment forwarding address as a temporary point of receiving. Never send merchandise to a public rented mailbox, a P.O. Box (except for those you identify as legitimate major companies by phoning their listed number), or shipping forwarder, because the actual location and identity of the receiver is undetectable.

7. Check whether the phone number is valid and located within the correct ZIP code

Often, merchant will discover orders with invalid zip codes or a mismatch between the zip code and area code will produce fraud rates that are significantly higher than usual. They may wish to apply more rigorous fraud prevention standards by verifying the validity of zip code and the area code. In addition, if the phone is identified as a V.O.I.P phone, offered by many services these days, a delay in shipment until the payment clears may be in order, especially for non-times sensitive items.

8. Compare the credit card issuing bank’s country with the billing address country

Another key point to bear in mind is to check the issuing country and the billing address. Make sure the issuing country and billing address country are the same. This is especially important, because minor banks may not have rigorous identification procedures.

9. Call the credit card issuing bank to verify the validity of credit card

If online merchants have any suspicions about an order and need to confirm the details of the order, they can call the issuing bank and ask to confirm the general account details. This is to make sure that the card is not stolen. The issuing bank phone number is based on the first 6 digits of credit card number known as the Bank Identification Number (BIN).

10. Request more identification if in doubt

While consumers value their privacy and require quick web site ordering facilities, it is important to gather sufficient customer identity details during the ordering process. The customers’ name, credit card number and expiry date is not enough. Merchants should call them for verification through phone or request a photo ID to be faxed if they have any doubts.

In Summary

Every merchant should aware of online credit card fraud, although it is something that can never be completely eliminated, but rather something that must be managed. One of the most important factors in controlling fraud is understanding the customer and implementing security measures that can adapt to the level of risk in each transaction. This white paper focuses on preventative methods and procedures that merchants can perform in order to limit credit card fraud.

 

Feb

16

Features of Microsoft Exchange 2007

Filed Under Companies, Hosting Software, Security Issues, Server Hosting | Leave a Comment

Microsoft Exchange 2007 is the new version of Microsoft’s market-leading Exchange email server. It simplifies communications, improves your ability to share information and increases message security and compliance.

Exchange 2007 is the most advanced messaging solution available, with full email, contacts, calendaring and wireless access capabilities. However, it is expensive to buy and install – over $10,000, even for smaller companies.

The most cost-effective way to implement the Exchange 2007 server for a small or midsized organization is to use an Exchange hosting provider. This will allow you to benefit from the new features, without paying the upfront costs of building an Exchange server in-house or having to maintain the server in the future.

Here are some of the new features of Exchange 2007:

Simplified and Integrated Communications

• Exchange 2007 allows you to customize your Out of Office messages through improved options, such as setting distinct messages for internal and external contacts.

• The Autodiscover feature will allow you to set up your Exchange account to the Outlook client quickly and easily – all you have to do is enter your email address and password and you’ll be started in minutes.

• Instant search will help you to locate information from any part of your Inbox by letting you search your e-mail (including attachments), contacts, tasks and calendar all at once.

• Unified Messaging lets you receive and access email, voicemail and faxes all in one place – your inbox.

Share Information and Schedule Meetings

• The sharing and meeting-scheduling tools of Exchange 2007 allow you to share calendars, task folders, contact lists and other information with colleagues and request to see the recipient’s information at the same time, allowing for improved group collaboration.

• Improved security levels for sharing govern who can view your schedule. You may provide access on a case-by-case basis and set different levels of permissions as you choose.

• The new Exchange 2007 Scheduling Assistant suggests the best time for a meeting based on the desired attendees’ schedules and even takes into account resource availability.

• The Booking Attendant easily allows you to schedule resources for your meetings by making it simple to search for and find available conference rooms or other resources.

Increased Message Security and Compliance

• Integrated security technologies provide the latest in active messaging protection to stop unwanted spam and viruses from entering your inbox.

• The new E-Mail Postmark technology manages email legitimacy by applying a token to email messages it sends as a check for the reliability of incoming messages.

Feb

16

What does hosted Exchange mean for Web hosting companies?

Filed Under Companies, General Issues, Hosting Software, Security Issues, Server Hosting | 1 Comment

Web hosting is a difficult industry, with prices and customer loyalty both on the decline. Most Web hosting companies are expanding their service offerings to fight these trends, and many of them are looking to offer hosted Microsoft Exchange services.

Research confirms that the vast majority of small businesses do not have sophisticated email, with mobile access and sharing of calendars, contacts and files. This leaves enormous growth potential for an offering that meets those needs.

The challenge for Web hosts, however, is the same as that of your small and medium-sized business customers: in order to offer an effective Exchange service, you have to invest large amounts of capital in the hardware and software, then manage the systems, maintain the equipment and the network and also support end-users.

The total cost over the first year, can easily exceed $100,000, which is both a large risk and also a difficult investment to recoup.

There is now an alternative, however: a number of hosted Exchange providers now offer private or white label partner programs, which allow you to sell your customers the latest hosted Exchange services, under your own brand, but without having to invest heavily in infrastructure, software and specialist personnel.

These private label programs offer the same infrastructure that the providers’ own customers use, with clustered servers, SAN storage, guaranteed uptime and all of the latest features of Exchange, badged as your own service.

The suppliers also provide marketing materials, sales coaching and level two support, which is handled by their own in-house support teams with specialist knowledge.

Feb

16

‘Phishing’ Scammers Try New Tactics

Filed Under General Issues, Security Issues | Leave a Comment

It used to be that phishing attacks, a kind of computer fraud, centered around e-mails that attempted to trick users into giving up passwords.But the assaults are getting more sophisticated. In some cases, phishers are employing special software that allows them to persuade users they’re dealing with a legitimate Web site.

Scott London, an attorney in Santa Barbara, Calif., and thinks of himself as Internet savvy — not the sort of person who gets taken in by online scams.

Until he did.

“Everything just seemed like it was on the up and up — there was nothing that led me to believe I was on an improper site. In hindsight I look at it and say: What an idiot I was. Why didn’t I look at this and see this?”

London had recently bought a bike and a set of skis on eBay, so he wasn’t surprised when he got an e-mail claiming to be from the payment service Pay Pal. The e-mail asked for some information, then took him to a Web site that he says looked exactly like the real Pay Pal site.

He put in his password. Almost immediately London knew something was up, because money started disappearing from his accounts.

“It’s one of those things, you’re just going through all your e-mails, you’re not giving 100 percent of your attention to what you are doing — and before you know it, you’re getting a phone call from a watchdog organization saying, ‘Hey, you’re in trouble.’”

London was lucky. Someone saw his personal information on an online chat room and called to alert him. He put a hold on his accounts.

Experts say cases like London’s have become increasingly common.

Analyst George Tubin from the Tower Group said this kind of fraud is organized crime, and is based in the United States and foreign countries. He said for around $1,000, people can buy software called a “Universal Phishing” kit. The software lets them set up what’s known as a “Man in the Middle” phishing attack, where they create a phony Web site that sits between an unsuspecting computer user and a real Web site.

For instance, it can use a real bank site’s interactive features to fool users into believing they are talking to their bank, when in reality they are feeding information to an identity thief.

In order to curb the problem, new federal guidelines require banks to establish multiple authentication procedures. But Tubin said the banks are facing determined adversaries.

“I think the thing that banks are starting to recognize is, this is not a one-time war,” he said. “This is an ongoing battle, and as a gentleman from the FBI described it to me, the criminals try to come over our 10-foot wall with a 15-foot ladder. So we go out and build a 20-foot wall, and it’s just a matter of time before they come back with a 25-foot ladder.”

And researchers say there is another problem for the banks — human nature. They say as customers grow increasingly familiar with online banking, they tend to let down their guard.

A recent study conducted by Harvard and MIT found even when participants were confronted with increasingly alarming clues that a bank’s Web site had been compromised most logged on anyway.

Banks say there are safeguards designed to prevent attacks on their online systems which consumers and hackers can’t see.

However, the amount of money lost to online phishing attacks is on the rise.

There is also the fear that as big banks boost the security on their Web sites the fraudsters will simply move downstream, targeting smaller financial institutions with less elaborate security measures.

Source: http://www.npr.org