Sunday, July 03, 2005
Credit Card Fraud Hitting Small Online Merchants Hard
Online merchants, especially small ones, are getting stung by the burgeoning black market for stolen credit cards. And a rash of recent security breaches at Visa USA, MasterCard International, American Express and others this year could worsen the problem, says trade association National Retail Federation. Merchants routinely are stuck with exorbitant bank charges when items are purchased fraudulently. Scores of small businesses already are shouldering thousands of dollars in bogus charges the banks won't touch.
"We're barely surviving," says Brian Mortensen, 39. His company, NJPhones, an authorized reseller of phone equipment, is on the hook for about US$20,000 in fraudulent online charges, lost inventory and transaction fees. Large e-merchants such as Amazon.com say their high-end security systems keep fraud losses at a tolerable level. Thousands of compromised credit card numbers are floating in cyberspace, where crooks hawk them, use them to buy goods over the Internet and electronically withdraw cash from credit card accounts.
Consumers are protected by credit card-issuing banks, which waive bogus purchases and contested cash transfers. Merchants, however, must absorb the cost if the banks conclude they weren't vigilant. "If the bank can assert that the merchant didn't follow certain best practices and appropriately verify the identity of the customer, then the merchant pays," says John Pironti, a security analyst at consultant Unisys.
Gena Sharpe runs a Web site that sells CDs by her daughter, Laurelyn Carter, 14, an aspiring country singer. Sharpe, 34, of Huntsville, Ala., owes her credit card authorizer nearly $500 in fees associated with fraudulent transactions from late April through May. "Why should I pay fees for fraudulent credit card purchases they don't catch?" The costs for fraudulent online purchases should be shared by credit card issuers who have suffered data breaches, says Mallory Duncan, general counsel at National Retail Federation. "Under the current system, the retailer is guilty until proven innocent."
But the nation's largest banking trade group contends merchants knowingly take on a greater risk when credit card transactions are made online. It is their responsibility to develop tighter security systems, says Nessa Feddis, an attorney at the American Bankers Association. A surefire way to eliminate charge-backs? "Shut down your Web site," says Ori Eisen, CEO of The 41st Parameter, which sells software that authenticates online credit card purchases.
Brought to you by the Guardian eCommerce Safe Site Privacy Seal Program.
"We're barely surviving," says Brian Mortensen, 39. His company, NJPhones, an authorized reseller of phone equipment, is on the hook for about US$20,000 in fraudulent online charges, lost inventory and transaction fees. Large e-merchants such as Amazon.com say their high-end security systems keep fraud losses at a tolerable level. Thousands of compromised credit card numbers are floating in cyberspace, where crooks hawk them, use them to buy goods over the Internet and electronically withdraw cash from credit card accounts.
Consumers are protected by credit card-issuing banks, which waive bogus purchases and contested cash transfers. Merchants, however, must absorb the cost if the banks conclude they weren't vigilant. "If the bank can assert that the merchant didn't follow certain best practices and appropriately verify the identity of the customer, then the merchant pays," says John Pironti, a security analyst at consultant Unisys.
Gena Sharpe runs a Web site that sells CDs by her daughter, Laurelyn Carter, 14, an aspiring country singer. Sharpe, 34, of Huntsville, Ala., owes her credit card authorizer nearly $500 in fees associated with fraudulent transactions from late April through May. "Why should I pay fees for fraudulent credit card purchases they don't catch?" The costs for fraudulent online purchases should be shared by credit card issuers who have suffered data breaches, says Mallory Duncan, general counsel at National Retail Federation. "Under the current system, the retailer is guilty until proven innocent."
But the nation's largest banking trade group contends merchants knowingly take on a greater risk when credit card transactions are made online. It is their responsibility to develop tighter security systems, says Nessa Feddis, an attorney at the American Bankers Association. A surefire way to eliminate charge-backs? "Shut down your Web site," says Ori Eisen, CEO of The 41st Parameter, which sells software that authenticates online credit card purchases.
Brought to you by the Guardian eCommerce Safe Site Privacy Seal Program.
