Digital (Shopping) Divide

American retailers dont like to do business with customers whose IP addresses place them in parts of the world with a high incidence of fraud

Nov. 30, 2005Its that time of year when Americans are exercising their God-given right to shop. Vigorously exercising. And with newspapers abuzz about Cyber Mondaythe first big workday after Thanksgiving and one of the busiest days of the year for online retailersit seems like an appropriate time to introduce to you all a man named Danny Lim.

Lim lives in Singapore with his wife and a son who happens to have very wide feet. Wide shoes are hard to find in Singapore, so Lims wife decided to shop for them on U.S. websites. There was just one problem: No one would sell her the shoes. American retailers dont like to take credit cards from other countries; they dont like to ship things overseas; and they especially dont like to do business with customers whose IP addresses place them in parts of the world with a high incidence of fraudlike Singapore.

Whenever theres a problem, theres an opportunity, Lim says pragmatically. He founded a company called ComGateway, which aims to bring the contents of online shopping carts in the United States to customers in Asia. Some 3,000 Singaporeans have already signed up for the service, which gives them a mailing address in Portland, Ore., from which ComGateway forwards their packages.

The startup has taken two steps to address security concerns. One, the company partnered with both Mastercard and DBS, Sinagpores largest bank, to integrate the address verification service (AVS) widely used by online retailers, which typically works only for U.S. credit cards. (AVS is the reason online retailers always want to know your billing address. If the billing address you provide doesnt match the one the credit card company has on file, the retailer may flag the transaction as a potential fraud.)

Second, when subscribers make a purchase online, they have to fill out a form on ComGateways website stating what theyve purchased, where and for how much. ComGateways system then calls the customers registered cell phone and asks for a PIN to confirm the transaction. Authentication wonks call this out-of-band verification.

Merchants dont have to sign up for the program. They just have to clear the purchase despite what may seem on the surface to be suspicious activitya lot of purchases going to that address in Portland, for instance, and a customer IP address that doesnt match the shipping location.

If an order is rejected, usually the hardest part of the verification process for ComGateway is getting the correct person on the phone at the merchants headquarters. Most of the time you can only get customer service, and theyre not trained or dont have the authority to address security issues, Lim says. But many retailers are clearing the shipments, and Lim claims a 100 percent fraud-free track record. The company has ambitious plans to roll out the service to other countries, starting with Hong Kong and two major cities in China sometime in the next year.