Choke Point: Preventing Credit Card Fraud

In the struggle to prevent fraudsters from turning stolen credit cards into cash online, retailers are the country's last, best defense

By Sarah D. Scalet

Page 2

All the while, online credit card fraud continues its inexorable rise, with the CyberSource study pinning 2005 losses at $2.8 billion, 8 percent more than the year before.

A Legacy of Tension

Merchants have never exactly had a harmonious relationship with the credit card associations and their member banks, the ones who put plastic into the hands of millions of Americans. With transactions done in the physical world, though, at least everyone understood the game. The retailer agreed to look at each card and get a signature. If a cardholder reported that a charge was fraudulent, the bank issued what's known as a "chargeback"—essentially, the bank took back the money and gave it to the cardholder. If the merchant then submitted the cardholder's signature, the merchant didn't have to pay the chargeback. It was the bank's problem.

If merchants didn't follow the rules or racked up too many chargebacks, the card associations could ban them from accepting credit cards. But if merchants weren't happy with the card associations' rules, they could stop accepting credit cards.

Then came the Internet. Suddenly, the number of card-not-present transactions—once the domain of catalog retailers—shot upward to a point where, this past Christmas season, Visa reported that about 10 percent of all spending on Visa cards was for online purchases. The problem is, accepting a credit card online is riskier than accepting one in person. Merchants have no good way of verifying that the person holding the card is the person who actually owns the card. They can't get a regular signature, and they are leery of introducing anything into the checkout process that slows down the transaction.

As a result, e-commerce merchants must accept liability for fraudulent purchases. There's no disputing the chargeback.

Proponents of the merchants' view say the charges are extreme. "If a merchant ships the [fraudulent] order, they lose merchandise, lose the transaction fee, lose the shipping fee and get a chargeback fee," says Dan Clements, CEO of CardCops, which monitors the Internet for stolen credit card numbers on behalf of both merchants and individuals. "They lose, lose, lose, lose, and the issuing bank and the acquiring bank split the chargeback fee as revenue."

To be fair, banks devote substantial resources to monitoring accounts for suspicious activity and blocking fraudulent charges (although they are loath to discuss it). But merchants know their customers and products better than anyone and are therefore in an excellent position to spot suspicious orders before a pattern of misuse on an individual account occurs. This means that merchants who do business online are being forced to invest in antifraud defenses—both technological and human—like they've never had to before.