Fraud: 1

Alex Henderson
In November, 2006, electronic payment and online security specialist CyberSource announced the results of its 8th annual survey on e-commerce fraud: It reported that credit card fraud would cost U.S. merchants up to $3 billion in e-commerce revenue in 2006, up from $2.8 billion in 2005. It was also in November that the Association for Payment Clearing Services (APACS), a British banking association, released its own credit card fraud figures.

The good news APACS reported was that overall credit card fraud in the U.K. had fallen by 5 percent, from losses of approximately $428.6 million in the first half of 2005 to losses of $408.7 million during the first half of 2006.

The bad news, however, was that credit-not-present (CNP) fraud, which includes Internet and over-the-phone transactions, had increased and accounted for 46 percent of all credit card fraud in the U.K. during that period. That overall decrease of 5 percent, according to APACS, was due to fewer fraudulent in-person transactions. And the fact that online credit card fraud remains stubbornly persistent in the U.S., England and many other countries is a major concern for adult webmasters, who are well aware of the fact that too many chargebacks ultimately can put them out of business.

Choice Experts
XBIZ recently contacted several e-commerce experts to discuss the ways in which adult sites can prevent, reduce and combat credit card fraud — experts who include Rand Pate, communications director of Epoch Transaction Services/Paycom, a leading third-party payment processor; Bjorn Skarlen, former Internet director of the Barcelona, Spain-based Private Media Group and now manager of business development for the third-party processor CommerceGate; Christopher Mallick, CEO of 24-7 Commercial Marketing Inc. and owner/founder of; Ron Jenkins, CEO of payment processor DHD Media; and Harlan Yaffe, president of the gay-oriented, Miami-based affiliate program PrideBucks.

All of the experts said that while CNP fraud remains a major problem, adult sites are less likely to become CNP fraud victims if they are proactive rather than passive, and there is a long list of things that adult sites — both membership sites and online retailers — can do to avoid CNP fraud and increase their chances of staying in business and prospering.

"Credit card processing online is somewhat more risky than brick-and-mortar transactions due to several factors, not the least of which is that you cannot ask for a photo ID," Epoch/Paycom's Pate explained. "Nor are you able to acquire a customer's signature.

"Think of an online transaction through the following analogy: It is the equivalent of having someone walk into a store with a sack on his head and make a purchase by reading his card number to the clerk — not offering identification, not signing a draft and walking out of the store with the product — then being able to call their bank and reverse the transaction by saying 'I didn't do it.'"

But Pate added that while CNP transactions can be risky, diligent third-party processors — also known as Internet payment service providers or IPSPs — have learned to decrease the risk of CNP fraud through the art of good, effective scrubbing.

"The better the scrubbing, e-commerce experts say, the lower the risk of CNP fraud. And smart, careful scrubbing includes not only making sure that a credit card number matches the appropriate name, address and ZIP code, it also includes verifying the CVV2 or CVC2 number, which is the three-digit security code that Visa and MasterCard place on the back of their credit cards. In fact, asking for a CVV2 is mandatory in CNP transactions in some Western European countries.

CommerceGate's Skarlen noted that scrubbing can include white-listing or using VIP lists, which offer names of carefully screened and verified customers. According to MerchantSeek, a company that recommends merchant service providers, other methods of reducing the risk of CNP fraud can include scrutinizing orders from developing countries; scrutinizing people using free email accounts, such as those from Yahoo or Hotmail; and posting warnings that all IP addresses are being logged.

"Scrubbing will never be 100 percent, but you can ask a lot of questions," Skarlen said. "You can put people on the whitelist."

Vanessa Riles, customer service manager for Babeland, a company that started in 1993 and now specializes in selling sex toys online, asserted that adult sites need to be as vocal as possible when it comes to keeping law enforcement agencies abreast of fraud occurrences.

Stop, Thief!
"Often the same person will commit multiple acts of fraud with different aliases and different credit cards," Riles noted. "If you don't act to stop the person, he will most likely fraud your company again. It is also imperative that the adult company makes sure that the situation is well documented within their own order management system so that it will not ship to that same person again. There are many ways to limit the company's vulnerability, like increasing the number of parameters that must be met for an order to even go through into its system."

Riles estimated that in 2006, Babeland "lost about $10,000" to credit card fraud. But the adult sites that are the most vulnerable to CNP fraud, according to ePassporte's Mallick, are not sites that sell and ship physical merchandise but rather membership sites specializing in online adult content. Mallick, who before founding gained considerable experience fighting CNP fraud during his years at Paycom, said that on the adult Internet, CNP fraud is "less severe in deliverables than intangibles, such as content. Adult webmasters offering content only are clearly the biggest victims."

For content/membership adult sites, Mallick said, most CNP fraud is not from stolen credit card numbers but rather so-called "friendly fraud." Mallick estimated that friendly fraud "accounts for 80 percent of all chargebacks in our industry. Friendly fraud is hard to fight. The reason is that a cardholder can make a 30-second call to his bank and bam, the chargeback is done. There is too little friction in this area, in my opinion. It should be more difficult than saying, 'It wasn't me.'"

In part two, we'll continue our examination of fraud prevention and mitigation.