By Melody Lashmar - Another mention of consumer initiated fraud was found in this paper published by the Philadelphia Fed http://www.philadelphiafed.org/consumer-credit-and-payments/payment-cards-center/publications/discussion-papers/2002/fraudmanagement_042002.pdf, In November 2001, The Philadelphia Federal Reserve office hosted a workshop on fraud management in the credit card industry. This report detailed various aspects of fraud and not just the consumer initiated fraud that a merchant receives. There are a couple paragraphs out of this publication that I want to share.
"In the Internet world there is no such connection. The order flows anonymously from a computer that can be located anywhere with no ability for the merchant to authenticate that the card number presented is associated with the actual cardholder. At this point there is no authentication system that has been generally adopted by all parties (credit card associations, issuers, merchants and consumers). Smart cards used with readers attached to computers offer one possible solution; but to date there has been little interest by consumers or computer manufacturers to invest in this technology. Issuers broadly indemnify cardholders from Internet fraud; therefore there is little incentive for consumers to make such investments. Association rules allow issuers to charge back these fraudulent transactions to merchants, which further diffuses incentives to tackle the problem.
Another factor, according to Buttafogo, is the percentage of Internet fraud transactions that may be classified as “familiar fraud.” A transaction may be legitimately initiated by the cardholder for a product that could be considered dubious in nature, (i.e., pornography on the Internet). When confronted by a family member the individual may deny knowledge of the transaction and then report it as fraud. A legitimately billed transaction can then be reported as “never received” and reversed by the issuing bank. The U.S. Banker in a December 2001 report on cyber-fraud entitled, 'I Didn't Do It' suggested that pornography charges like these probably accounted for half of all online fraud.
Buttafogo then spoke about an even more insidious abuse in the card not present Internet environment. Computer programs, such as CreditMaster and Credit Wizard, are easily available on the Internet, and can be used to generate sequences of 16-digit credit card numbers from valid Bank Identification Numbers or BINs (the first six digits of any card number). This enables the criminal to quickly transact multiple fraudulent sales from online merchants whose security does not block sales to sequential numbers. According to Buttafogo, these programs are the favored tools of organized gangs who are believed to be responsible for a significant percentage of the dollar losses associated with Internet fraud. "
To sum up the above discussion, consumers lie and steal at a rate that easily surpasses the restrictions for fraud placed on merchant accounts, online transactions suffer from a lack of systems that can guarantee the identity of the person entering the transaction information, online purchasing is targeted by fraudsters with computer programs to find and use card numbers and finally, merchants must bear the responsibility of this fraud as there is no incentive for anyone else in the transaction chain to take corrective action.
I think there are some very simple things that can be done to start to address the issue without putting more burden on the merchants while still being reasonable to the interests of the rest of the stakeholders. I will address these options in the next publication. In the mean time, ensure that your gateway and your merchant account provider can clearly articulate their current fraud measures and that they are continually working on your behalf to identify fraudulent transactions such as blocking sequential numbers to reduce the cost of fraud for your business.
