Minimising Risks When Selling Glasses Online. Preventing Credit Card Fraud

4 January 2015

There are certain risks involved in selling glasses online and shipping them to people you never met to  far away city or even country. Glasses are expensive products, often range between $200-$500 and if they get lost in the mail or worse, bought with fraudulent credit card, you will be out of some money and it will not be pleasant. But there are few steps you can take that will majorly minimize your credit card fraud risks.

Verify the Credit Card

Even before you start filling the order you can do investigation of the buyer. It may only take a few minutes and with time you will develop a sixth sense to spot the trouble. Make sure that the key information about the buyer matches as follows:

-       Name of credit card holder matches the buyer. Sometimes buyer wants to ship to the name that is different from the card holder. If it’s just the first name, that might be Ok, but if entire name is not a match be alert. They may be using someone else’s card.

-       The billing address matches the bank records. If you accept credit card on your online glasses store you will know this information from the payment gateway (the credit card online payment portal). If you accept PayPal, billing address will match as per PayPal policies. You will be able to see both addresses and IP address of customer from LiveOptical dashboard.

-       The shipping address matches billing address. This is really ideal case scenario. But often people want the glasses be shipped to the different address. They might have moved or are travelling, or simply want the package be shipped to their work. 30% of the time the shipping address will be different from billing. You are taking a risk by shipping to a different address and may need to call the card holder to verify if he really made this purchase. Make sure you call the phone number that matches the bank records. Call the bank and get this phone number or get the bank call customer on your behalf. Obviously don’t just call the phone number customer gave you – they may have given you their phone number, not the card holder’s phone number. Be especially alert if the shipping address is in a different province or state or even country. You have to get the story right for yourself. Ask yourself does the story make sense? Are they legitimate?

-       The 3-4 digit code matches. Also called CVS or CVV, This code is on the back of the Visa/Master Card or front of AMEX. If the code mismatches, most of banks will decline the transaction for you, but in rare cases they will not. Be alert to always check that the code is match and NEVER ship glasses if it’s not the case. When the code didn’t match, it means the card was not on customer’s hand when placing an order, so card information likely stolen. Also be alert if you see from payment gateway that customer attempted to enter CVS code several times with hopes to guess it.

-       The IP address of customer matches billing/shipping address. At a minimum IP address (physical location of the computer/phone used for purchase) must match one of the addresses. If customer is in unrelated location, especially when billing and shipping addresses are different be extra alert.

-       The e-mail address makes sense. Sometimes the e-mail address will give you clues about the buyer. It may be the work e-mail, ex. [email protected] and the ship to address is Patterson LLP. Or it could be suspicious address [email protected] and package is for Martha. So who is Sarah? Be alert.

-       The credit card issuing country matches the billing/shipping address. This will become handy when billing address is not verified by bank. Usually international credit card issuers don’t provide address verification service to other countries. You will not be able to check the address unless you call the bank in that country, which could be time consuming. But you can always spend a few minutes to check if the country of credit card bank is same as shipping/billing address. What if the card was stolen from the tourist? Get this suspicion waived by checking.

After you checked all of the above, watch customer’s behavior. At times customer will behave unusually and you should be alert. For example customer ordered several pairs of glasses that are totally different, ex.one for man and one for woman. Or agrees to everything in a super polite manner. If you notify people that their order is on backorder or you no longer have the glasses on order any normal customer would not be happy. You might get alerted by someone saying that this is totally not a problem, they can wait or agree to switch to a completely different pair of glasses.

-       Transaction ID or Approval Code matches your own. This is the extreme measure, but it would certainly put the doubt to rest. Every online credit card transaction has a numeric ID and Approval Code that is issued by the card holder’s bank at the time sale is made. You will know these codes from the payment gateway. But customer typically will only see these by logging in their online banking or calling the bank. The bank will have to authenticate the card holder by asking all kind of questions about their birth date, account status etc. If customer gives you transaction ID it means bank gave it to them and transaction most likely is legitimate. We recommend doing this only if the above checks are mismatch because asking every customer to call the bank is an inconvenience and can create a wrong image for your website.

Verify The Buyer Behavior

You should be suspicious if any of the credit card information does not match the expectation. You can reaffirm your suspicion if customer behaves unnaturally. For example:

Customer is too nice. While it might sound funny, customer are too nice because they use stolen card. Just like in your current practice, people who come with fake credit card behave unnaturally. They talk too much, tell too many stories about themselves trying to make a case for themselves. Same applies for online glasses sales. Customer may be too agreeable to the backorder delays, change of colors or even models. Usually people are not happy about such order changes.

Customer rushes you. When the credit card is stolen, your customer only has a few weeks before it’s uncovered by the bank. So if the above matches fail and customer starts e-mailing you that they want the glasses badly, that should raise a red flag for you. Do more due diligence before shipping the glasses to them.

Use Verify By Visa Whenever You Can. Verify By Visa is created to mimic the physical POF machine when customer is entering the PIN Code. PIN Code is not written on the card, therefore very secure. But remember, this code can be reset online often by entering the correct birth date. So, in less likely scenario when entire wallet has been stolen, the birth date will be there too. Another drawback of Verify By Visa is that some legitimate customers get discouraged and shop elsewhere. To set this PIN a customer will need to call the bank or login to their online banking. Since most of websites don’t request it, you will be giving extra work for them. Verify By Visa is not a guarantee, but it is a secondary measure to protect the merchant. Use it at your own judgment.