IE 11 is not supported. For an optimal experience visit our site on another browser.

Internet merchants fight back on fraud

Internet merchants once viewed chargebacks and other payment fraud as a cost of doing business, mainly because they are difficult and time-consuming to fight. But now they are increasingly pushing back.
/ Source: The Associated Press

Talk about buyer's remorse: A man who had purchased a $4,500 custom-made engagement ring over the Internet abruptly called off the wedding just days before the big day — then called his credit card company to get his money back.

He succeeded, but not for long., one of the largest jewelers on the Internet, fought the credit card chargeback, correctly arguing its 30-day return guarantee had long since expired. The customer was out the money.

Internet merchants once viewed such chargebacks and other payment fraud as a cost of doing business, mainly because they are difficult and time-consuming to fight. But with fraud sapping hundreds of millions of dollars from online revenues, companies that do all or most of their business over the Internet are increasingly pushing back.

"Merchants are not willing to accept this any more. They are fighting tooth and nail," said Kathleen Attinello, an executive vice president at Receivable Management Services, which fights chargebacks on behalf of online travel agencies, video game sites and other merchants.

Internet companies are trying to chip away at the fraud problem by hiring companies like RMS, employing technology that spots potential fraud before it happens and using payer-verification services such as those offered by Visa and MasterCard.

Payment fraud is a bigger problem for Internet merchants than for bricks-and-mortar retailers because, unlike a face-to-face sale, an online transaction does not require a customer's signature or credit card imprint.

So it's easy for a customer to get a charge reversed — and time-consuming for an Internet merchant to prove the sale was legitimate. In most online chargebacks, the cardholder denies ever making the purchase.

The predicament for Internet merchants is compounded because they, and not the card issuers, bear the liability in most fraud cases. It's the other way around in the offline world.

"It's a damnable problem for Web merchants," said David Robertson, publisher of The Nilson Report. The trade publication estimates the rate of credit card fraud to be 18 cents to 24 cents per $100 of online sales — three to four times higher than the overall rate of fraud.

Fraud-weary merchants have adopted elaborate procedures for completing a sale, matching a customer's shipping address to the billing address, verifying that the card hasn't been reported lost or stolen and checking for any unusual activity on the card.

Card companies are also helping Web merchants fight back, offering payer-authentication services and other fraud-fighting tools and streamlining the process by which chargeback disputes are mediated.

"The rules have changed," said Tom Sullivan, director of e-commerce risk at travel site and chairman of the Merchant Risk Council. "Internet merchants now have the ability to say, `Hey, this person accepted the terms and conditions explicitly, and as a result, shouldn't be able to charge this back."

The payer-authentication services, which Visa calls "Verified by Visa" and MasterCard calls "SecureCode," run on the same platform and work much the same way.

For cardholders registered with the programs, Internet retailers can ask for a password registered with the cardholder's bank, giving the retailer evidence of the purchase and leverage should a dispute arise.

Consumers participating in Verified by Visa accounted for 10 percent of the $113 billion in total Visa online volume in the United States in fiscal 2005. Visa expects that share to grow to 14 percent by 2010.

Some merchants, however, are reluctant to embrace payer authentication because they fear the additional step in the checkout process will turn off customers.

"The last thing we want to do is prevent a good sale from going through, but part of the intent of the process is to balance the return versus the risk," said Michael Yakal, a vice president at Visa USA.

European merchants have no such compunction about making card holders jump through hoops.

In fact, many European banks have gone a good deal further, issuing personal card readers and "smart" credit cards embedded with tiny computer chips. Customers swipe the card through the reader and enter a PIN number, prompting the reader to randomly generate a second PIN number that the customer provides to the merchant.

Bruce Rutherford, a vice president at MasterCard International Inc., expects smart card technology to eventually migrate to the United States.

But there are low-tech ways to fight fraud, too., a retailer of handbags, briefcases and luggage, calls the customer before shipping any order of more than one item.

Mike Aquilina, director of e-commerce at Fujitsu Computer Systems Corp., the computer-making subsidiary of Fujitsu Ltd., said a customer once claimed he never received the computer he had ordered online. Aquilina called the customer and promised that an FBI agent would be at his house to investigate. Within an hour, the customer called to say he had gotten his computer.

"The general assessment from vendors is that chargebacks are decreasing, not because the thieves aren't trying, but because the vendors have built up elaborate systems to try to protect themselves," Aquilina said.

Fraudsters especially love targeting Internet jewelers, because jewelry is so easy to fence. Pornography sites and electronics merchants are also hit frequently.

When was founded in 1999, 15 percent of its sales were charged back. The jeweler now uses a variety of fraud-reduction tools, including software that detects the physical location of the computer from which a product is ordered. Although chargebacks now constitute less than a quarter of 1 percent of sales, the company still fights every one.

"We do get some chargebacks," said Shmuel Gniwisch,'s chief executive. "There are some people who have outsmarted the system, but it's an education, and they taught us how to get some other loopholes plugged. They have a lot of time to do this, and they are going to sit there and try to outsmart you."

For those fraudulent purchases that do slip through, merchants are increasingly turning to companies like RMS, which last year enjoyed a 42 percent increase in the volume of credit card chargebacks it handled.

The Bethlehem-based company, which has 35 offices in the United States and abroad, has dealt with some goofy online disputes.

A man once tried to reverse the entire cost of his Mexican vacation because he couldn't get a lounge chair next to the hotel pool. Another tried to reverse the cost of a trip to Hawaii because the hotel room came with a queen-size bed, not a king.

"You would be surprised," RMS spokesman David Caruba said, "at how many companies in the past would eat something like that."