Fraudsters beware. Tom Suhadolnik is watching you.
As the founder and CEO of online cigar shop TheSmokeShop.com, he's fed up with fraudulent credit card orders placed on his site. He estimates that between 5 percent and 10 percent of his orders are bogus.
Two years ago, a frustrated Suhadolnik sat down in his basement in Concord Township, Ohio, with all of his fraudulent orders and studied them until he started to spot trends. The orders had certain unique characteristics - characteristics he won't divulge for fear of alerting hacker interest.
Based on those trends, he developed a model that instantly assigns a level of risk to each order. If the order falls outside the parameters he has set (for example, the same person has different shipping and billing addresses, or the order is excessively large), it will be delayed and a customer service representative will follow up with a phone call before the order is approved.
In essence, Suhadolnik created his own neural network, a system that intelligently detects potential fraud based on historical data. A number of software companies, such as HNC Software (HNCS), CyberSource and ClearCommerce, provide comparable, customizable neural networks to large retailers to combat credit card fraud.
Despite the popular belief that consumers are gambling by using credit cards on the Net, it is actually the merchants that face the greatest risks.
Just as in the offline world, there are many types of illegal credit card schemes online. Professional hackers generate bogus credit card numbers, people use lost or stolen cards and amateur fraudsters abuse the system to get free goods. Without a physical card or a signature to go on, online orders are inherently more risky.
As a result, credit card companies take a hands-off approach to merchants conducting business in cyberspace. If a thief uses a stolen credit card in the offline world, the credit card companies will settle the bill for the victimized cardholder. In the world of e-commerce, just as in the catalog and telephone order industries, the credit card companies place the burden on the merchants. If a consumer uses stolen card information to place an order for $2,000 worth of consumer electronics at CircuitCity.com, the site takes the loss. But if a thief walks into a Circuit City store and conducts the same transaction with a stolen card, the credit card company will pay the bill.
Few online merchants are willing to speak openly about how much fraud they detect and the methods they use to prevent it. After all, an article about Web sites with fraud problems is an advertisement to hackers looking for easy targets.
As a result, no one in the industry has been able to determine how rampant the problem is. In order to tackle the issue, a group of companies in the electronic commerce industry have formed the Internet Fraud Prevention Advisory Council. Led by charter members HNC Software, Vitessa, CyberCash (CYCHQ), Signio, ShopNow.com and Ebit.net, IFPAC's goal is to educate merchants and reduce the risk of online fraud.
The group hopes to develop a reliable measure of Web fraud, including identifying which industries are most at risk, and to create a list of best practices for merchants. IFPAC's first meeting, in October, drew about 40 participants.
For now, companies are relying on anecdotal figures. Visa USA, for instance, reports that less than 0.1 percent of total online Visa sales are fraudulent, just slightly above Visa USA's overall fraud rate. But a study commissioned by CyberSource revealed that online merchants estimate anywhere from 5 percent to 25 percent of their transactions are fraudulent.
Analysts suspect that a majority of the online fraud occurs outside the U.S., where e-commerce laws have not caught up with the technology, and where addresses and information are more difficult to verify. Ted Iacobuzio, a senior analyst with market research firm the Tower Group, has seen reports that say as much as half of all credit card fraud in Europe occurs online.
Certain
