E-commerce fraud and prevention technique

Bangladesh is gradually moving towards e-commerce market. The central bank gave permission to financial institutions in November 2009, so that banks could act as e-commerce payment gatewayprocessor. This has given an enormous opportunity to companies who wish to go for potential e-commerce market and make them global. Banks like BRAC Bank and Dutch-Bangla bank have put in plan infrastructure to act as payment processor. However, the absence of experienced delivery service-provider, and inadequate knowledge on e-commerce fraud and related prevention remain the main barriers to retailers to explore this marketing channel. To put in simple terms, performing payment using internet is known e-paymente-commerce. Customers can go to a web site, select service or product and make payment using card number and other credentials. Goodsservices get delivered once payment is done. As e-commerce takes place over internet, there are risks about its becoming a seriously fraudulent channel if necessary protection and awareness are not through. Credit card or debit card numbers and details are the main components for a customer to access e-commerce payment systems. Card fraud mainly takes place once cards data or the card itself goes to wrong hand. Total e-commerce fraud loss for retailers in the USA was US$ 2.7 billion in 2010, according to Cyber Source. On an average, approximately 5.0 per cent of overall e-commerce transactions fall under fraud as the statistics shows. Most of the fraud takes place using the common factors which has learnt from the experiences of already matured markets. The factors are: Different card and delivery addresses; use of free e-mail address; fastexpress delivery; best expensive possible order; repeated order attempt of order. Effective fraud management techniques for service-providers or retailers should be taken into consideration to prevent more than 90 per cent fraud of e-commerce. Some of the easy ways to implement are: Use commonsense: Take some extra time to review order, read carefully and use your common sense to understand all information that are provided by users, are correct. If you feel suspicious, do not process the order and wait until next day. When a card is stolen in an average it gets deactivated by next day. Address verification: Most of the payment gatewaycard issuer provide address verification; confirm billing address, delivery address and contact address have synergy or similarity. Matching addresses are a great technique to prevent fraud. If you see a billing address is the USA and delivery address is Indonesia, you can considerpark it as fraud transaction for further review. Free e-mail address: Do not entertain request coming from free e-mail address line gmailhotmail. Most of the fraud requests get generated from these free e-mail requests. Any internet service provider (ISP) driven e-mail addresscorporate e-mail address is easy to trace if any cases lodged by any card owner. Contact customercard owner: Contact with the card owner via SMSe-mail or any means to be sure about the e-commerce order before delivery. This is the most effective way to prevent fraud. If required the merchants can contact with issuing bank which can connect a merchant to a card owner. The internet protocol (IP) Address and bank identification number (BIN) matching: Store the IP address from where request came. This can be used to match the location of the card issued and user making the order from. The region of card BIN and IP address can be matched to identify any fraud. As a customer if your card is e-commerce enabled, you should not share your plastic card to others, because card number, card verification value (CVV) number and expiry date are enough to make a fraud transaction using internet payment portals. However, for going forward with a technically proven solution, the issuing bank has to be triple data encryption standard (DES) compliant. This will force card holders to use passwords along with card details for e-commerce transactions. Like any sophisticated solution, implementation of 3DES is expensive for card issuing banksauthorities and none of the issuer in Bangladesh is 3DES compliant as of now. The writer is Senior Vice President of BRAC Bank. He can be reached at email: mamunseraji@gmail.com