“If you sell goods or services online, you’re at the mercy of the cloud provider, and someone, somewhere wants to buy your products” Jim O’Brien, Infintech payment processing advisor, explains. “The only reliance you have is that the credit card processor returns an approval code and then you get the money. There’s no guarantee that whoever is using the card is the same person making the purchase.”
Jim should know. His credit card information was hacked last September.
It started with a phone call from his wife, who was asking why $2,200 was missing from their bank account.
“I went online and saw a transaction from this hotel in South Beach. I’d never heard of it,” Jim recalls. “I look them up and it’s a boutique hotel.”
Jim called the hotel to ask why his bank account was hit with a $2,200 transaction. “They responded with, ‘Well, you’re here now in the hotel.’
But Jim was in Cincinnati.
“Tell me how this happened. Send me the reservation,” Jim followed up. The address associated with the credit card provided didn’t match Jim’s. The receptionist explained that their hotel uses an online reservation system. This particular reservation was taken in Europe.
That’s when Jim asked how they verified his identity.
The other end of the phone went silent. The hotel didn’t take any precautionary measures to verify that the identity of the person checking in matched the person associated with the credit card. They sent the money back immediately.
“That happens to a lot of people,” Jim points out.
How Can eCommerce Merchants Protect Themselves?
In Jim’s situation, one of the first things that tipped him off was how the address provided in the reservation didn’t match his own. That’s where address verification (AVS) and security codes come into play. eCommerce merchants should implement a payment solution that uses AVS and requires that the buyer enter the security code located on the back of the credit card.
This way, if the credit card information was “skimmed,” the fraudster wouldn’t be able to enter the address or security code associated with the credit card. The transaction would never go through.