(Ping! Zine Web Hosting Magazine) – Vacations just got more stressful following the most recent hotel security breach in a list of such events during the past 12 months. Mandarin Oriental Hotel Group, an upscale hospitality chain with properties in Boston, Miami, New York, Washington D.C., Las Vegas, and other popular tourist destinations, both in the U.S. and abroad, admitted in a statement on March 5 that credit card systems in several of its U.S. and European properties were accessed without authorization.
Unlike other recent security breaches, such as that in 2014 at White Lodging, and the possible 2015 breachstill under investigation, the stolen cards at Mandarin Oriental are likely to have very high or no credit limits due to the hotel’s wealthy clientele, making them extremely valuable on the black market. E-commerce businesses are the most likely to be hit by these contraband cards, due to the increased ease of use and anonymity provided by an online environment.
How can online businesses prepare?
E-Commerce recommends 5 strategies to increase these companies’ security during the next couple months. While all of these steps should be common elements of an offensive fraud-reduction plan, increased vigilance, more checks, and an insistence on following each of these steps every time can transform an average level of vigilance into an iron wall.
- Check orders by hand before submitting them for processing
This is perhaps the most difficult and least-practiced of all the fraud-prevention techniques because automatically processing orders is so convenient and manually checking and submitting them is so tedious. However, there is no substitute for human review. Merchants should check their orders for abnormal activity or suspicious trends, such as a large number of orders made with the same credit card, a single order made with a large number of credit cards, multiple users with the same credit card, and orders for an abnormally large number of high-priced or easily-resold merchandise.
- Amp up credit card security checks
Merchants should never accept a credit card without requiring the CVV/CVC, which is the three-digit code on the back of Visa, MasterCard, and Discover cards or the four-digit code on the front of American Express cards. They should also consider locking orders after the credit card has failed more than three or four times, and call the credit card company when in doubt whether a card is valid or not.
- Double-check the user’s address, phone number, and e-mail address
AVS (address verification service) software compares the billing address provided by the customer to that on file with the bank. Such software is a basic part of any fraud-prevention program, but during high-risk times it is vital to compare every card every time and to accept nothing less than a full match without calling the bank to verify the card. In addition to verifying the address, merchants should check the phone number’s area code to make sure it’s valid within the given zip code and beware of free e-mail addresses, as fraudsters much more commonly use these accounts than paid services. It’s important to note that free e-mail services and a zip code-area code mismatches are not necessarily indicative of fraud, but are worth further investigation and heightened vigilance.
- Monitor IP addresses on every order
E-merchants should always compare the location of the IP address on the ordering computer with the location where the card was issued. Foreign IPs using an out-of-country credit card – especially high-risk countries such as Indonesia and Nigeria – should be cause for further investigation.
- Identify proxy servers
Fraudsters often take great pains to hide their identities and make themselves untraceable behind proxy servers. By using software to detect such servers, merchants can often identify fraud before it happens.
- Refuse to ship to untraceable addresses
P.O. Boxes, public rented mailboxes, and drop ship companies are frequently used by fraudsters to hide their identity while providing them a way to receive their merchandise. It’s a good practice for merchants to avoid shipping to such addresses unless they can prove its legitimacy (for example, some large companies use P.O. Boxes). During times of heightened risk, it is often better not to ship to these addresses at all.
By doubling down on these fraud-prevention techniques, internet-based businesses can craft an aggressive and pro-active approach to preventing fraud and the chargebacks that follow. Fraudsters are usually looking for a quick and easy target, so by making it difficult for them to use their stolen cards, these businesses put themselves and their customers in a much safer position – a win for everyone except those intent on fraud.
About E-Commerce 4 IM:
E-Commerce 4 IM offers credit card processing, web marketing, SSL certificates, and hosting for online merchants. They specialize in helping high-risk vendors, such as nutraceutical, weight loss supplement, e-cigarette, and multi-level marketing vendors, obtain credit card processing solutions that meet their business needs.