The online market in the UK is expected to treble in size within the next five years, reaching a staggering £19.2 billion (Source: Verdict). Following the introduction of Chip and PIN cards, many retailers are concerned that this market increase will lead to a growth in cardholder not present (CNP) fraud. Whilst Chip and PIN cards have improved the fraud rate on the high street, the technology to prevent CNP fraud online is still some time away. With some high street banks still months away from the introduction of a card-reader which will generate a one-time PIN number allowing the customer to shop online, what can retailers do to improve their chances of combating Internet fraud? James Vickery, Head of IT at Zendor, provides the following tips for defeating Internet fraudsters.

• ‘Eyeball’ every transaction. One of the most effective methods of combating Internet fraud is to ‘eyeball’ every transaction for obvious abnormalities, for example, unusually high order volumes within one transaction. Although this is not always a cost-effective or practical solution for every retailer, depending on volumes, it acts as the first check-point for any obvious fraudulent transactions.

• Examine each transaction against a predetermined set of business rules. Treat every transaction as a potentially fraudulent order, and do not process any order until it has passed basic tests. Implement a scoring or risk assessment system to evaluate each order, base this upon the size and value of transaction and on the personal details submitted by the consumer.

• Implement your own hot-lists recording details of previously detected fraud. This will enable you to check that the customer has not previously ordered with a different address, that the delivery addresses match the cardholder address and if the address has been the source of previously detected fraud. Ensure that your terms and conditions clearly state why you collect personal information and what will be done with it, so as not to attract the wrath of the Data Protection Registrar.

• Check that the customer name matches or at least links with the email address supplied. If the forename and or surname does not appear in the email address this may indicate a suspicious transaction.

• Check that the address and post-code of the cardholder or delivery address originate within the UK. Unless you’re expecting international orders pay close attention to orders that originate outside the UK. You’re ability for legal or financial redress may be hindered by cross-border transactions.

• Check that the customer phone number has been supplied and is in the correct format. You may decide a mobile contact number is too risky for a high value transaction.

• Check that all card numbers pass a basic ‘LHUN/Modulus 10’ check. All credit card companies use card numbers that comply with a specific formula. Modulus 10 cannot validate the transaction itself but will ensure the card number supplied is at least in a valid format. MOD10 costs nothing, can be obtained easily and can be implemented with a few lines of code. Most e-commerce solutions will typically use some or all of these checks, and all can be implemented at a relatively low cost.

• Third-party verification systems should be used to authenticate information that cannot be checked internally. This information includes address verification, credit verification and payment service provider (PSP) verification.

• Ensure your systems are flexible. If your in-house checks indicate potential fraud contact the consumer by phone to verify the order details. Genuine consumers will answer the phone and will normally appreciate your call, which can only reflect positively on their perception of your customer service.

Online fraud is often cited as a barrier by retailers considering trading online, and with CNP fraud costing UK businesses £150.8 million in 2004 (Source: APACS). The fact is that there are currently no ‘one-stop’ solutions to prevent Internet fraud, but retailers can protect themselves from the vast majority of fraud attemptswith easily implementable anti-fraud tools. Fraudsters will always try to stay one step ahead, so the better understanding you have of fraud, the better chance you stand of detecting it and reducing the risk to your business.

Manchester-based Zendor handles a range of fulfilment services for retailers interested in moving into the distance shopping arena. Zendor’s services include channel development, e-commerce, customer services, logistics and merchandising. For further information please e-mail visit or call 0161 237 4900.

Published on: 12:00AM on 28th October 2005