This Fall, MarketingSherpa was hit with a wave of PDF buyers using card numbers that didn't belong to them. We refunded the accounts immediately, and even began to block some sales if they came from certain countries. But, we didn't really worry.
What's the big deal about someone stealing a PDF, or an eBook, or even access to a subscription site when there's little or no "cost" on your end for fulfillment? It's not like the thief took something that you'll have to pay to ship, and then pay to replace.
Then we learned better. Online fraud can decimate an econtent seller's business. We interviewed Jeff Foster, EVP at Retail Decisions (whose clients include RealNetworks) to find out what the risks are, and how to avoid them.
-> Beware Visa's Global Monitoring Program
If you are an online merchant with perhaps 10k transactions or more per month (number of total charges, not dollars) and your chargeback rate is over 1% or so, Visa may enter your account into their Global Monitoring Program. The Program penalties are stiff -- as much as $100k per month plus $15-20 fine per chargeback transaction.
And, it's not just Visa, the other cards have similar programs.
They've got good reason to. Processing chargebacks isn't cheap. The card providers have to deal with the customer service, produce and mail you paperwork, and process it when it returns. In fact, the costs can run high enough that Visa starts losing money on processing your charges.
Helpful fix: Most sites insist on address verification filters (note: these don't work for outside US charges) and others require the card's security code (found on the back if Visa/MC or on the front if Amex) also be entered.
You have to ask your customer to personally re-enter that code whenever their card is charged. Which is why most auto-charge subscription sites don't bother with it. But at the very least you can cut down on fraud and resulting chargebacks by requiring it for the first order.
-> Beware trial offer pre-authorizations
If you're running a typical trial offer for site subscriptions, your system probably pre-authorizes all new trials for a buck just to make sure the card is a good one before you allow site access.
Problem is, scam artists know this. Some of them buy lists of card numbers or create them using generator software. Then they run the numbers against your system trying to find out which cards are good ones. They may use the good cards for purchases elsewhere, or sell the now-proven list on to another scammer.
Why do you care? Pre-authorizations cost you money. It's not a lot of money - perhaps a dime a piece. But, many scammers have software that can plug into your system to test thousands of numbers. That dime adds up when it’s say, 14,000 false pre-authorizations per afternoon.
Helpful fix: Some sites refuse to pre-authorize for new accounts using non-paid email addresses. Others wait to see if the email is good prior to authorizing.
-> Sites selling globally are at most risk
Unlike hard goods merchants, most econtent sellers allow anyone in the world to purchase. Why not? You're not worried about shipping.
This means you'll be targeted by scam artists in other countries.
Helpful fix: Some econtent sites have turned off global sales altogether. Others refuse orders from countries with a known higher chargeback rate, such as some African and South American nations.
-> Don't risk-manage yourself out of business
According to Foster, "Mastercard did a study 18 months ago interviewing merchants handling risk management on their own. These merchants were declining almost 20% of transactions on perceived fraud."
How much fraud is there? "Visa says it's .7% of charges, everyone else says it's 1-2% of charges."
There are companies that specialize in helping you (Foster's is one of them), and you can also invest in having a staffer attend Merchant Risk Council meetings to be educated.
The annual Merchant Risk Council meeting is Feb 18-19th in New York. http://www.merchantfraudsquad.com/