Understanding Ecommerce Merchant Account Risk Types

Merchant Warehouse |

December 7, 2010

Transactions that are processed fraudulently, as well as security breaches that allow a customer’s personal account information to be stolen, cost billions of dollars per year for e-commerce and telephone order establishments. This makes it extremely important that these industries understand the risks associated with doing business online (“in the virtual realm”).

If your business is one that conducts its transactions in a “card not present” environment, you should develop a policy among your staff, and develop an internal process to address the potential risks. Training your staff to implement the policies is critically important, for there a number of different risks and criminals can be very inventive.

Major Risk Areas

Many transactions are conducted fraudulently. Fraud that occurs over the Internet can happen even more frequently than other types. These are the typical occurrences:

  • A customer purchases product with a stolen credit or debit card
  • A customer’s family member uses the card without prior authorization
  • A shipment is received by a customer but he/she claims it was not received
  • A hacker may break into the database in order to issue a payment to themselves with the e-commerce merchant’s card payment system

Theft is also committed online in order to obtain a cardholder’s personal information. There are several ways for criminals to accomplish this and they have shown themselves quite adept at accessing personal payment card data. For instance, a hacker can intercept the card account data during payment processing (as it is transmitted to or from the merchant). In fact, merchant account data that is inadequately secured, and is accessible onsite or online, allows for merchant account provider’s payments to be stolen from them.

Card account theft is also done on physical sites, such as business offices or even processing data centers. There are a number of possibilities in which data can be stolen from a physical data center, including:

  • Account data stolen by an outsider from the merchant account provider’s site and then used for the thief’s purposes
  • Theft of account data by a provider’s employee and then used or sold
  • Shredded information is stolen by a the company that does the actual shredding or by an employee of a garbage company


“Normal” Business Risks

There are also risks and losses that are similar to those of any other kind of business, both online and offline. Chargebacks are always a risk, certainly, and there are various reasons for an unacceptable level of them:

  • The product or service is not as described in the promotional material or website
  • The customer receives the billing before the goods are shipped or the services provided
  • The cancellation of an order was misunderstood, which often occurs when a recurring payment plan takes place or when the product is quickly returned
  • The customer receives a bill for the same transaction twice or the bill shows an incorrect payment amount
  • The charging party’s name on the statement is not recognized by the customer and is then deemed a fraudulent charge
  • The credit or debit card of the customer was used without prior authorization


Know Which is Which

Some of these risks are outside of the merchant’s control, and no matter what steps they take, there will always be thievery and dishonesty. However, defensive steps can and must be taken, and there is much good advice to be had from reputable account providers and others, that will help you considerably in this effort. And be aware that, in a “card not present” environment, fraud is usually committed in order to obtain high-priced goods that can be easily resold, e.g., electronics, computers, jewelry, etc.

Other risk areas can be managed by the merchant and the employees. By reducing processing errors and improving customer service, businesses can keep chargebacks, returns and billing errors to a minimum. Not all risk is manageable, but it can be defended against and reduced through good, basic business practices. Knowing what areas you can affect, and which you can’t, will save you from wasting time and maximize the savings that can actually achieve.