Vendor Beware: Online Merchants Paying the Price of Credit-Card Fraud

How does a thief know if he’s got a credit card that works? He asks a merchant. And more than ever, thieves are going online to do it, causing headaches for Internet retailers and costing them money.

Newport Beach-based @Brain.com sells its software, which measures and is claimed to enhance one’s intelligence, online, with customers inputting their credit-card numbers to purchase it. Once the credit card has been approved, @Brain.com e-mails the customer the address of a Web site at which software can be downloaded.

However, @Brain.com vice president Les Sinclair said that for more than a year, people have been using his Web site to test whether they have a good credit card, so that the cards can then be sold on the black market.

When the true holder of the credit card sees a charge from @Brain.com, he or she generally either calls @Brain.com or the credit-card company. In either case, @Brain.com reimburses the credit-card holder and pays the $15 penalty the credit-card company charges.

“I’ve been pulling my hair out trying to get to the bottom of this,” Sinclair said. The company receives four or five fraudulent charges every day, he said.

The perpetrators use false e-mail addresses and never give identifying information about themselves, making them difficult to track.

“It’s still the Wild West in some ways,” Sinclair said.

Originally, the concern about selling products over the Internet was that credit-card numbers might be stolen as they are transmitted between the customer and the vendor.

That has turned out to be an unfounded fear, however, and the focus has turned to the fraud threat faced by vendors. One out of five attempts at online purchases of downloadable software involves fraudulent credit-card use, industry experts said.

Digital River, an Eden Prairie, Minn., company that specializes in hosting stores for downloads of software and other digital products, uses a database of patterns and profiles of fraudulent charges to screen out the dishonest.

Computerized screening of charges has two dangers: Make them too strict and you turn off legitimate customers who may be too pestered to call in to provide verification; make them too loose and your accounting department has to deal with the false charges.

When Digital River’s system rejects legitimate purchase requests, customers receive a screen asking that they call the company. Of course, that partially defeats the purpose of electronic commerce, by increasing customer service and sales costs and inconveniencing the customer.

“Both sides are really hurt because you have worked so hard to get the legitimate customer and now they’re mad,” said Kelly Wical, chief technology officer at Digital River, who says the company has reduced fraudulent charges to less than 1.5% of total purchases.

*

Jonathan Gaw covers technology and electronic commerce for The Times. He can be reached at (714) 966-7818 and at jonathan.gaw@latimes.com.