Building successful businesses online.
Home > Website Administration Articles > Is Your Shopping Cart Secure?
Is Your Shopping Cart Secure?
By Christopher Saunders
July 21, 2004
As the numbers grow of consumers shopping online, so does the problem of fraud.
Fortunately, major players in banking, processing and transactions have been evolving new regulations and policies to deal with the issue -- but now, the onus is on merchants to make sure their software providers are up to speed with their latest.
Today, we're taking a look at one of the critical behind-the-scenes names in this effort, Austin-based ClearCommerce. The company is one of the top names in providing fraud prevention and payment processing solutions for online sellers, and its technology services more than 80,000 businesses internationally.
Chiefly, the firm's solutions center around ensuring that automated, customer-not-present commerce transactions aren't potentially fraudulent. That's been a growing concern, as electronic commerce and call center fraud has become increasingly prevalent.
"One of the benefits [of e-commerce] is automation, but it's also one of the risk factors," said Daniele Micci-Barreca, ClearCommerce's director of fraud solutions. "There's so much automation and so much traffic that no one's looking at any particular order, no one's analyzing the patterns and looking for suspicious patterns."
"Merchants don't realize a fraud happened until they get a chargeback, which is typically 30 to 40 days later," he added.
But most small merchants might not ever hear about ClearCommerce. That's because for smaller online sellers, they're becoming increasingly likely to use a shopping cart that resells and integrates with ClearCommerce's solutions.
That's fortunate, because sending transactions through a solution like ClearCommerce also does more than simply increasing merchants' anti-fraud protections.
In May, the company announced a deal with LaGarde, makers of the popular StoreFront shopping cart solution, to support ClearCommerce's new Hardened Commerce initiative. That initiative offers a payment processing service certified by the major card associations' security initiative: MasterCard's Site Data Protection Program (SDP) and Visa's Cardholder Information Security Program (CISP, which includes the "Verified by Visa" program, or VbV).
Programs like Hardened Commerce are important for online sellers since the Visa and MasterCard programs can make e-tailers -- as the closest link to consumers in the credit card process -- potentially responsible for bearing fraud liability.
Unless, that is, they implemented certified infrastructure like ClearCommerce.
"The merchant is liable for losses related to fraud, so they are in the need to being able to screen and identify transactions," Micci-Barreca said.
Because of its close relations with shopping cart vendors like LaGarde, and direct work with a number of banks and retailers, ClearCommerce's position gives it an advantage over the payment networks in screening automated transactions -- such as those common for sellers with significant volume -- for suspicious activity.
"There's very little data that flows through [the networks]. They don't know if a transaction is coming from the Internet or a call center, or a purchase in a retail store. That makes it difficult for them to find fraud. We help merchants identify fraud by leveraging all the rich data we're seeing."
ClearCommerce does its magic by receiving information on what shoppers are buying, where items are being shipped, which IP addresses are attached to those purchases, and whether there are historical patterns associated with the credit card or the customer. Additionally, the company's software enables merchants to enter "white list" customer records -- for instance, for repeat customers -- and to allow risk managers to tweak settings and apply special rules.
"What's unique about our approach is there's these different tools layered together, and coordinated with rule weighting," said Katherine Hutchison, the company's vice president of marketing.
ClearCommerce also works hand-in-hand with its largest retail users, who contribute data to the company to better detect and combat fraud, she added.
"Unfortunately, there is no silver bullet to screening for fraud," Micci-Barreca said. "But this is the beginning of a multi-layer solution that leverages off of different transactions."
Providing a flexible, multi-tiered solution for fraud-hunting also helps to avoid another problem that a merchant might encounter -- that of being too aggressive, which can happen with one-size-fits-all anti-fraud solutions.
"They really don't want to insult a good customer," Hutchison said. "The idea of turning away an order form potentially long-term customer, that's known in the industry as insult. You don't want to insult a customer. That's one of the areas that being able accurately pinpoint fraud ... without running the risk of insulting a potentially good customer."
In addition to LaGarde, Hutchison said that a handful of other shopping cart vendors could be supporting Hardened Commerce shortly.
"A couple of others are in the process of completing the security integration requirement we laid out for them," she said. But she added that smaller shopping cart vendors also "need to realize they need to make pretty serious engineering changes."
As a result, the bottom line for merchants is that they need to ensure their e-commerce shopping cart and payment processing system aren't just good at fighting fraud, but that they are (or will be) compliant with Visa and MasterCard's new requirements.
Source: Ecommerce-Guide.com
