Wednesday, June 2, 2010

Credit Card Fraud from a Merchant's Point of View

A couple of weeks ago I received an email from a woman in Australia regarding making a wholesale purchase of Baby Dipper bowls. Well, at least I think it was a woman and I think she(?) was in Australia. Over the last two weeks, this person, whom we shall call Nancy (named changed to protect the unlikely-to-be-innocent), proceeded to bombard me with demanding emails, leading me to figure out that she probably isn't a legitimate buyer, but rather a scammer trying to trick small businesses.

The first email, entitled simply "Order." (period included) was sent directly to my personal email account at Baby Dipper. Odd, but not so difficult to guess, considering that it, like so many others is firstname@company.com. Normally new inquiries either come in through the form on the Baby Dipper web site or to info@babydipper.com. In the first email, I was given a company name and a shipping address in Australia. She inquired where she could view my products. Even this first email made me wonder. Clearly Nancy did not know that I only have one product, not productS to offer (as of now) and had not seen the web site view the product.

So, in short order, I responded by answering her questions and sent along information about wholesale pricing for international orders. I also made a point of asking Nancy for more information about her company, including a link to their web site.

Well, the next email I received from Nancy had a title of "GET BCAK TO ME NOW" (her typo). Again, odd, but in the email was a polite order for a good size quantity of Baby Dipper bowls. She advised me that she's had "difficulties when it comes to getting orders to my address here in Australia," so she requested that I contact the shipping company in the United Kingdom that she's used in the past and gave me her customer ID number. I, in turn, emailed the address she gave me and asked for a shipping estimate for the shipment of Baby Dipper bowls from China (where I have some inventory stored) to Australia. I responded to Nancy's email letting her know that I had sent an email to the shipping company and asked her again for a link to her company's web site.

The next day I received an email back from a man(?) at the shipping company with an estimate of the shipping fee. He informed me that his company had made a shipment to a man in Australia in the past and that this shipment would not be a problem. He went on to tell me that pick up would be made by their agent in the states (UM, our inventory for this shipment is in China!). He continued on that the shipping company only accepts payment via WESTER UNION MONEY TRANSFER (his typo). I sent the quote back to Nancy and waited for a response.

"PROCESS IT NOW" screamed the title of the email that followed from Nancy. Alrighty then. In this email she gave me a credit card number (a Visa card) with the expiration date and CVV number as well as the billing address, which was in California. She asked me to charge "her" credit card for the total product and shipping cost plus the $100 Western Union fee. Oh, and she was "waiting online" to read back from me concerning the payment.

OK. Stop there. Yes, I would like to have a retailer in Australia, especially one who will start with an order of this size, but I'm no dummy. I had been updating my husband on all of these emails and we were already suspicious of this "buyer." I emailed her back to let her know I was working on determining the proper way to process the payment. This was at 1:43 pm.

My next step was to do some sleuthing to see if I could figure out if Nancy was a legitimate buyer or not. The first thing I did was call Visa's World Customer Service Center to inquire about the credit card number she gave me. At that number I was able to verify that the street number and zip code she had given me in California were indeed the correct ones for that credit card number. I was also able to get a phone number for the issuing bank, so I jotted that down and promptly made a call to Chase to investigate further.

In the mean time, my diligent husband was also researching and sent me this link about merchant liability and credit card fraud. The phrase he highlighted for me was "the liability for fraud lies on the merchant, not the credit card company." Enough said. I am not going to accept a credit card that is even remotely suspicious, especially for a bill of this size.

We also researched the shipping company and couldn't find anything about it online. Plus, the email address for it is at a generic email address, like a Hotmail account. Oh, and the company whose Australian shipping address Nancy gave me turned out to be a manufacturer of products for the concrete industry. Hmmmmm.....

The first agent I spoke with at Chase informed me that Nancy's name did not match the name on file for the credit card. Ding ding ding! I also asked about the man's name the shipping company had mentioned they had shipped to in Australia. No luck there either. He did verify that the complete street address was correct, but agreed with me that if the name doesn't match, it's a no-go and then transferred me to the fraud department at Chase. The agent in the fraud department was very nice and very well-spoken. He took notes on everything I've detailed in this post and thanked me profusely for taking my time to report this suspected fraud, telling me that he was placing a hold on the account and would contact the true cardholder.

A hold on the account. That's what I told Nancy after she emailed me at 4:04 pm, 12:44 am, 7:01 am, 7:07 am, and 7:08 am. I told her that "my accountant has placed a hold on this transaction for security reasons." I noted that I would let her know if or when anything changed, which hasn't happened. That has not, however, stopped Nancy from emailing me seven more times demanding ("GET BACK TO ME NOW") that I let her know if the shipper has been paid via Western Union.

I haven't responded to those last seven emails and I will not respond no matter how many times she sends me emails with titles in ALL CAPS. The whole experience has been very interesting. I am still relatively new to being someone who accepts credit card payments, rather than just using credit cards to make payments. That does not mean that I'm a fool who can be easily persuaded to process illegitimate charges. I did spend a fair amount of time on this issue, but I feel good about the whole thing knowing that I most likely saved the true credit card holder from more headaches than these scammers (Nancy and the purported "shipping agent," who are likely working together) have already caused. I would hope that if my credit card account were hacked that some other honest person would do the same for me. Consumers need to remember that in the case of credit card fraud, it is not the credit card company, but the merchant who is left holding the bag. If a retailer asks you for ID or other identifying information when making a purchase by credit card, please know that they are being wise and are protecting credit card holders at large by doing so.

3 comments:

Mommy Attorney said...

Way to catch this. I didn't realize it was the merchant holding the bag in CC fraud, because I'd never thought about it, but it makes sense. Scammers make me so mad.

EasyLunchboxes (Kelly Lester) said...

Brilliant Barbara!!! You and Hans are quite a team and it's really helpful that you shared this story with everyone. The first couple of steps seemed reasonable, but after that, you were so right to be suspicious, although I'm sure many people (me?) may not have started questioning things as you so smartly did!!! Very frustrating how much time you obviously had to waste on this, but bravo to you for stopping this thief in her(?) tracks. Gig's up 'Nancy'! HA!

merchant account said...

Merchant are taking necessary actions to protect their business as well as their consumers create a smaller room for identity thieves to exist. Credit card fraud indeed has monstrous effects.