Like most businesses, my training company accepts credit cards for payment for book orders and classroom presentations. Over the past 10 years or so I’ve processed hundreds of credit cards with nary a glitch or bobble; process the credit card and the money is in my account the next day.

In the past I only needed the credit card number and expiration date to process a payment, which my customers would enter into my secure website shopping cart. Recently my credit card processor changed its requirements and now I must include the card verification code (CVC), which is usually located on the back of a Visa or MasterCard or the front of an American Express card. The processor also now requires the billing street address before processing a credit card payment.

Credit card fraud is a multi-billion dollar industry with thieves from all over the world using the Internet to buy goods with fraudulent credit card numbers. Another active fraud area is debit and ATM cards. In a recent case the Bank of Scotland had $9 million looted from ATMs all over the world in a matter of days by an ATM fraud ring. So increasing the level of security for Internet credit card transactions makes all the sense in the world.

Last fall I received an e-mail from a potential customer in Sydney, Australia who wanted me to ship 40 copies of my books to him. I returned the e-mail, informed him of the cost for the books and told him it would take a week or two to get the order together, as I did not have that quantity on hand. He said to let him know when the order was ready and he would provide his credit card information.

After getting the books in stock, I e-mailed the client and told him the cost for the books and shipment to Australia. He provided me with all of the information from his credit card, including the CVC and street address. I thought this transaction smelled funny, but I put it through my credit card processor and to my surprise the transaction was approved.

Upon e-mailing the customer with the news that his credit card was approved, suddenly the game took an unusual turn. He sent me a message that he had a specific freight-forwarding company he used, and that they would contact me regarding the details of picking up the box of books and sending them to Australia.

Then I began to get e-mails from a “Tanya Smith,” who said she worked for the “Top Courier” company of South Carolina. She said that I was to take $760 in cash to a Western Union office and wire the money to a “James Smith.” Once the money was received they would get back to me as to when they would pick up the box.

Now, I’m no fool, and we all know that wiring cash to persons unknown to you is a guaranteed ripoff. But I was perplexed as I had processed the “buyer’s” credit card for $2,000 U.S. (cost of the books) plus the freight costs. I figured I was ahead even if it was a fraud, as I had received the payment through the credit card.
I spent a couple of days thinking this over, while the buyer and Tanya continued to e-mail me as to when I was going to transfer the money. I decided to check the freight company out and found nothing — no Google hits, no Dun & Bradstreet information, nothing. So that company is obviously bogus.

Then I called my credit card processor and spoke to the fraud department. After giving them the details of the transaction, the bank issuing the card said that the card number and CVC were legitimate; however, the name provided was not the correct name for that card. The bank said they were stopping transactions on that number and would notify the true cardholder. I was instructed to issue a credit for the full amount via my card processor, effectively deleting the transaction.
What I found most interesting and critically important is that when I asked the credit card processor what would have happened had I let the card transaction stand. They said that once the bank that had issued the card found out about the fraud they would have “clawed back” the total amount from my bank account, and that such “claw backs” can be performed up to six months after a transaction has been completed.

Remember that the credit card number given had passed the initial transaction, and my processor had provided an authorization number. I had always assumed that once I had properly run the credit card number and received the authorization, the amount I had charged was now cash in my account. I was wrong, and learned some valuable lessons.

Don’t be a victim of credit card fraud. Always ask to see the actual card (if possible), and verify the card number and CVC. Have the customer fax you the front and back of the credit card if you suspect a problem. Process all credit cards promptly, and if you suspect any fraud, speak to your processor and have the card and transaction double-checked, particularly if it’s for a large amount. And understand that if you end up accepting a fraudulent credit card, the issuing bank can take the money back up to six months after the transaction, and the fraudster is long gone.

Anyone want to buy some books, already packaged for overseas shipment?
 

Book of the Month

Fatal System Error, by Joseph Menn. This is a real eye-opening book, recording the efforts to track down and prosecute Internet credit card scammers and the operators of the millions of computers on the Internet that have been turned into “bots,” spewing spam and Denial of Service attacks. This book is truly frightening, and it will make you think long and hard about the security of your personal data that resides on the Internet.

ESNT Training on Disk

The Electronic Security Networking Technician (ESNT) is certification of network knowledge specifically designed for the electronic security industry. Administered by the ETA (Electronic Technicians Association), the ESNT program trains technicians in all facets of the connection and programming of IP-enabled CCTV cameras and other security devices. To make the program more accessible, we have recorded the entire lecture portion of the training onto a single disk, which can be viewed on your PC, along with sample tests and detailed answers for each of the nine lecture sections. After completing the viewing of these lectures, students can register to take a sample ESNT test at our website, and then attend a one-day, hands-on training lab where they are taught network programming and troubleshooting and the written ESNT test is administered. Check our website at www.slaytonsolutionsltd.com to obtain the disk and see where the one-day ESNT certification classes will be held in your area.