A "How-To" Guide for Online Gaming Companies:
Reducing Credit Card Fraud
You've set up an online gaming business. Great choice.
Legal and marketing issues are dealt with, your merchant
account for accepting online payments is active, and the
creation of a state-of-the-art, eye-popping Web site to
house your new company is complete. Now, you're just
waiting for the flood of cash that this new and lucrative
industry is going to provide.
Beware! There is a dark side to the phenomenal success
of the online gaming industry, an industry in which you
are dealing exclusively with unseen customers. It is a
unique and anonymous environment that, by its nature,
encourages credit card fraud. Have you considered the
very real threat that this poses to your new venture?
Although other methods of taking electronic payments
for online gaming services are available, the vast
majority of your customers are going to want to use
a credit card - still the most popular form of payment
for online goods and services, including online gaming.
There are more than 365 million bank credit cards in
use in the United States today. About $200 billion of
business, over 15% of all credit card transaction
volume, is conducted every year in online transactions
between a merchant and a customer who never see each
other - and that figure will grow by as much as 30%
per year in the next few years. By the year 2010, as
much as 55% of all credit card transaction volume will
be conducted online and in other nonstore venues. The
bottom line is that, if you want to stand a chance of
survival in the industry, you have to accept credit
card payments. In doing so, however, you open yourself
up to the higher-than-usual risk of fraud posed by these
"non-face-to-face" or "card-not-present" transactions.
And, in spite of some encouraging preliminary statistics,
credit card fraud is a very real threat to your business
that should be taken seriously. Few factors have a
more negative impact on the viability of any online
gaming company. It can quickly sink a business struggling
on the verge of success and keep even the most successful
online gaming companies bogged down and performing sluggishly.
Actually, the benefits of controlling credit card fraud
are twofold. The immediate benefit is the corresponding
reduction in chargebacks and credits - a constant concern
for anyone conducting non-face-to-face credit card
transactions. Less obvious is the fact that a large
segment of the general public is still reluctant to
provide credit card information online. If a potential
customer knows that you have systems in place to assure
the integrity of the private information they provide,
you are much more likely to end up with a sale where
you would have only had a curious visitor.
From the time that non-face-to-face credit card
transactions became commonplace about fifteen years ago,
the industries relying primarily on these types of
transactions have been developing technology to reduce
the risk of fraud. Primitive and ultimately insufficient
measures such as simple bank verification and screening
through negative databases gave way to more effective
proprietary systems like Secure Socket Layers (SSL),
Password Verification, Address Lockout, Hacker Alerts
and Velocity Controls.
Recently, encryption has been the gold standard in
preventing theft of private credit card information.
Encryption is a system of scrambling electronic data
signals sent across cyberspace, much like military
coding of sensitive information. Today it is common
practice to use several different layers of encryption
on all personal information. Firewalls have also been
popular with merchants for this purpose.
In the last few years, the major credit card companies
have gotten directly involved in the development of some
of the most promising technologies for stopping would-be
cyberspace criminals dead in their tracks.
One of the most sophisticated fraud prevention
technologies currently available today is the Address
Verification System (AVS). As the name implies, AVS
confirms the address of any potential customer. AVS
automatically compares the customer billing address
provided with each attempted transaction against the
statement billing address on file with the card issuer.
This gives the merchant an extra measure of assurance
that the unseen customer is the legitimate cardholder.
For more information on installing and using the AVS
system, you should contact your acquirer.
But, the best is still to come. Years of cooperative
development by both VISA International and MasterCard,
with help from companies like Microsoft, IBM and Netscape,
has resulted in the Secure Electronic Transaction (SET)
system. SET will be an industry-wide, standard transaction
security protocol employing new technologies that call
for both the online merchant and the would-be consumer
to use digital certificates and electronic wallets to
mutually verify their identities. SET will also encrypt
all online credit card transactions with advanced,
airtight RSA Cryptography, a complicated and mathematically
interrelated system of Private Key and Public Key
pairings. When in place industry-wide, SET will provide
the highest level of security for online merchants ever
seen. The big question now is, "When WILL it be in place?"
The latest word is that SETCo, the organization set up
to oversee the SET standard, will award its first wave
of SET Mark seals this month. However, industry experts
predict that it will take at least another year before
SET becomes a part of the industry infrastructure and a
uniform way of doing business for all online consumers,
online merchants and issuing banks. The current conventional
wisdom is that critical mass for SET will be reached sometime
after the year 2000. Merchants can find more information
about getting SET at www.setco.com. The reality is that
as non-face-to-face credit card transactions become more
commonplace, they will also become more attractive to
criminals and scam artists. Credit card fraud has always
been an issue to contend with in the online gaming industry,
and it is highly unlikely that it will ever completely go
away. As a merchant in the industry, and therefore a
representative of the industry, you have an obligation to
remain rigorous in your anti-fraud efforts and to ensure
that your customers are able to conduct their transactions
safely. By leveraging the latest technologies, you can
retain the upper hand in this ongoing battle. Yes. Credit
card fraud IS a problem. But, today it is also preventable,
controllable and reducible to near non-existent levels.
Next Issue: Velocity Controls
Christine Bednar is a partner at Signature Card Services
, (213) 930-0050. Signature Card has assisted several online gaming clients obtain merchant accounts using Ecash and is available to answer questions regarding your online business.