An Ounce of Prevention is Worth a Pound of Cure

7 April 1998

A "How-To" Guide for Online Gaming Companies:
Reducing Credit Card Fraud

You've set up an online gaming business. Great choice. Legal and marketing issues are dealt with, your merchant account for accepting online payments is active, and the creation of a state-of-the-art, eye-popping Web site to house your new company is complete. Now, you're just waiting for the flood of cash that this new and lucrative industry is going to provide.

Beware! There is a dark side to the phenomenal success of the online gaming industry, an industry in which you are dealing exclusively with unseen customers. It is a unique and anonymous environment that, by its nature, encourages credit card fraud. Have you considered the very real threat that this poses to your new venture?

Although other methods of taking electronic payments for online gaming services are available, the vast majority of your customers are going to want to use a credit card - still the most popular form of payment for online goods and services, including online gaming. There are more than 365 million bank credit cards in use in the United States today. About $200 billion of business, over 15% of all credit card transaction volume, is conducted every year in online transactions between a merchant and a customer who never see each other - and that figure will grow by as much as 30% per year in the next few years. By the year 2010, as much as 55% of all credit card transaction volume will be conducted online and in other nonstore venues. The bottom line is that, if you want to stand a chance of survival in the industry, you have to accept credit card payments. In doing so, however, you open yourself up to the higher-than-usual risk of fraud posed by these "non-face-to-face" or "card-not-present" transactions.

And, in spite of some encouraging preliminary statistics, credit card fraud is a very real threat to your business that should be taken seriously. Few factors have a more negative impact on the viability of any online gaming company. It can quickly sink a business struggling on the verge of success and keep even the most successful online gaming companies bogged down and performing sluggishly.

Actually, the benefits of controlling credit card fraud are twofold. The immediate benefit is the corresponding reduction in chargebacks and credits - a constant concern for anyone conducting non-face-to-face credit card transactions. Less obvious is the fact that a large segment of the general public is still reluctant to provide credit card information online. If a potential customer knows that you have systems in place to assure the integrity of the private information they provide, you are much more likely to end up with a sale where you would have only had a curious visitor.

From the time that non-face-to-face credit card transactions became commonplace about fifteen years ago, the industries relying primarily on these types of transactions have been developing technology to reduce the risk of fraud. Primitive and ultimately insufficient measures such as simple bank verification and screening through negative databases gave way to more effective proprietary systems like Secure Socket Layers (SSL), Password Verification, Address Lockout, Hacker Alerts and Velocity Controls.

Recently, encryption has been the gold standard in preventing theft of private credit card information. Encryption is a system of scrambling electronic data signals sent across cyberspace, much like military coding of sensitive information. Today it is common practice to use several different layers of encryption on all personal information. Firewalls have also been popular with merchants for this purpose.

In the last few years, the major credit card companies have gotten directly involved in the development of some of the most promising technologies for stopping would-be cyberspace criminals dead in their tracks.

One of the most sophisticated fraud prevention technologies currently available today is the Address Verification System (AVS). As the name implies, AVS confirms the address of any potential customer. AVS automatically compares the customer billing address provided with each attempted transaction against the statement billing address on file with the card issuer. This gives the merchant an extra measure of assurance that the unseen customer is the legitimate cardholder. For more information on installing and using the AVS system, you should contact your acquirer.

But, the best is still to come. Years of cooperative development by both VISA International and MasterCard, with help from companies like Microsoft, IBM and Netscape, has resulted in the Secure Electronic Transaction (SET) system. SET will be an industry-wide, standard transaction security protocol employing new technologies that call for both the online merchant and the would-be consumer to use digital certificates and electronic wallets to mutually verify their identities. SET will also encrypt all online credit card transactions with advanced, airtight RSA Cryptography, a complicated and mathematically interrelated system of Private Key and Public Key pairings. When in place industry-wide, SET will provide the highest level of security for online merchants ever seen. The big question now is, "When WILL it be in place?"

The latest word is that SETCo, the organization set up to oversee the SET standard, will award its first wave of SET Mark seals this month. However, industry experts predict that it will take at least another year before SET becomes a part of the industry infrastructure and a uniform way of doing business for all online consumers, online merchants and issuing banks. The current conventional wisdom is that critical mass for SET will be reached sometime after the year 2000. Merchants can find more information about getting SET at The reality is that as non-face-to-face credit card transactions become more commonplace, they will also become more attractive to criminals and scam artists. Credit card fraud has always been an issue to contend with in the online gaming industry, and it is highly unlikely that it will ever completely go away. As a merchant in the industry, and therefore a representative of the industry, you have an obligation to remain rigorous in your anti-fraud efforts and to ensure that your customers are able to conduct their transactions safely. By leveraging the latest technologies, you can retain the upper hand in this ongoing battle. Yes. Credit card fraud IS a problem. But, today it is also preventable, controllable and reducible to near non-existent levels.

Next Issue: Velocity Controls

Christine Bednar is a partner at Signature Card Services, (213) 930-0050. Signature Card has assisted several online gaming clients obtain merchant accounts using Ecash and is available to answer questions regarding your online business.