Avoiding costly on-line fraud

The Visa Canada Association advances new payment products and technologies to benefit its 22 member financial institutions in Canada and their cardholders. With more than 23 million Visa cards accepted at over 567,000 merchant locations nationwide, Visa is the leading credit card payment brand in Canada. Visa-branded cards generate more than $90 billion in annual sales volume in Canada and are accepted at more than 16,000 ATMs in Canada and 643,000 worldwide. Susan MacKeown is director of e-Visa, a new department within Visa Canada Association that focuses on e-commerce, new channels and new product opportunities. IT World Canada followed her by email as she traveled around North America from her Toronto base.

IT World Canada: What do you see as the opportunities and challenges for retailers in the global e-commerce marketplace?

MacKeown: On-line spending for Canadians will reach $5.7 billion by the end of this year. The opportunity for on-line retailers is significant. This opportunity, however, does not come without some unique challenges. According to a Mindwave research study conducted in the United States and commissioned by CyberSource, of the on-line retailers surveyed, 75 per cent recognize credit-card fraud as a concern, with 41 per cent unaware that they are financially accountable when on-line fraud occurs. Through its research, Mindwave concluded that Internet fraud is a major business-operating problem for e-business retailers and on-line brands.

Recent events have shown that an additional danger of fraud lies not just in the Internet transaction, but on merchants’ unprotected on-line servers. As a result, retailers are finding themselves responsible for a number of costs — ranging from the cost of the product, the cost of the charge-back fees that result from issuing and acquiring bank investigations, and even the cost of their own reputation.

IT World Canada: How can retailers address this problem?

MacKeown: The only answer is to implement a secure e-commerce infrastructure. With a secure infrastructure, an e-tailer is able to guarantee payment from the bank through the use of cardholder authentication (i.e. cardholder certificates, chip cards), which protects the transaction and increases the retailer’s bottom line.

IT World Canada: With reports such as the 3.6 million credit cards compromised when the Egghead.com security site was cracked before Christmas, Internet fraud is surely obvious to those in the on-line world. Do you see more retailers taking measures to protect both themselves and their customers from it?

MacKeown: It seems that while retailers now recognize Internet fraud as a business concern, they do not yet see it as a problem of sufficient urgency that it requires an immediate solution. This attitude probably has more to do with the steps a retailer must face to implement a secure e-commerce infrastructure than the avoidance of solving the problem at hand.

Organizations should inform their customers about the positive steps they are taking to provide them with a secure storefront, protecting not only Internet transactions, but their customers’ confidential information. Organizations can communicate these steps through their websites, through e-mail bulletins or through a small advertising campaign. These changes can be positioned as not only of benefit to an organization’s business but as a way of ensuring the customer’s increased on-line shopping security.

Retailers need to look at how ensuring transaction security can create new growth for their business. On-line retailers should view implementing a secure e-commerce infrastructure as an investment for the long-term success of their businesses. Just as mission-critical services and support are viewed as vital IT investments to any Internet shop, ensuring transactions are completely secure should be viewed as another important investment — a cost of doing business. If a retailer is losing money and forfeiting customer trust by not protecting against Internet fraud, an investment made now will stop further loss of revenue over the course of time.

This is particularly essential as e-commerce realizes its global marketplace potential. The amazing thing about the Internet is that it gives a company the potential to sell products to every person in the world who has a credit card or debit card, a computer and Internet access. With the entire planet as a customer base, security, cardholder authentication and retailer authentication become critical to the success of the retailer that plans to have a truly global e-commerce presence and survive in the Internet era.

While taking the steps to implement a security infrastructure may seem like a major time and cost investment, the benefits it will bring to the on-line retailer — protection against charge-back fees, protection against lost revenue and the ability to conduct secure global e-commerce — will prove to be worth the investment in the end.

IT World Canada: At www.visa.com I see that there is news of a global website, Global Data Security (GDS), that provides an automated self-assessment tool that allows merchants and others to evaluate the security of their site in a private, non-threatening environment. Another news item indicates that on-line retailers are to comply with a June 1, 2001 deadline for posting on their websites the method of transaction security they use to secure cardholder account data during the ordering and payment process. There is a similar notice about a June 1, 2001 deadline for posting their privacy policy on their websites. Does that apply to Canadian on-line retailers?

MacKeown: We have a similar program but the dates are different and we are not able to provide further details at this time.

– 30 –


An additional danger of fraud lies not just in the Internet transaction, but on merchants’ unprotected on-line servers, warns Susan MacKeown, director of e-Visa at Visa Canada Association.


Tips for successful e-tailing


Visa Canada sponsored a book to help Canadian retailers close the information gap that still exists when it comes to Internet security and selling on-line. Written by Jim Carroll and Rick Broadhead, “Selling Online: How to Become a Successful Online Merchant in Canada” addresses the basics of setting up and marketing an online store and outlines a number of techniques to maximize on-line security and minimize credit-card fraud. This 394-page, 6 x 9 inch paperback published in September 1999 by CDG Books Canada Inc. is designed as a roadmap for merchants. ISBN 0771576439 $21.95 at major bookstores in Canada.


SIDEBAR with CHART from Winning with e-Business Report, page 8 “Organization Concern about Processing Customer Orders On-line” .


Survey assesses e-business readiness

A recent Ipsos-Reid study jointly commissioned by Bell Canada, the Canadian Institute of Chartered Accountants, bizSmart and CIBC, assessed the e-business readiness of small and medium-sized businesses (SME) across Canada.

Of those who had a website, one in four (23%) currently take orders through their site. A majority of SMEs who do not take orders expect that they will be capable of taking orders on-line either within one year (37%) or within three years (18%). Organizations that have a website were asked about the concerns they had about accepting and processing customers on-line. Security (43%) was the highest-rated concern. Customer concerns about privacy (35%) and reliability of the website (34%) were next highest-rated concerns.

A total of 800 random telephone interviews were conducted among senior management of Canadian businesses with between 10 and 100 employees and revenues greater than one million.

– 30 –