• PAGE ONE
• INDEX
• HOME

Shorn of credit

Neha Kapoor

A `gift' order for a diamond ring worth Rs 8,000 was placed at BharatPlanet.com using a credit card belonging to an Englishman. When the portal got in touch with him to reconfirm the order, he denied placing it and claimed that his card had been misused.

Two days later, the `recipient' called Bharatplanet about the status of the order. When the portal asked for a copy of his driving license or passport to authenticate his address, the `recipient' refused and stated, `I don't know anything... my friend ha s placed the order'. He even threatened the portal with `if you continue harassing me, we may have to meet in court'. As it turned out, the `recipient' was the one who had used the card number to place the order.

WHENEVER the security concerns of Internet transactions are raised, it's usually the credit-card holder's interest that is addressed. The merchant is more or less relegated to the background despite the fact that he is exposed to a high degree of risk. T he card-merchant agreement renders the latter liable for fraudulent transactions and requires him to pay a charge back-fee as well.

According to an internal survey, Bharatplanet has, in recent times, received close to 30 fraudulent online orders worth $ 15,000. Nearly 10 per cent of these orders were executed, incurring a loss of about Rs 40,000. Most orders pertained to high-value g oods.

``We have also noticed that most of the fraudulent transactions experienced by Bharatplanet have been transacted through a leading foreign bank's international credit card issued in India. A close look at the complaint mails and credit card statements fr om the original cardholder has revealed that such online deals are being struck with dominant online bookstores like Amazon.com to the tune of $ 1,500 to $ 2,000,'' says T. Chandramohan, Director, Bharatplanet.

In the case of the diamond gift cited above, the portal had been alert enough to verify the authenticity of the order. On the other hand, had the order been processed and the goods delivered, not only would the merchant have lost the transaction fee of 1 -2 per cent charged by the portal's payment gateway, he would also have had to bear the cost of the purchase. This is because, unlike in a physical transaction, the credit-card issuing bank holds no joint responsibility with the merchant for online trans actions.

Apart from ignoring the fraudulent order, the portal could do little else as the card-issuing bank wasn't exactly enthusiastic about resolving the issue and a court case was likely to drag on for years.

``For every fraudulent transaction, a merchant is the lone loser who bears the entire charge-back, including loss of product cost, delivery costs and transaction fee irrespective of whether the order gets executed or not off-line,'' says Chandramohan.

``Users of stolen cards have gone to the extent of complaining about non-execution or delayed execution, with supporting documentation for orders placed. As merchants and service providers, we do the utmost to earn and retain clients. As a precautionary measure, if the holder of a stolen card is asked to provide documentation to support the genuineness of the order, no co-operation is rendered by the cardholder for obvious reasons.''

He adds, ``The next recourse is the card-issuing banks who are, however, disinterested in handling enquiries by merchants due to time constraints and other limitations.''

According to Pushpendra Mehta of Credit Card & Management Consultancy, ``The unwillingness of banks to get involved is understandable as they would run from anything that spells adverse publicity for the organisation. Moreover, the larger the credit-card base of a bank, the more vulnerable it is to frauds. The only thing a merchant can do is take precautions like verifying the authenticity of the order.''

Mehta lists the precautions to be taken by a merchant while accepting orders on-line:

- Merchants should not accept orders in the absence of complete information, including full mailing address, contact numbers etc.

- They should compare the name and billing address with the records held by the card issuer as this might limit the exposure to frauds.

- While accepting overseas orders, extra caution has to be exercised as cross-country orders invariably offer no protection against fraud.

- Preferably accept orders from a well-known ISP or domain-based address.

- Also, using 128 bits Secure Socket Layer (SSL) technology would ensure sufficient amount of security.

Chandramohan, however, points out that despite exercising several precautions, the portal has been recording at least 10 - 15 fraudulent cases every month. ``In fact, this figure goes up to 50-60 cases during December-February. But we can't do much about it because there are very few e-commerce transactions taking place in India today... there is no pressure on banks or merchants to take proactive measures,'' he says.

``I have even mailed other portals like Rediff and Fabmart, requesting them to come out with similar incidents encountered by them. But, so far, I have had no reply. As merchants, we need to form some kind of a consortium to nail down the responsibility on the right persons at corresponding stages,'' he adds.

Please e-mail us at bleditor@thehindu.co.in if you have queries on computer usage or if you find an interesting way of using the computer.