Information centre menu
News Newsletters Events Articles - Articles Archive 2008 - Articles Archive 2007 - Articles Archive 2006 - Articles Archive 2005 - Articles Archive 2004 - Articles Archive 2003 - Articles Archive 2002 - Articles Archive 2001 - Articles Archive 2000 - Articles Archive 1999 - Articles Archive 1998	Credit Cards, The Internet, and Risk Jon Allen, Finance Director of PDMS Advanced Systems Group July 1999 In the vast majority of cases the method of payment collection from consumers on the Internet is through credit cards. In this, the latest in our series of articles on Internet related matters, I take a look at risks associated with using credit cards on the Internet from the perspectives of the consumer, the retailer, and the credit card company. Is it safe to use my credit card on the Internet? I believe this question should perhaps be "is it more risky than using my credit card anywhere else?" The answer is many of conventional credit card transactions are so grossly unprotected that the Internet does not expose you to any additional risk. In fact it is probably safer than most conventional usage as web sites usually provide a lot of background on the retailer and payment details are almost always input on a secure server protected by encryption. This was succinctly summarised in an article in The New York Times by journalist Peter H. Lewis who wrote: "Sending a credit card number to an electronic merchant over the Internet is probably the safest way to make such a transaction. In the last week, for example, I handed my credit card to a waiter who disappeared with it for five minutes. I faxed my credit card information to a business in New Jersey, and the fax probably lay exposed to everyone in that office for hours and perhaps to the cleaning crew that night. I called a hotel and gave my card data to a reservation clerk and continued my recklessness by ordering some merchandise from a clothing catalogue, again by reading my credit card information to some unseen operator. Compared with the risk of handing my credit card to a stranger, which I do nearly every day, sending it over the Internet is pretty secure" (The New York Times, Nov. 13, C3). Why are we all so cavalier with our credit cards? Perhaps the primary reason is you can reject charges you believe are not yours and the credit card company will give you a credit. They then charge back the value to the retailer and ask them to prove you received the goods. If you get a number of rogue entries, most credit card companies will insist you cancel the card and issue you with another. The balance of power is very much with the owner of the card and the burden of proof is with the retailer. Retailers risk The retailers' risk is if someone fraudulently uses or disputes the use of a card, it results in a chargeback. The general rule is the retailer will end up with the loss unless it can be proven the customer himself received the goods. Only on rare occasions, in the name of goodwill, will the credit card company take the loss. Internet retailers risk is the same as any other 'card not present' transaction and all the standard steps to prove delivery to the card owner must be taken. It could be argued that the absence of any human contact with Internet retailers might encourage fraudsters but proof of delivery is the key. Credit card company risk The mechanics of credit card processing are: card details accepted. receipt is banked (card slips at the bank or electronic banking via the Internet). credit card company pays into the retailers account and charges the customers account. If there is a problem and the customer challenges the charge under international credit card agreements and Law, the customer will get refunded. Laws vary slightly between one country and the next but in most cases the customer has six months to dispute the charge. The risk to the credit card company is the retailer takes numerous receipts but fails to make delivery and then goes bust. Apparently it is a very common occurrence for failing businesses to continue banking credit card receipts and delay delivery therefore using credit card receipts as additional working capital. This scenario can happen with a corner shop just as well as an Internet business; the issue for a credit card company is, with the Internet, the volume of trading can be enormous very quickly. This increases the ability to run a deliberate fraud. Credit card companies have quite reasonably taken a very cautious approach to issuing retailers with merchant IDs which allow them to take credit cards over the Internet. Interestingly this may turn out to be at their long-term cost as it has opened the door to many second tier companies (such as WorldPay, NetBanx, Datacash and ourselves) who, in return for taking the chargeback risk, are permitted to issue merchant IDs. These second tier companies have an important weapon in their risk management armoury which is all receipts for their retailers are first paid into their own accounts. This allows them to hold back proportions of receipts pending chargebacks. In additional to physical control of the cash, second tier companies are exploiting the reluctance of traditional companies charging very high transaction fees (up to 8% in some cases) and requiring deposits. Although returns are still substantial this market is becoming more competitive with well established payment processing companies commanding excellent rates from banks now looking to compete on rate. Such a company is Worldclear who are one of the largest cheque and payment collection companies. Published in Money Media, July 1999

Information centre menu

Credit Cards, The Internet, and Risk

Jon Allen, Finance Director of PDMS Advanced Systems Group

July 1999

In the vast majority of cases the method of payment collection from consumers on the Internet is through credit cards. In this, the latest in our series of articles on Internet related matters, I take a look at risks associated with using credit cards on the Internet from the perspectives of the consumer, the retailer, and the credit card company.

Is it safe to use my credit card on the Internet?

I believe this question should perhaps be "is it more risky than using my credit card anywhere else?" The answer is many of conventional credit card transactions are so grossly unprotected that the Internet does not expose you to any additional risk. In fact it is probably safer than most conventional usage as web sites usually provide a lot of background on the retailer and payment details are almost always input on a secure server protected by encryption. This was succinctly summarised in an article in The New York Times by journalist Peter H. Lewis who wrote:

"Sending a credit card number to an electronic merchant over the Internet is probably the safest way to make such a transaction. In the last week, for example, I handed my credit card to a waiter who disappeared with it for five minutes. I faxed my credit card information to a business in New Jersey, and the fax probably lay exposed to everyone in that office for hours and perhaps to the cleaning crew that night. I called a hotel and gave my card data to a reservation clerk and continued my recklessness by ordering some merchandise from a clothing catalogue, again by reading my credit card information to some unseen operator.

Compared with the risk of handing my credit card to a stranger, which I do nearly every day, sending it over the Internet is pretty secure" (The New York Times, Nov. 13, C3).

Why are we all so cavalier with our credit cards? Perhaps the primary reason is you can reject charges you believe are not yours and the credit card company will give you a credit. They then charge back the value to the retailer and ask them to prove you received the goods. If you get a number of rogue entries, most credit card companies will insist you cancel the card and issue you with another. The balance of power is very much with the owner of the card and the burden of proof is with the retailer.

Retailers risk

The retailers' risk is if someone fraudulently uses or disputes the use of a card, it results in a chargeback. The general rule is the retailer will end up with the loss unless it can be proven the customer himself received the goods. Only on rare occasions, in the name of goodwill, will the credit card company take the loss. Internet retailers risk is the same as any other 'card not present' transaction and all the standard steps to prove delivery to the card owner must be taken. It could be argued that the absence of any human contact with Internet retailers might encourage fraudsters but proof of delivery is the key.

Credit card company risk

The mechanics of credit card processing are:

card details accepted.
receipt is banked (card slips at the bank or electronic banking via the Internet).
credit card company pays into the retailers account and charges the customers account.

If there is a problem and the customer challenges the charge under international credit card agreements and Law, the customer will get refunded. Laws vary slightly between one country and the next but in most cases the customer has six months to dispute the charge. The risk to the credit card company is the retailer takes numerous receipts but fails to make delivery and then goes bust. Apparently it is a very common occurrence for failing businesses to continue banking credit card receipts and delay delivery therefore using credit card receipts as additional working capital. This scenario can happen with a corner shop just as well as an Internet business; the issue for a credit card company is, with the Internet, the volume of trading can be enormous very quickly. This increases the ability to run a deliberate fraud.

Credit card companies have quite reasonably taken a very cautious approach to issuing retailers with merchant IDs which allow them to take credit cards over the Internet. Interestingly this may turn out to be at their long-term cost as it has opened the door to many second tier companies (such as WorldPay, NetBanx, Datacash and ourselves) who, in return for taking the chargeback risk, are permitted to issue merchant IDs. These second tier companies have an important weapon in their risk management armoury which is all receipts for their retailers are first paid into their own accounts. This allows them to hold back proportions of receipts pending chargebacks.

In additional to physical control of the cash, second tier companies are exploiting the reluctance of traditional companies charging very high transaction fees (up to 8% in some cases) and requiring deposits. Although returns are still substantial this market is becoming more competitive with well established payment processing companies commanding excellent rates from banks now looking to compete on rate. Such a company is Worldclear who are one of the largest cheque and payment collection companies.

Published in Money Media, July 1999