Question

Your friend Scott Adams has hired you to do a fraud prevention analysis for him. Scott is a successful home-based custom furniture builder. He feels like he is ready to expand his business, Woodcraft By Scott. He doesn’t want to incur the expense and effort of creating a retail store, etc. He would rather grow through internet sales and as his business expands, he’ll look for a workshop and hire help. For now, Scott’s wife Lisa handles phone and email ordering and the business end of the operation. Scott hired a web page designer who has created a website and on-line ordering process for the business. The current plan is to roll out the website and the on-line business on October 1st. Lisa recently saw a segment on the television show “American Greed”1 about a credit card fraudster. This frightened her. She convinced Scott to give you a call. You have been contracted by Woodcraft By Scott to reassure Lisa and to protect this budding small business from fraud.

Scott has asked you for a memo addressing the following:

1) What types of fraud should this type of business be concerned with? Identify at least three fraud risks and explain them.

2) What prevention and control steps should the business take to counter these fraud risks? Note: he trusts Lisa and believes that she would be insulted if you identified as a risk her control of the business.

3) Scott is a bit concerned about the costs of these potential controls. He says that his approach to business decisions mirrors his furniture building method – one step at a time. So, he would prefer that you give him options, in priority order based on level of risk, so that he can take it one step at a time if he chooses.

Answer 1

Ans 1) Online frauds are radically different from one's typically seen in brick and mortar business. This type of business deals with inevitable fraud that has been listed below :-

a) Identity Theft :- It is one of the most common types of fraud. Here, fraudster carries out an online purchase using a different identity. This enables the fraudster to order items online under a false name and using someone else's credit card.

b) Phishing :- In this case, an email asks for user ID, passwords, credit card details and other personal information. The sender seems to be a credit institution that needs a confirmation of some information due to a change in the system. Phishing allows criminals to get access to banks or other accounts and it can be used for identity theft.

c) Chargeback Fraud :- Also known as friendly fraud, it occurs when a consumer makes an online purchase and them claims that his credit card has been stolen and asks for chargeback after receiving the purchased goods or services.

Also, frauds can be divided into following types generally,

1. Triangulation Fraud
There are three parties involved in this type of ecommerce fraud. The fraudster, ecommerce store, and the unsuspecting legitimate shopper. The fraudster creates an online store that offers high demand goods at low prices.

ecommerce fraud

The unsuspecting customer places an online order by using his credit or debit card. The fraudster orders the same product from a legitimate ecommerce website using the stolen credit card credentials.

2. Interception Fraud
In this type of fraud, the fraudsters create orders by using stolen credit card information. They deliver the products to themselves while the owner of the funds becomes the victim of interception fraud.

Interception Fraud

3. Account Takeover Fraud
In simpler terms, this is identity theft. The fraudster/hacker gains access to a registered customer’s credit account and uses the credit card information to pose as a known and trusted shopper.

2) following are the prevention and control steps to avoild the risk associated with fraud :-

i) Multi layered security on e-commerce platform

ii) Monitor all transaction from ordering to delivery

iii) legally perform an intellectual property audit and patent for your e commerce website

iv) Swiftly respond to chargeback notices

v) Clear refund policy and information

vi) Exceed customer expectations

vii) personalization can create better customer experience

3) Potential controls along with costs are following

i) Card security codes :-

This method is the cheap one and also beneficial at this initial phase of business going online.
Cardsecurity codes
eCommerce transactions—i.e. “card not present” or CNP—are considered a higher risk for fraud than card-present transactions because of the difficulty verifying a cardholder’s identity. Card security codes were developed specifically in response to the rise in eCommerce.

These three-or four-digit codes are referred to as CVV2 or CVC2 (Card Verification Value/Code), CMID (Card Member ID), or the CID (Card Identification Number). Requiring card verification codes reduces the likelihood of fraud and can also qualify transactions for a lower interchange rate.

Card security codes are far from foolproof. They don’t account for “friendly” fraud, lost or stolen cards, or unauthorized card use. Hackers obtain security codes via data breaches or guess them with malicious programs.

ii) Malware Software

Another cheap method is to install antivirus in the system. Many anti-virus software includes the ability to scan and prevent malware, but not all of them. To be safe, supplement your existing antivirus software with quality anti-malware software such as Malwarebytes. Remember to always keep your security software up to date with the latest versions.

iii) One of the costliest method is to install a fully protected information system which ensures the protection of business from internal as well as external fraud factors keeping in check all internal controls.