Zero in on ZIP code risk

Internet and mobile sales continue to grow in popularity among shoppers and profitability for retailers. Last year, online sales in the U.S. topped $307 billion. The lucrative internet marketplace has also led to more online crime. Recent cyberattacks on U.S. businesses, which affected such titans of industry as Target, JPMorgan Chase, Home Depot and Premera, has Congress scrambling to craft laws to protect businesses and consumers against data breaches. And in 2014, businesses lost an estimated $3.5 trillion globally from retail fraud. Online sellers took the biggest hit, according to LexisNexis, primarily due to losses from card-not-present (CNP) transactions.

To cut down on card fraud, banks and credit card issuers are “chipping away” at getting U.S. retailers on board with Europay MasterCard Visa (EMV) cards before the October 1, 2015 deadline. EMV cards replace the magnetic stripe on a credit card with a computer microchip, the premise being that the chips make it more difficult to copy and clone card data.

Yet, counterfeit cards only account for a little more than a third of credit card fraud. And the new chip technology does nothing to prevent fraud in online transactions. Unlike Europe, U.S. banks aren’t releasing the EMV cards with PIN numbers, relying instead on signatures. Not only is this less secure, it changes the rules of liability for fraud from the bank to the retailer. New cards and new payment terminals won’t help retailers cut back on lost revenue from online sales until they change the way they verify buyer information for Internet transactions.

One of the biggest issues is the use of ZIP codes to authenticate customer information for online sales. Three in four retailers still use ZIP codes as their primary method for verifying both cardholder information and sales tax at the time of the transaction despite it being a rather blunt tool for the job.

The whitepaper outlines the pitfalls that retailers face when using ZIP codes as a means to authenticate transactional information. It explains why the Address Verification System (AVS) used to verify cardholder identity is flawed and easy to for savvy fraudsters to circumnavigate. And that since merchants are held accountable for CPS losses, it can be a major ding to the bottom line. Learn about the risks of lost sales from cart abandonment due to unexpected costs at checkout and why, if you rely on ZIP codes to calculate sales tax in your shopping cart, you could inadvertently over or undercharge customers. Finally, learn more about geolocation technology and why it’s a better option over ZIP codes to combat both card fraud and sales tax inaccuracies in Web store transactions.


Share this post

Related Posts

Checking Your CMMC Progress

Written by Alec Toloczko With Cybersecurity Maturity Model Certification (CMMC) requirements on the horizon, it’s crucial for organizations handling Controlled Unclassified Information (CUI) to adhere

Read More »