Your Web site should automatically add all fraud perpetrators to your blacklist. If you get information on fraud perpetrators from outside sources, those addresses should be added to this list as well. Fake or out-of-service
e-mail or postal addresses also may indicate fraud, and if someone uses one, he or she should go on your list.
Blacklisting is only an intermediary step. Many questionable transactions could be perfectly legitimate, so canceling all of them would needlessly reduce sales and alienate customers.
Where to Stop the Order
Whether you identify a potentially fraudulent transaction through a blacklist, business rules, or profiling and ranking, there are two places you can stop orders. The first is the moment they are submitted, with the thank-you page replaced by a message informing the customer that his or her order could not be accepted. The second is to let these orders be submitted, but to hold them in a queue for review and a call to the customer by a CSR.
Credit Card ID Codes
Program your site to check the customer's credit card identification code ("card code"). All major credit card companies now place a three- or four-digit number somewhere on the credit card itself. The card code helps identify the legitimate user of the card whenever it's not possible to obtain a signature, such as during e-commerce and phone transactions.
Until now, credit card companies have encouraged the use of the card code, but they haven't required it. However, it's likely that they soon will begin requiring it for all online transactions.
The credit card companies also will require you to provide customers with educational information about card codes. During checkout, include a button labeled "What is a credit card identification code?" or something similar. This should link to a plain-language explanation of what the code is, how to use it, and how to protect it. Also include images of major credit cards to show your customers where they can find their code.