Because of this , he ’ s eager to lend his experience and knowledge to help any fellow MI retailers improve their security .
COSMO MUSIC ’ S RUDI BROUWERS
That is why he immediately arranged a meeting with Wanka and the Sherwood Music team after reading about their ordeal .
“ When we first started out , we learned some really valuable lessons . You have to put things in place to combat that and we did some research and found some tools that we added to our website , specifically a program called Kount , and it assists with fraud detection . With it , there ’ s all kinds of different rules that you can set up for catching criminals when the orders are placed ,” Brouwers notes .
As O ’ Keefe also explains , fraudsters will often try to test a store ’ s security systems in smaller ways before trying to make a big purchase .
“ They try something small to see if the business is protected . This is the best red flag that could be there . It just takes experience to know that is what they ’ re doing . Online frauds are probably the most common that businesses should look out for . There are systems that can be used to identify red flag activity , but they can be pricey for sure ,” says O ’ Keefe . “ An understanding of all of the rules that apply to complete a transaction is the minimum standard . What I mean is this ; if a card is not present [ like when a card number is given over the phone ], and a fraud takes place , the retailer is at risk of not complying with the Payment Card Industry ( PCI ) Data Security Standard rules . If there is a fraud and the business is charged back , there is not a lot they can do to argue that they followed the rules . This is where a business needs to partner with the right financial institution partners who have safeguards built in . Go it alone and the retailer is very vulnerable .”
One obvious red flag that any good POS system should detect is when there are different ship-to and bill-to addresses , especially if it ’ s an expensive item . “ Also , multiple orders placed closer together for , typically , smaller amounts , like in the $ 200 to $ 300 range , where they ’ ve placed multiple orders within a couple hours or even over a couple of days .
22 CANADIAN MUSIC TRADE
That is a flag , because they try to order first and if it succeeds , then they continue to keep doing it and keep doing it until you catch it ,” explains Brouwers . “ So , one of the rules we ’ ve set [ in the Kount system ] is if there ’ s more than two orders within a certain timeframe , it ’ s flagged for review . Then our team will take a look at it and vet it and make sure it ’ s okay .”
Over the phone , a lot can be deduced from the tone of the conversation and the types of questions the person is asking . Are the types of products they ’ re asking about logical , or just a lot of seemingly-random expensive items ?
“ So , they ’ ll ask , ‘ Is this Gibson guitar in stock ? It isn ’ t ? Okay , what about this keyboard ? Is that in stock ?’ So , stuff that just doesn ’ t make any sense ,” adds Brouwers , also saying to note if the person seems antsy or rushed on the phone . “ Those kinds of things are usually sketchy . Customers that are asking to send a courier to pick up their new order ? Yeah , that ’ s a problem . Also , orders that come from certain areas where fraud is known to be . There are specific provinces in the country where more fraud orders come from and you just get to know and flag those . Quebec is one that we ’ re really targeted from a lot . So , we ’ ve got a flag now for any Quebec orders over a certain dollar amount and watch for them . Basically , what it does is reviews those orders and it stops the orders from getting into our system before we can take a look at them to make sure they ’ re legit customers .”
When there is an attempted transaction that requires review , it ’ s a simple call to the customer to get more information . Typically , this is only necessary for first-time customers , as the POS system will remember if a person ’ s prior purchase was manually approved . The vast majority of legit customers will understand and even appreciate the caution you ’ re taking to ensure the store and customer is protected from criminals .
So , Cosmo staff will call the number provided on the order and say , “‘ Hey , I ’ m calling from Cosmo Music . We got your first-time order — that ’ s great , thank you for doing business with us . Typically , for a first-time order with this dollar amount , we ’ d like to ensure that the credit card matches the address , because we do get hit with fraudulent orders . We just want to make sure we ’ re covering ourselves for your safety and ours ,’” Brouwers explains . “ They ’ ll give the credit card number , nothing else but credit card number – no CSV and no expiry date , you don ’ t need that . We ’ ll then call the bank that issued the credit card and do an address and phone verification …. If that matches what the customer has used for the order , then we just approve it .”
If things don ’ t match and they can ’ t be sure it ’ s a legitimate purchase , the order is cancelled and notice is sent saying , “ Unfortunately your order has been canceled due to X reason . Please check with your bank .” At that point , the fraudster will just move on to their next target .
Now , of course it is preferable to deter every fraudulent transaction or in-store theft and avoid any hassles . But , even good systems and protocols can get beat sometimes . Frankly , it is tough for retailers get their money or goods back , but it is possible sometimes .
“ The payment card industry has to have strict rules to stay in business . For chargebacks , retailers will know they are quick to decide the retailer is at fault . But there are times when you can successfully challenge a chargeback . Without going into too much detail whereby areas where vulnerabilities are broadly communicated , let ’ s look at a situation where signatures don ’ t match on some of those old-school transactions ,” says O ’ Keefe . “ Let ’ s says the retailer is charged back because the signature doesn ’ t match . But the transaction was four weeks prior ! Who can defend themselves after the fact ? The card is gone . The reason I use this case is because I was involved in this one on the receiving end as a loss preventer . I challenged the credit card company to tell me about the five transactions before and after the person bought from the company I represented . They wouldn ’ t , of course , but since my argument was that I thought the card might be counterfeit , which would mean that the signature of the fraudster would match because they made the card and signed the card at home , the credit card company backed off . There were multiple retailers victimized by the same person , so it had to be a duplicate card and the signatures must have matched . The retailer followed the rules and the chargeback was withdrawn . So , it takes work , but yes there are ways to get your money back .”
Having said that , O ’ Keefe reiterates that the easiest way to get goods back is to catch the bad actor . For small businesses , this means working closely with the local police or engaging the services of a third party . And