We have been in business since 1987. Since this time the credit card industry has added a number of safeguards to help in fraud detection and prevention. We keep abreast of them and add security measures as they become available.
*AVS – We require the credit card billing address which must match the credit card company information on file. This information is keyed in when the credit card is processed.
*IP Address – We track the IP address of the person who places the order. If there is a problem with the card, we are able to find from where the order was placed and often from there, who placed the order.
*CVV Numbers – We ask for the three numbers on the back of MasterCard, Visa and Discover or the 4 numbers on American Express
*Better Internet Security – Paying with a credit card over the internet is safer than paying in person with the same credit card if you chose your web merchant carefully. Security standards have been improved so that 128 bit encryption sites are standard.
*Zen Cart - We use a shopping cart called "Zen Cart" which has an interesting built in security feature. Although you put in your credit card number as one number, Zen Cart does not hold it as one number. It sends it to us in several separate emails, all to different addresses. We have to reassemble your credit card number before we can process your payment. Zen Cart does not hold your credit card number so if you navigate away from the check out page, you will need to re-enter your credit card number because your number is not saved. This may be a bit inconvenient, but is part of our added security.
*Humans, not machines processing your payment - Intelligence is always the most important security measure. You want 200 T-shirts sent as a gift to Nigeria? I don't think so!
The internet business sites warn about identity thieves and credit card crooks and how retailers can implement security measures to guard against these unscrupulous people. The best defense is the one we use – we do not let our website process charge credit card charges. There is always an intelligent, vigilant, well trained person standing between the paperwork and the processing who watches for any sign of suspicious activity.
When one of the warning flags appears, we check it out before charging your credit card. This keeps you safe and your credit protected. Banks are not prepared for this, though. Apparently, no one else goes above and beyond the way we do.
One funny story from several years ago:
We received an order, but the card was declined. This occasionally happened, so we called and informed the customer that his card had been declined. He apologized and gave us another card number. This card was also declined. At this point, we called the banks of both the cards and asked them to check the numbers.
Banks have no department for merchants to call in to report suspicious cards. They have large staffs of people to deal with fraud after a card is reported stolen or compromised, but if their customer does not know that there is a problem, they just don’t expect the merchant to be the one doing the informing. I told my story to several people before I was given to a manager who had the authority to do something not spelled out in the employee training book. He would not give me any information (understandable) or even tell me if the two numbers belonged to the same person. But he did agree to contact the cardholder(s) to see if he or they were trying to make a purchase with The Pillaged Village.
It turned out that when they called the cardholders, those people were not aware that their cards were compromised, and neither person was trying to make a purchase with us. I explained to the bank manager that they really needed to cancel the cards and check their charges since they probably were at their limits from fraudulent charges. He thanked me and was about to hang up when I asked him how to get in touch with him – or a similar person at other banks. He had no idea; there was simply no one responsible for dealing with someone reporting these issues this way.
We continued to call the “customer” and get credit card number after credit card number for the rest of the day until he gave up and canceled the order. I called numerous banks and reported the compromised credit cards. Not a single bank had a system in place for dealing with this.