Advancing eCommerce

Regardless of where your thoughts and feelings lie across the political spectrum, the ‘Doodad Pro/Good Will ’ controversy is instructive for every internet merchant who hopes to make a dime on the Internet.  We can take important lessons away from the stir this activity created.

The controversy centers around the theory that web sites should apply certain minimum rules of credit card transaction validation (such as CVV and AVS ) in order to protect cardholders (and the merchants themselves, too).  The web site in question did not/does not apply such common rules, and as such, is in the headlines for the high percentage of  web payments it is having to return and which are being disputed by cardholders.  In addition, there is even serious speculation that easing the security constraints on the credit card processing may have caused violations of federal campaign finance laws.

What lessons can the average eMerchant draw from this controversy?  Several important ones!

Lesson 1:  Probably the most important lesson is that many internet consumers are more aware of proper internet credit card transaction security than many merchants may think.   Here at 800Cart, we found it very gratifying to see that so many cardholders were fully aware of some of the internet credit card security basics!  Many internet consumers know about and track on proper credit card security when they are buying from you.  For instance, the site in question did not request the CVV for card transactions – a security decision that allowed quite a few fraudulent transactions to go through and that CVV checks would have prevented.  Same for AVS.

Lesson 2: Not applying basic transaction security measures can increase fraud and decrease security in your everyday ecommerce activities.

Lesson 3:  Many consumers will clearly notice if you are not applying proper credit card security rules.

Lesson 4: When consumers notice, they may talk about what they noticed – in the blogosphere and in other online, searchable venues.

Lesson 5: As a Google search on ‘Doodad Pro’ reveals, Google and similar search engines confirm what has already been mentioned in many, many circles: the search engines can be a powerful ‘reputation management’ forum that is only partially under the enterprise manager’s (your) control.

Lesson 6: Many seemingly trivial business decisions must now be taken with a serious regard as to how the public, and especially the blogging/chatting/forum public, will perceive them.

Online merchants might find some ’safety’ in the consideration that nobody (or almost nobody) is going to try to put through a ‘bad’ credit card transaction on your web site just to see if it goes through.  But consider what happened to me when I was making an Amazon purchase a couple of weeks ago:  like many shoppers, I simply selected a credit card I had used before and clicked to complete the sale.  Just as I clicked, I noticed that the expiration date on the credit card (which had been on file with Amazon for several years) was expired and in the past.

The transaction went through just fine anyway.  I was never asked to correct the expired expiration date.  Certainly my ’security antennae’ went up quite a bit on noting that, but I trust Amazon.  The order was shipped and the charge was settled as expected.  But I noticed, and I had a few uncomfortable moments until I had thought it through.

But I want to point out at this point that something similar has probably happened to you: you click to submit an online form (not necessarily a credit card purchase) when you notice just as you click, that you made a mistake with one of your answers.  Regardless of whether your answer was challenged or not after the ‘too quick click’ my point is now made.  We all make mistakes.  Enough of a suggestion to accept that your shoppers regularly make the same kinds of mistakes too?   I think so.

So now we must consider what sort of a statement are we making to a shopper (especially in light of the wide discussion of ‘Doodad’ which has had the side-effect of educating many more consumers and card holders) when we allow an improper CVV or Billing ZIP to go through unchallenged, even if it is just a typing mistake or an honest oversight?   If your web site accepts the transaction without a challenge (error message asking for the mistake to be corrected) then your online reputation may suffer accordingly.

All the above notwithstanding, there are indeed many valid business use cases for omitting these checks or accepting the transaction information at shopping time and performing them later if you are accepting non-live transactions.  So many merchants should now consider that if they do defer these checks to later in the fulfillment or delivery process, are their customers aware of the reasonable use cases for not validating this information at shopping time?

If the answer is ‘no’ or even ‘maybe not’ then merchants should seriously consider changing their set-up to go LIVE and do credit card transactions in real-time, performing AVC and CVV checks, but simply do an auth-only transactions that can be settled later in the fulfillment cycle.

If you are thinking that your business is too small to be affected by the controversy and the education it is producing in online consumers you may wish to consider thinking again: almost all of us rely on repeat business to remain profitable and to grow.

Can we stake our growth and our future on today’s shopper *not* noticing apparent security and validation problems… and *not* returning for future purchases because of the perceived problem?

doodad pro, credit card fraud, ecommerce security