What is expected of a credit manager when a customer claims that he was a victim of identity theft, and the debt is not his?
Check list of some of the obvious things to do after the fraud incident:
- Verify the legitimacy of the claim:
- If physical products were delivered, obtain a proof of delivery from your shipping company. This will confirm whether the address to which the products were delivered matches any of the delivery addresses used by your customer.
- If the order was placed over the internet through your e-commerce portal and paid by credit card, report the incident to your online payment solution provider, your internet service provider. The customer whose credit card is used for the fraudulent purchase will have to report it to his bank (card issuer) as well.
- You may consider including specific clauses in your sales/credit agreement as to who would be responsible for the debt in cases of fraud where you can demonstrate that the ID theft is not a result of negligence from your company’s part.
- Report the fraud incident to the following organizations:
- Phonebusters: www.phonebusters.com
- Reporting Economic Crime Online: www.recol.com
- Royal Canadian Mounted Police: www.rcmp.gc.ca
- Ontario Provincial Police: www.opp.ca
- Competition Bureau: www.cb-bc.gc.ca
- Privacy Commissioner of Canada: www.privcom.gc.ca
- Consumer Measures Committee: www.cmcweb.ca
- Antiphishing.org: www.antiphishing.org
- Canadian Council of Better Business Bureaus: www.canadiancouncilbbb.ca
Preventative measures to consider:
- Train your employees (credit, order desk, POS…) on the detection of frauds
- Have proper written policies in place on how you want employees to behave – who can have access to what and when, how much access you want your employees to have to the internet
- Build the necessary security infrastructure to protect your information systems from hackers – up-to-date firewall, anti-virus software, patches to operating system, anti-spyware/antiphishing. Hackers are becoming more sophisticated and will exploit the least opportunity to gain access to confidential information on your customers with the criminal intention of using it to either place fraudulent orders with your company or elsewhere.
- Both VISA and Mastercard have designed special features on their cards to curb counterfeiting and card-not-present frauds. Make sure your employees are aware of them and that your e-commerce software have the necessary checks and balances to flag suspicious transactions. Additional services like VISA’s Verified by Visa® program are also available to merchants for increased protection.
- Encrypt data maintained on databases or files accessible from the internet, and any data sent across networks.
- Securely destroy data when it is no longer needed for business reasons
- Remove access to the network and the premises immediately for any employee who has left the company
Nawshad Khadaroo, CCP
Source: VISA Canada www.visa.ca