Credit card fraud - the merchant's side
Here's a personal example: Our company experienced its first encounter with credit card fraud last month. Someone stole a credit card account number, then used the stolen number to purchase a $500 product from our company. The crook knew the cardholder's correct address, provided our company with that information, but requested that the product be shipped to a different address.
Since it's not uncommon for our customers to request a "ship to" address which is different than the "bill to" address, at first, we didn't think much of it. Our policy is to send the invoice to the "bill to" address -- which we did. A few days later we got a call from the customer (whose card number was stolen) informing us that he never purchased anything from us.
This particular scamster used one of the free email services (Juno) to open an email account in the stolen cardholder's name -- which made the transaction appear more legitimate. We informed Juno's security department of the fraud taking place. (Juno said that they shut down the scamster's account.)
Although we got authorization and approval from our merchant account vendor, we bear all the loss.
We contacted the banks and the merchant providers involved, and even contacted the police. The banks, merchant providers and police were not able to help -- mainly because they were too busy or felt that the dollar amount involved ($500) was not significant enough to warrant further action.
From scambusters