How I survived after losing thousands in fraudulent transactions
Friday, September 28, 2012/
Jonathon Green founded Eljo.com.au with Elliot Ramler in 2009, and since then the online consumer electronics seller has managed to win success with $4.5 million in revenue.
But in its first months, the company was hit with a massive challenge – thousands of dollars’ worth of fraudulent transactions committed by a user. Because the company couldn’t provide electronic signatures from the credit cards used, the bank took the money away.
Green says the incident taught the pair a lot about cyber security, so much so they’ve never had another problem – and he tells SmartCompany why he’s going to keep it that way.
This type of fraudulent activity would happen fairly regularly in eCommerce. How hard is it to keep your site safe?
It’s a constant challenge, and criminals get smarter and wiser and try all sorts of new things. When we first started a business, we hadn’t heard of people losing their credit card details and then having the money retrieved from the bank.
What we didn’t realise was that as a merchant, and particularly an online merchant, if you’re unable to show signature proof of the transaction that occurred, then the bank has the right to take that money back from you.
It’s basically just how the law works in Australia.
So can you explain what happened?
Right when we started, we had $20,000 in capital – so not a lot at all. We put our savings in and started the business and just two or three months down the track we got hit with a series of these letters. They were warnings that totalled several thousand dollars’ worth of transactions that were put through fraudulently. At the time, we just didn’t have any way to look out for it.
What exactly can you do to respond in a situation like that?
There’s not a lot you can do, unfortunately, other than just hope the regulatory body gets things changed. Until that time the merchants just don’t have the same weight as the bank.
How do the technicalities work in this?
How it works here is that if someone buys something with a credit card, it goes through our system, the bank authorises the transaction, and then puts the money in our account. We process the order and send the product out.
But if it’s a fraudulent transaction, we’ll see that perhaps a month or two months later. The customer will contact the bank, they contact our bank, the bank contacts us and asks us to provide the signature from that account. If we can’t, they take the money from the account.
Continued next page.