Expedia Stung by Major Credit Card Fraud
Mar 2, 2000 12:00 AM PT
Online travel agency and Microsoft spin-off Expedia.com reported Wednesday that it will record $4 to $6 million (US$) in third quarter losses to cover fraudulent credit card purchases made on its Web site.
Expedia, which reports gross bookings in excess of $1 billion and net revenues of $85 million, has an agreement with the airline companies to pay face value for any fraudulent ticket purchases. The company makes its money from commissions from hotels and airlines.
Expedia vice-president of marketing Erik Blachford said Wednesday that the stolen card numbers were not obtained from Expedia's customers and emphasized that the Web site remains secure. Blachford also said that the site has added more anti-fraud measures to help verify credit card purchases, but declined to elaborate about what those measures are.
Credit Card Fraud on the Rise
In an effort to reassure Expedia.com customers, a company statement was issued that said, "The security of the Expedia.com site and its customer information has not been compromised."
Still, this episode reaffirms the notion that even heavyweight online companies are not immune to determined criminals. "Fraud is unfortunately a part of this business," Blachford said. "It's just within the past few months that we saw it ratchet up."
The bogus purchases on Expedia.com were reportedly made with fraudulent or stolen credit card numbers. The questionable transactions were discovered in mid-February.
Despite being forthcoming about the online fraud, Expedia is doing its best to downplay the threat. A company press release stated that the one-time charge represents the company's estimate of unreserved fraudulent activity to date, which is less than one half of one percent of tickets sold.
Growing Trend of Compromised Security
Expedia's downplayed figures are cold comfort to those Web surfers who have been troubled by recent reports of online security breaches.
CD Universe is still reeling from a hacker who pilfered 300,000 credit card numbers from the online music retailing site earlier this year. The perpetrator of that crime has not been apprehended, and consumer confidence dimmed after the incident attracted a great deal of publicity.
According to Forrester Research senior analyst Charles Rutstein, credit card companies will move on from such crises, but online companies that are the victims of such scams will have a harder time surviving.
On the other hand, some credit card companies are reporting record lows in fraud. Just last week, VISA USA said that overall card fraud loss had dropped to 0.06 percent of total transaction volume, or six cents for every $100 in transactions.
Mastercard Not So Sanguine
While VISA may be touting low fraud figures, MasterCard International has generated substantial controversy by threatening stiff fines to merchants that do not keep their chargebacks -- and fraud -- under control.
When a cardholder denies that he or she made a transaction, the amount is charged back to the merchant, who then does not get paid for the transaction. Chargebacks represent substantial overhead to both MasterCard and merchants, because they must be handled manually.
MasterCard, according to new e-commerce rules that were sent to its merchants, is threatening to fine merchants $25,000 and up beginning March 1, 2000 for chargebacks that are one percent or higher of total sales transactions, or 2.5 percent or higher of total sales volume for more than two consecutive months.
One merchant told the E-Commerce Times that these rules might force smaller e-tailers off the Web. However, he added that he was told that MasterCard only plans to fine larger merchants that the company believes to have lax credit card authorization policies.