Fundamental Flaws in Online and Phone Ordering
by C P
The place I work takes phone and online orders. Low security leads to high loss.
When a customer places an online order using a cell phone or computer, there apparently is no credit card security code or PayPal limit check.
This may be done after the order is submitted, if it goes to a holding pen. This may also happen if the item is unavailable or cannot be delivered as scheduled. No checks are done to determine if the customer's email address and name match, if the customer's phone number is the same as the recipient's, if the customer requested Saturday delivery for something that can't normally be delivered Saturday (FedEx/UPS), and strange messages ("Dear Pamela, You own me now. Fit me up with a radio collar and an invisible fence. Only you and God know how much I needed your text last night. I am deeply committed to you and love you forever. Love from Leslie").
If a customer tries placing an order online more than three or four times, they get an error message to call us for help.
If they call, the order may or may not go through, but we won't know until we submit it. If the order doesn't go through, they'll have to use another credit/debit card or try again another day.
We can't take cash, checks, gift cards that haven't been registered/don't have security codes, PayPal, more than one promotion (including coupons or points), "free shipping," orders for wine, or orders for personalized items on the phone. If you have a landline and a phone book, you wouldn't know. Everybody else - read the terms and conditions. We aren't lawyers, and telling us you're going to plaster it all over social media won't help you at all.
We have absolutely no way of telling who you are versus who you tell us you are. It doesn't matter if you say you're a Secret Service agent from Albuquerque or a professor from a university in San Francisco whose assistant went missing over the weekend... she's from Germany, and she's so conscientious she'd never do that (even if he's supposedly a network security doctoral candidate).
It doesn't matter - you still have to get a police report and have the police fax a subpoena. That's the way it works. Just do it. Same thing for somebody who calls and says their credit/debit card number was hacked/stolen.
Orders placed through relay operators are usually fraudulent. These calls used to be made by deaf people, not so much now. Have the relay operator ask the caller to give their name, valid billing phone number, billing address, city/state/zip, email address, valid credit/debit card number, expiration date, and security code at the beginning of the call. If "J Random Customer" can't answer that, the relay operator will tell you "The other party disconnected," or something along those lines.
Phone orders are placed using a JavaScript system running on Internet Explorer 6 on old Dell PCs running Windows XP. No fooling.
Temporary workers are brought in from someplace. Any warm body from off the street apparently will do during major holidays. A couple were fired after they had stuff sent to where they lived (using customers' credit card numbers). Definitely not the sharpest knives in any drawer.
Thanks to all who read this, and thanks to 2600 for this excellent magazine.