NTERNET merchants, weary of a near constant barrage of credit card fraud that costs them more than $1 billion each year, are joining forces in hopes of helping one another identify users of stolen credit cards, catch criminals and perhaps soothe the fears of millions of potential online shoppers.

Advertisement

A group of the Web's biggest e-commerce companies, tentatively called the Internet Merchant Fraud Roundtable, has formed over the last year, with the goal of creating a database that merchants could use to block potentially fraudulent transactions and help snare people who commit credit card fraud. The group hopes to have the database set up by the first half of next year.

"We're trying to construct a neighborhood watch," said George Redenbaugh, the manager of risk management and customer privacy at Hewlett-Packard, and one of the organizers of the round table. "It may turn out to be something we can't pull off, to be quite candid with you, but we're trying to work this out."

While many consumers are still wary about providing their credit card numbers to make purchases online, it is merchants who typically bear far more of the financial risk. A cardholder's liability is usually limited to $50 or less if someone else uses the account fraudulently. But merchants are usually obliged to reimburse credit card issuers for the actual cost of the goods sold.

One of the core challenges for the group, which Mr. Redenbaugh says includes representatives from about 65 companies, is how to share information about potential or probable credit card thieves without violating the privacy of legitimate users.

Mr. Redenbaugh and another key organizer of the round table, Tom Sullivan, the director of e-commerce fraud protection at the online travel company Expedia, said the group envisions creating a database of information on credit cards that have been stolen, and perhaps other information that could tip off other merchants to a possibly fraudulent transaction. Round-table participants would capture limited amounts of data about suspected frauds — data that would not include names, addresses or other personally identifiable information.

"We'd never attempt to do this if we didn't have the blessing of independent privacy authorities," said Mr. Sullivan of Expedia. "We've had early discussions with some, and haven't been discouraged by what we've heard. As this program develops, we'll continue to work with those experts and if we can't meet their requirements, we simply won't continue on."

One privacy expert who was briefed on the effort is Larry Ponemon, the chairman of the Ponemon Institute, an information-management research and consulting firm.

"The verdict is still out," Mr. Ponemon said. "But what I like about this group is that they really care about privacy, and they're building it in at the right place — the beginning of the process — even if it could be limiting to them."

While no e-commerce merchant group has tried to address credit card fraud on such a big scale, there is precedent for a similar type of information gathering. CardCops, a credit card fraud watchdog company, has created a database of what it believes are stolen credit cards, and offers that database on CardCops .com free to users who can check to see if their numbers have been stolen.

According to Dan Clements, CardCops's chief executive, the database, which typically contains about 100,000 card numbers at a given time, is compiled from Web sites he said were frequented by card thieves. Mr. Clements said that to avoid violating the privacy of a credit card holder, only the 16-digit account numbers are carried in the database. He said it was nearly impossible to trace the number to a person's name without other information and that he cleared his methods with Visa before moving forward with his service.

In the near future, Mr. Clements said, his company would start offering that database for a fee to merchants, who would be able to sift through it, checking for possibly stolen cards while they process transactions on their sites. As such, Mr. Clements said, his service provides a glimpse into how the Internet Merchant Fraud Roundtable database could work.