Call us on 1300 551 750 or Get a Free Quote

Adelaide web design, mobile development and identity design.

How to identify potentially fraudulent transactions.

It's a sad truth that merchants have had to combat predation by thieves and fraudsters back to the beginning of commerce itself, and as the introduction of Ecommerce offers retailers a new forum to sell their wares, so too does it offer thieves alternatives to achieve their ill-gotten gains.

As an online merchant, it falls to you to ensure that you identify and prevent fraudulent transactions. When you're a victim of fraud and your bank issues a chargeback on an order, you lose the goods, the funds and cop a penalty from your bank to boot.

To help you fight the good fight, we've put together a list of ways to help identify potentially fraudulent orders.

Identify big spenders.

Large orders, or orders with expensive items are at a higher risk of being fraudulent. It's not their money after all! Similarly, thieves will often elect to have their bogus order shipped by an expensive expedited shipping option since they don't have to fork out for the bill.

Identify unusual order patterns.

Is the customer ordering late at night? Are there many orders placed from a single customer in quick succession? These are signs that the order may be suspect, the latter being due to the use of bots to automatically place the order, and the former because all thieves are murky individuals that skulk about at night. Or, perhaps I've watched too many movies.

International orders.

Treat orders to international regions such as Africa, Asia or Europe as potentially suspect as a high frequency of fraudulent transactions originate in these locations. Especially flag Nigeria, Yugoslavia, Pakistan, Indonesia, Macedonia, Bulgaria, Romania and Ukraine.

Free or unusual email addresses.

Be wary about orders originating from customers with a free email address from Hotmail or Gmail as they are very easy to obtain and require minimal credentials to set up.

Don’t disqualify orders from free email addresses by any means, but flag such orders as potentially suspect.

PO Boxes.

Flag orders to PO Boxes as they are frequently used by fraudsters to receive delivery of goods.

Shipping Address differs to Billing Address

If the customer's shipping address is different to their billing address, then you have another sign that the order is potentially fraudulent. Fraudsters will often enter the billing address assigned to the card number that they’ve acquired, so clearly the delivery address must be different to obtain the goods.

Obviously, the vast majority of customers that input a different shipping address will be legitimate. I know I typically have my orders sent to the office rather than to my home address. But use this as another tool in your arsenal against Ecommerce fraud; if an order begins to show a few red flags, then beware!

Use geolocation.

Geolocation isn’t foolproof, but if a customer’s location as determined by their IP address when they place their order is a long distance from their shipping or billing address, then you have another sign that the order may be suspect.

Some thieves may use a proxy that masks their actual IP address, in which case geolocation will return inaccurate coordinates. Unless our fraudster goes out of his way to match the proxy location with his address, then this will likely raise a red flag when you perform your geolocation verification.

Preventing Ecommerce fraud.

The best way to fight fraud is to prevent it from occurring in the first place. Here's a few alternatives to consider to stop a crook placing a bogus order.

Require the CVN.

Many payment gateways and banks are beginning to require the use of CVNs for all transactions. For those unaware, the CVN is the 3 – 4 digit number most often located on the back of the card.

When accepting payments online, it's a good idea to request the CVN in addition to the card number, name and expiry date.

Thieves who acquire stolen credit card numbers often don’t have access to the CVN, so this little number provides some extra protection against fraudulent orders.

Boldly display anti-fraud notices.

On your website, advise customers that you are logging IP addresses and actively monitor and report fraudulent transactions.

Validate the user’s email address.

For a customer’s first order on a given email address, consider validating that email address by sending them an automated email and requesting them to click a link within the message that returns them to your website and verifies that the customer is using an email address they have access to.

Log unsuccessful order attempts.

A thief may try placing an order multiple times with different credit cards until an order successfully goes through. Consider logging unsuccessful order attempts and blocking the user via email / ip address / cookies from further tries.

I think I have a fraudulent order. What now?

If you've identified an order possessing some dodgy characteristics, then good for you; you're taking an active stance and protecting yourself against fraud. But what to do?

Call the buyer.

Ask to speak to the card holder to try and determine if they’re the real deal.

Consider asking questions that only the card holder would know. Try going to Google Maps and finding a landmark or business nearby and requesting details about the landmark. What’s the name of the park nearby, what street is it on? What’s the name of your nearest school? What brand is that petrol station down the road?

The attitude of the customer in response to your question can also help determine whether the customer is potentially a thief; a legitimate customer may sound confused, whereas a thief might be angry or concerned.

Contact the customer via email.

Many thieves use bogus email addresses, so if a customer is unresponsive to communication via email, there’s a reasonable chance the order is fraudulent.

Ask for a fax or scan of the customer’s credit card.

Request a fax or scan of the credit card used, keeping in mind that some thieves may also be skilled Photoshoppers!

Credit or debit a small amount to the customer’s credit card.

One approach to mitigate fraudulent transactions is to manually credit or debit a small random value to the customer’s credit card and request them to verify the amount. Usually, only the cardholder will have access to the card's transaction record.

Be aware that while debits usually appear instantaneously, refunds typically take up to several days to appear on a customer’s statement.

Hopefully this will help arm you against Ecommerce fraud. There are plenty of other resources available on the world wide web, so do your homework and hone your detective skills!


comments powered by Disqus