Practical Ecommerce

Field Test: Fraud Prevention, Part 1 of 3

In Field Test, Practical eCommerce gathered ten seasoned ecommerce merchants and asked each of them the same questions around a given topic. This month’s topic is fraud prevention.

The participating ecommerce merchants are: Dave Norris, House of Antique Hardware; Justin Hertz, MuttMart; Chris Stump, Only Hammocks; Mike Feiman, PoolDawg; Dan Stewart, Xtreme Diesel Performance; Roman Kagan, Appliance Parts Pros; Cindy Barrileaux, Write Your Best; Claudette Cyr, Gear-Source; Mike Butler, Bloom Designs Nursery; Kristen Taylor, Juvie; Jeff Muchnik, RedBox Tools.

The responses for three of the ten merchants follow below. The answers are shown to preserve anonymity.

PeC: Has your ecommerce business been the victim of credit card

  • FIELD TESTER 1: Attempted fraud, but nothing that ever actually went through.
  • FIELD TESTER 2: Hundreds of fraud attempts, but I think we actually only got stung once for a small amount.
  • FIELD TESTER 3: Yes, we typically see a handful of fraud issues each year.

PeC: How did the fraud occur?

  • FIELD TESTER 1: We started getting series of orders that were rejected by our credit card processor followed by an order that would go through, all from the same person. The orders that did go through were strange. Fraudsters were using our site to test stolen numbers with different combinations of billing addresses and CVS codes until they found a combination that works.
  • FIELD TESTER 2: A guy calling from an IP phone said he was in San Antonio. At the time we weren’t smart enough to check the location of his IP address, something we now do. He had a San Antonio shipping address. We shipped the item then realized we’d been stung.
  • FIELD TESTER 3: The most common scenario is a transaction with separate ship-to and bill-to addresses. The bill-to customer then claims they did not authorize the purchase.

PeC: Does PCI compliance help prevent fraud?

  • FIELD TESTER 1: Yes, but PCI compliance doesn’t prevent people from using stolen credit card numbers in your store.
  • FIELD TESTER 2: We are PCI compliant.
  • FIELD TESTER 3: I think it’s a very good idea, and it certainly will not hurt to have such standards implemented.

PeC: What steps do you now use to prevent fraud from occurring?

  • FIELD TESTER 1: All orders are reviewed by hand before fulfillment and before settlement occurs at the end of the day. Also, we require AVS match and CVS match to approve orders.
  • FIELD TESTER 2: Technically it could happen again, but we’re pretty good at catching the attempts now. Every person involved in sales and order processing in our company is taught what to watch for.
  • FIELD TESTER 3: Our first line of defense is having our sales staff and order processing department trained in detecting suspicious-looking transactions. Our second is ensuring the correct security settings within our payment gateway control panel.

PeC: Do you use third-party fraud detection products?

  • FIELD TESTER 1: No, but we may add a fraud detection suite later on.
  • FIELD TESTER 2: Not currently.
  • FIELD TESTER 3: The only fraud detection we currently use is that of which is offered by our payment gateway.

PeC: Which one(s)?

  • FIELD TESTER 1: Authorize.net
  • FIELD TESTER 2: N/A
  • FIELD TESTER 3: Authorize.net

PeC: What advice would you offer to other merchants concerning credit card fraud?

  • FIELD TESTER 1: Pay attention to the details of each order. Red flags warrant further inspection and validation.
  • FIELD TESTER 2: Have checks and balances in place. Trust your instincts. Do not sway from your policies to accommodate an odd request — you came up with those policies for a reason.
  • FIELD TESTER 3: Credit card fraud is inevitable. The key is finding the perfect balance of security settings without inconveniencing the customer or yourself with standards that virtually do not approve any transactions.
Practical Ecommerce

Practical Ecommerce

Bio   •   RSS Feed


email-news-env

Sign up for our email newsletter

  1. Legacy User March 20, 2008 Reply

    If l think that l am being had or taken a fool for money and can not get anymore information about this internet.com business. Who deals with this ?
    Who do l get intouch with, where do l send my complaint to ?

    Thanks
    Dave Hookham

    — *dave hookham*

  2. Legacy User March 20, 2008 Reply

    When we set up ArenaFlowers.com, we didn't expect much fraud. We were wrong. We get a lot of men using stolen credit cards attempting to buy flowers and chocolates and wines for people they've met on dating sites. Once they've won the customer's affection, they then fabricate some problem (eg "my son has been kidnapped in Nigeria and all my credit cards stolen") and then ask the lady to send money via western union. This cost quite us a lot in chargebacks until we realised what was going on.

    We rapidly built a bespoke system for fraud detection using numerous indicators to catch suspect orders and cancel them. We have a very high success rate now. We also alert the recipient that the person is trying to take advantage of them and explain the scam. Bizarre the way the world works.

    Also worth noting that fraud when people pay with PayPal is virtually zero. I think there's been one instance in many thousands of PayPal transactions since we started.

    — *Will – ArenaFlowers.com*

  3. Legacy User March 20, 2008 Reply

    We have been hit a few times. On our site http://www.envirosafetyproducts.com the pattern is almost always the same; different ship and bill to address, almost always for 3M respirators, and the worst part is that they match on the AVS and CVS. For this reason, it makes us have a trained person look over all orders over $250. This puts a snag in having full automation.

    — *Scott Newton*

  4. Legacy User March 20, 2008 Reply

    In the electronics side we get an average of 1 out of 10 orders being a fraud attempt. We couldn't live without the assistance of maxmind in streamlining our fraud preventing strategies.

    — *Byron Miller*

  5. Legacy User March 20, 2008 Reply

    I recently found that Indonesia is the worst country for credit card fraud. I have had 3 orders from Indonesia within the last month. All were for significant $. Currently, my international shipping charges are separate from my website. International buyers now pay separately via PayPal. I overestimate the shipping fees and refund the difference. One "customer" emailed me his credit card numbers and it was rejected for shipping fees. He has never contacted me again. I have since declined all orders from Indonesia. It seems strange that someone from Indonesia would want my product. I have also had a large order from Nigeria. Again, strange I would receive an order from Nigeria. This customer had multiple excuses why he could not pay for international shipping with PayPal, cashier's check, etc. No further contact from that person.

    I am unsure if I am liable for fraudulent charges even if my product was shipped. Does anyone know?

    — *Kevin*

  6. Legacy User March 20, 2008 Reply

    Has any one looked into Verified by Visa or MasterCard SecureCode as ways of helping combat fraud?

    — *Katya*

  7. Legacy User March 20, 2008 Reply

    You are charged a chargeback fee even for frauds once the original cardholder reports it to your bank.

    You can save this fee IF the cardholder calls you first (we've had this happen) and either questions or advises you they didn't make the charge. Then you call the issuing bank and find out whether the shipping address is in the customer's record. If not, then you credit them back before they report it to the bank and you save the fee.

    Of course you are still out the merchandise!

    — *Robert Bokor abra4magic.com*

  8. Legacy User March 23, 2008 Reply

    I had a customer claim he never recieved his order after track and trace and signature required was tracked to his house from two differant warehouses and he used a bogus name on the signature. It seems odd two shipments to the same address could go so wrong! It appears you can get free product this way>

    — *Robert Norman*

  9. Legacy User March 25, 2008 Reply

    We at BabyDirect.com use MaxMind. It rocks!

    — *Ernie Sal*