Practical Ecommerce

How I detect ecommerce fraud

I read an article the other day that said online fraud is at its highest during the Black Friday to Cyber Monday timeframe. It’s no wonder: That is the busiest period for shopping online. It is when consumers often seek the best deals, to get some holiday shopping completed. As an ecommerce owner, I take steps to protect my website and my buyers.

When I first began selling online — just a few months into my operation — I received a $3,000 order from South America. At first I was shocked, and happy. Then I was cautious. What if the buyer was fraudulent? I had never shipped directly overseas before. So I did my due diligence and called my merchant account provider. The buyer appeared legitimate. As long as I shipped to the address on file and requested a signature upon delivery I was seemingly protected.

I called the customer to verify the address, but could not reach her on the phone. So I sent an email and received a response right away. Things seemed on the up and up, until I shipped the order. UPS called me stating that it could not deliver to the address, the customer refused the duties, and UPS needed a phone number to call her. I again tried calling, without success. So I sent her another email, requesting that she call UPS. A few days later the customer picked up her packages, signed for them, and paid the fees. Within a week, I was hit with a $3,000 chargeback for an unauthorized purchase. Even with the buyer’s signature on delivery and being on camera at a UPS location, I lost the case.

Since then, I have had a sprinkling of fraudulent orders and I’ve worked with law enforcement. To protect my company from these types of orders, I’ve developed the following nine checks.

  • Develop policies that I am comfortable with. I state on my site that I do not accept orders from unverified and unconfirmed PayPal accounts. I also state that orders require a signature at delivery. If a customer demands that you break your own policies, it should be a warning.
  • Monitor all orders. Some websites are automated, with orders going directly for fulfillment. I do not do this with my company. I take the time to look over all orders. If an order looks suspicious, it probably is. You know what your normal orders look like. If an order seems unusual or strange in any way you may want to take further steps before accepting it.
  • Utilize the AVS and CVV verification systems. If the credit card address information is coming up as incorrect, you may want to investigate. Sometimes customers misspell or abbreviate a street name; maybe they moved or perhaps they mistyped the numbers. I typically will Google the address to see if it is a legitimate location. I’ve had customers type, for example, “Main Street” when it is actually “Main Street East.”

So, verify the address exists. Then call the customer. Let him know you want to confirm the address because you were notified by the credit card company that it was incorrect. Tell him you want to make sure he receives the package.

  • Be wary of rush orders and overnight shipping. This is especially the case when shipping to a different name and address than what is on the credit card. There is a limited time window from when a credit card is stolen to the time it is reported. I’ve learned that some overnight and rush orders were because of this. If in doubt, call your customer and ask her when she needs to order. Explain you can offer her cheaper shipping options or explain you want to ensure it gets there in time. Whatever you use as an excuse, don’t let the customer think you’re calling because you’re suspicious. Use the call wisely to gather more information about the order.
  • Check the IP address and email address. If an order looks suspicious, check the IP and email address. I recently had an unusual order that illustrates this point. The order was billing to a California address, shipping to a Pennsylvania address, and the items didn’t seem like a typical order. The buyer used a business email address; I checked it and it was from Taiwan. When I checked the IP address, it was from China. The order didn’t originate from either of the U.S. locations. So I canceled the order.
  • Be cautious with international orders. Certain countries from Asia and Africa are known to have higher instances of credit card fraud. International credit cards also can’t be confirmed via the AVS system. Therefore, use care when shipping overseas.
  • Ship with signature confirmation. If you are selling expensive items, always secure a signature upon delivery. For the extra few dollars it costs for this service, it may benefit you in the case of a chargeback, especially in the case of so-called friendly fraud — when a legitimate cardholder purchases products and then fraudulently claims he never received them. Check with your merchant account provider to determine what dollar threshold is required for signature delivery. I also email customers letting them know their package will require a signature for delivery.
  • Use fraud protection services. There are companies that offer fraud protection and monitoring. Unfortunately, the ones I’ve priced cost more than the amount of fraud I actually experience per year. Weigh your costs and benefits before using a fraud-protection service, in other words.
  • Contact the customer. The best fraud prevention I’ve found is actually calling the phone number(s) on the order. Be wary if the phone doesn’t ring, or you get a computer message that the number is unavailable or out of service or is no longer valid. Be equally wary if you call and leave a message and the customer doesn’t call back. Many fraudulent buyers will not communicate information over the telephone because it can be traced. They will, however, use email. Request a valid phone number via email, and then call that number.

One time I was suspicious of an order. I could not reach the customer. So I searched the Internet for the billing address and found a phone number that matched the name of the billing address. When I called, I spoke to elderly gentleman who just had his card stolen that day. I immediately canceled the order and gave him my contact information to give to the authorities.

These nine steps above require a bit of legwork and investigation. But when it comes to your business, it’s better to be safe than to lose thousands of dollars in sales and inventory. Since implementing these steps, I have become better at identifying suspicious orders. I have nearly halted fraudulent sales.

email-news-env

Sign up for our email newsletter

  1. Dave November 17, 2014 Reply

    We sell all over the world at my site, CheapHumidors.com and use maxmind to check up addresses and get a score to determine if we should ship the order.

    • Carlos Rivera November 18, 2014 Reply

      Dave, thank you for the MaxMind tip!

  2. Sean B-P November 18, 2014 Reply

    Hi Erica – some really useful tips here !

    Another one to add: use Google Earth to view an address you’re concerned about. It’s amazing how often “XYZ House” isn’t a plush office block work address, but rather a council house in a run down estate. In some cases (including one I was involved with), derelict houses are used, with criminals squatting in them waiting for a big order and then doing a runner.

    But I reckon the best anti-fraud measure of all is gut feeling. I can’t always put my finger on it, but if my antennae twitch, I look hard at an order to see what’s wrong !

  3. Derek November 18, 2014 Reply

    Great checklist, Erica. You’ve covered all the things I’ve learned (the hard way).

    Since I accept credit cards on my website, I see more fraud with this payment option than paypal. In fact, I’m almost relieved when a large order comes in that’s paid with paypal within the US.

    From my experience if you get a credit card order and you suspect fraud, check to see if the customer tried more than one card to make the payment. If the customer used more than one card that was rejected, that’s a red flag (I’ve had a customer overseas who used over 10 different credit cards that were all rejected before one worked).

  4. Linda K. April 20, 2015 Reply

    Hello,

    I am using eBuyersReviewed as well. It is a cool tool.

  5. Rakhi August 26, 2015 Reply

    Read all cyber complaints against Ecommerce sites, Online chatting websites, hacking issues, credit card frauds etc.

  6. Iren November 27, 2015 Reply

    Hello, Erica! Thank ypou a lot for sharing with us such useful experience! It is very important to be aware of such fraud cases and try to protect them. Since I’m going to start my own e commerce, I research all significant problems to avoid them in the future. Regarding this theme I want to share this post – http://sam-ecommerce.com/blog/view/magento-site-safety. If you work with shop based on Magento, there are some very useful tips to protect yourself and your customer from the fraud!

  7. Alex January 25, 2017 Reply

    Thanks for the read, Erica

    Most fraud protection services, like Forensiq or Sift Science are actually pretty expensive, and not every business will see the real return on investments by implementing them. They mostly cater to large-scale media buyers (and sometimes sellers).

    But I don’t think you’ve tried fraudhunt.net . It’s pretty affordable with prices starting from $25.

    Hope it helps