Fraud Prevention > Merchant Voice

How I detect ecommerce fraud

I read an article the other day that said online fraud is at its highest during the Black Friday to Cyber Monday timeframe. It’s no wonder: That is the busiest period for shopping online. It is when consumers often seek the best deals, to get some holiday shopping completed. As an ecommerce owner, I take steps to protect my website and my buyers.

When I first began selling online — just a few months into my operation — I received a $3,000 order from South America. At first I was shocked, and happy. Then I was cautious. What if the buyer was fraudulent? I had never shipped directly overseas before. So I did my due diligence and called my merchant account provider. The buyer appeared legitimate. As long as I shipped to the address on file and requested a signature upon delivery I was seemingly protected.

I called the customer to verify the address, but could not reach her on the phone. So I sent an email and received a response right away. Things seemed on the up and up, until I shipped the order. UPS called me stating that it could not deliver to the address, the customer refused the duties, and UPS needed a phone number to call her. I again tried calling, without success. So I sent her another email, requesting that she call UPS. A few days later the customer picked up her packages, signed for them, and paid the fees. Within a week, I was hit with a $3,000 chargeback for an unauthorized purchase. Even with the buyer’s signature on delivery and being on camera at a UPS location, I lost the case.

Since then, I have had a sprinkling of fraudulent orders and I’ve worked with law enforcement. To protect my company from these types of orders, I’ve developed the following nine checks.

  • Develop policies that I am comfortable with. I state on my site that I do not accept orders from unverified and unconfirmed PayPal accounts. I also state that orders require a signature at delivery. If a customer demands that you break your own policies, it should be a warning.
  • Monitor all orders. Some websites are automated, with orders going directly for fulfillment. I do not do this with my company. I take the time to look over all orders. If an order looks suspicious, it probably is. You know what your normal orders look like. If an order seems unusual or strange in any way you may want to take further steps before accepting it.
  • Utilize the AVS and CVV verification systems. If the credit card address information is coming up as incorrect, you may want to investigate. Sometimes customers misspell or abbreviate a street name; maybe they moved or perhaps they mistyped the numbers. I typically will Google the address to see if it is a legitimate location. I’ve had customers type, for example, “Main Street” when it is actually “Main Street East.”

So, verify the address exists. Then call the customer. Let him know you want to confirm the address because you were notified by the credit card company that it was incorrect. Tell him you want to make sure he receives the package.

  • Be wary of rush orders and overnight shipping. This is especially the case when shipping to a different name and address than what is on the credit card. There is a limited time window from when a credit card is stolen to the time it is reported. I’ve learned that some overnight and rush orders were because of this. If in doubt, call your customer and ask her when she needs to order. Explain you can offer her cheaper shipping options or explain you want to ensure it gets there in time. Whatever you use as an excuse, don’t let the customer think you’re calling because you’re suspicious. Use the call wisely to gather more information about the order.
  • Check the IP address and email address. If an order looks suspicious, check the IP and email address. I recently had an unusual order that illustrates this point. The order was billing to a California address, shipping to a Pennsylvania address, and the items didn’t seem like a typical order. The buyer used a business email address; I checked it and it was from Taiwan. When I checked the IP address, it was from China. The order didn’t originate from either of the U.S. locations. So I canceled the order.
  • Be cautious with international orders. Certain countries from Asia and Africa are known to have higher instances of credit card fraud. International credit cards also can’t be confirmed via the AVS system. Therefore, use care when shipping overseas.
  • Ship with signature confirmation. If you are selling expensive items, always secure a signature upon delivery. For the extra few dollars it costs for this service, it may benefit you in the case of a chargeback, especially in the case of so-called friendly fraud — when a legitimate cardholder purchases products and then fraudulently claims he never received them. Check with your merchant account provider to determine what dollar threshold is required for signature delivery. I also email customers letting them know their package will require a signature for delivery.
  • Use fraud protection services. There are companies that offer fraud protection and monitoring. Unfortunately, the ones I’ve priced cost more than the amount of fraud I actually experience per year. Weigh your costs and benefits before using a fraud-protection service, in other words.
  • Contact the customer. The best fraud prevention I’ve found is actually calling the phone number(s) on the order. Be wary if the phone doesn’t ring, or you get a computer message that the number is unavailable or out of service or is no longer valid. Be equally wary if you call and leave a message and the customer doesn’t call back. Many fraudulent buyers will not communicate information over the telephone because it can be traced. They will, however, use email. Request a valid phone number via email, and then call that number.

One time I was suspicious of an order. I could not reach the customer. So I searched the Internet for the billing address and found a phone number that matched the name of the billing address. When I called, I spoke to elderly gentleman who just had his card stolen that day. I immediately canceled the order and gave him my contact information to give to the authorities.

These nine steps above require a bit of legwork and investigation. But when it comes to your business, it’s better to be safe than to lose thousands of dollars in sales and inventory. Since implementing these steps, I have become better at identifying suspicious orders. I have nearly halted fraudulent sales.

Erica Tevis
Erica Tevis
Bio   •   RSS Feed