March 17th, 2010 by Jamie Estep
30 Second Fraud Checklist for Ecommerce Merchants
Credit card fraud and online ordering fraud has hampered ecommerce merchants since the first credit card payment was taken over the internet. Because fraud is still successful, and because there is virtually no way to go after someone you suspect of fraud, it is still a plague to website owners trying to run a business on the internet. Online fraud is especially troublesome to online retailers, because they end up losing twice, first when the merchandise they shipped is not recoverable, and second when the real cardholder makes a chargeback. Now they lose the merchandise and the money they would have collected for it. There are numerous fraud screening applications designed to help ecommerce merchants prevent accepting and shipping fraudulent orders. However, many ecommerce sites aren’t even covering the most basic of fraud screening principals.
Here is 10 items that should be checked on every order before shipping. If you do nothing else for fraud screening at least cover these basic principals to help prevent some of the more obvious fraud.
If any of these are true, it’s a good idea to further review the order, or contact the person making the purchase before shipping.
- Billing and Shipping Addresses Don’t Match
- Requesting Overnight Shipping
- Order is for Multiple Quantities of the Same Item
- Items Being Ordered are Mainly of High Value
- Order is for Uncommonly Purchased Items
- Different but Related Products Being Ordered
- AVS and/or CVV Verification Failed
- Customer Made Several Unsuccessfully Attempts Before the Transaction was Approved
- Customer’s phone number and/or email look unconventional
- Order is Being Shipped to Africa, Asia, or Eastern Europe
1. Billing and Shipping Addresses Don’t Match
This should be the first sign of potential trouble. While not impossible, it is rare for fraudulent orders to be shipped and billed to the same address. Someone making a purchase fraudulently will often have the item shipped to a forwarding address or other location that they are not personally associated with.
It is common for shoppers to ship to their home or business address which may be different from their billing address. Nevertheless, it’s a good idea to at least take a look at orders that do not have matching shipping or billing addresses. If an order is being billed to Omar Patel in Houston, and being shipped to John Smith in Seattle, you may want to ask why…
2. Requesting Overnight Shipping
While it’s completely reasonable for a customer to want their order ASAP, expedited shipping is a very common trait of fraudulent orders. The thief needs to get the merchandise as quickly as possible before a chargeback is made. With slower shipping methods, the merchant has the opportunity to halt the shipment if they receive a chargeback, or identify the order as fraud, which would make nullify the efforts of the thief.
3. Order is for Multiple Quantities of the Same Item
Many times, fraudulent orders are made with the intention of reselling the merchandise on eBay, Craigslist or locally. Multiple items make an easier sale and easier money especially if the items are in high demand.
Depending on your industry you may often get orders for multiple items, so this rule applies much less to some industries. For us, we often get orders for 10 or more credit card terminals as many businesses have multiple locations. Over time, you should be able to better identify common ordering trends.
4. Items Being Ordered are Mainly of High Value
As with above, since many fraudulent orders are placed with the intention of reselling the merchandise, the most expensive merchandise often yields the greatest rewards. The merchandise can be quickly sold and the thief can makes a decent profit even when discounting 50% or more. The higher the value of the merchandise to you, the higher the value to someone trying to steal it.
If your average order is $200, you should definitely take a closer look when someone places an order for $10,000. Also, keep in mind that the larger the order, the more damage to your business if a fraudulent order is successfully placed.
5. Order is for Uncommonly Purchased Items
I’m not entirely clear on the reasoning behind this, but it’s not uncommon for fraudulent orders to be for items that are rarely purchased. Most likely it is due to careless research on the thieves part. If you sell thousands of orders per year and have never sold some particular item, I would be suspicious when someone comes along wanting it. There’s usually a reason why some products sell a lot and why others never sell. It’s not common for only 1 customer ever to be interested in an item that you offer.
New ecommerce sites will have a hard time with this rule, but once you establish some sales history and if you really know your products, it’s easy to spot and flag orders with uncommon items in them.
6. Different but Related Products Being Ordered
Let’s assume you sell LCD TV’s online. It’s very common for someone to come along and purchase a single TV. Maybe you have a sale and someone purchases several TV’s on sale, still a completely reasonable scenario.
Now, let’s say someone orders 5 TV’s, and every one is a different brand and size. This should immediately raise a red flag. Yes, it’s possible that someone wants 5 completely different TV’s, but purchasing products like this is not a common shopping or even human behavior and warrants further investigation.
7. AVS and/or CVV Verification Failed
While the majority of the largest ecommerce sites still do not require CVV, it’s a really good idea for you to. If your customers are US based, requiring a positive AVS zip code match is also a good idea. AVS verifies the address of the cardholder, and CVV verifies that the person placing the order has at least had the physical credit card in their possession. Even if the card number was stolen, odds are the thief does not have the CVV number unless the entire card was stolen. If the entire card was stolen, there’s a good chance that the owner would have canceled it already. CVV costs nothing, and I strongly recommend all merchants to at least require it to be submitted. Because the number can be worn off the card, I do not always recommend a positive match, but this is something you need to assess specifically for your business and your customers. When in doubt, require it!
8. Customer Made Several Unsuccessfully Attempts Before the Transaction was Approved
This works in conjunction with AVS and CVV verification. If someone is attempting to place orders using a stolen card, it’s common for several declines due to an incorrect address, expiration date, or CVV. Keep a close eye on customers that submit multiple declined or AVS/CVV mismatch transactions. 1 or 2 errors may be common, but if you start seeing a group of attempts it may be a sure sign of fraud.
If you start seeing hundreds or even thousands of attempts it is almost certainly an entirely different type of fraud called carding. This type of fraud can be very costly to your business even if you never lose any merchandise, so it’s important that you promptly address and correct the situation that is allowing it.
9. Customer’s phone number, email and/or shipping information look unconventional
You wouldn’t believe how many times fraudulent orders use incorrect, fake, or just plain goofy email addresses, phone numbers, and ship-to information. If you get bounced receipt emails, see an email like fbi.gov, see phone numbers like 555-555-5555, or are shipping to Mickey Mouse, you should probably be concerned about the order being fraudulent. Additionally, if the phone number contains a country code, or incorrect area code, there’s a good chance that someone just typed the first digits they could into the phone number box.
Most business and personal land-line phone numbers can be researched just by entering them into a google search. At the very least you can figure out if the area code matches the billing or shipping address, and if the number is actually valid.
10. Order is Being Shipped to Africa, Asia, or Eastern Europe
I don’t want to discriminate against people in any particular country, but it’s a fact that a lot of fraud originates in a few select regions and countries of the world. Unless you have experience in international-commerce, it’s a good idea to only cater to your own country, or ones you know and trust very well. I wouldn’t even consider shipping a product to most African countries, East Asia, Eastern Europe and Russia. Also, some areas like Amsterdam are notorious for credit card fraud. Be very careful when accepting international orders.
Even if an order isn’t fraudulent, international orders can introduce a multitude of additional customs, credit card processing, and legal requirements, and can make processing returns very difficult. Something as simple as shipping from the US to Canada, can present a number of problems and costs that many website owners are not prepared to deal with. I strongly suggest doing a lot of research and finding someone who has real experience before venturing into international shipping.
I can guarantee that every online merchant will face some form of credit card fraud. Credit card fraud is a minor inconvenience to some, and will end others’ online ventures. Not all merchants need to use some of the more advanced fraud screening methods out there, but everyone should cover the basics.