Now that the Holiday shopping season is upon us, ecommerce merchants will reap the benefits of increased sales and revenues for their businesses. It is a great time of year for ecommerce merchants, but it can also be a very dangerous time. Fraudulent online credit card activity is a growing concern for merchants. With reports showing that fraudulent transactions are at an all-time high, it is safe to assume that fraud will always be a risk during the holiday shopping season.
As you may know, card issuers have begun to roll out EMV enabled chip cards. These chips are helpful, but only helps cut back on fraudulent activity when the cardholder is present and the chip is inserted into a chip-enabled terminal. What the industry has learned over many years is that fraudsters will generally exploit the path of least resistance – or least risk to themselves. This means that as chip-enabled cards continue to roll out, ecommerce and mobile credit card fraud will be the most obvious paths followed.
Credit card charge backs and lost merchandise as a result of fraudulent transactions can be costly, and in the case of many small businesses, can cause a severe financial and operational strain. It is important that you know what a high-risk order looks like before you choose to capture payment on the transaction and fulfill the order. This may vary depending on your business model. Since merchants are liable for all the transactions they choose to capture – and because charge backs can sometimes come in several months after the date of the transaction – by the time you realize you have been targeted and accepted a number of bad orders, you could be looking at a significant loss of inventory and revenue.
As an ecommerce merchant, it is important to be educated about credit card fraud. If you are new to ecommerce credit card processing, or have just been lucky enough so far to not be heavily impacted, please know that now is the time to boost up your fraudulent order review processes before it is too late.
Consider the following scenarios and if you currently have a plan of action in place when they arise:
- You receive a very large transaction through your website from a first-time buyer, but the customer is requesting to ship it to an address that is different than the billing address.
- You notice that a transaction has several previous declined attempts, and that each payment attempt has a different billing address and credit card number used.
- You correlate your order details and notice that previously identified suspicious transactions or declined order attempts have similarities to some of your other orders that you have captured payment on. The similarity could be something like a similar IP address, email address, phone number, shipping destination, order notes, product type, etc.
- You notice that an order has an originating IP address that is in a different state (or country) than the billing or shipping information on the order.
- Orders that are larger than normal for your business model
- First time customers that your don’t have an established relationship with
- Any order requesting expedited or overnight shipping
- Orders that do not have a good AVS response
- Orders that are shipping to an address that is different than the billing address
- Any previously declined orders prior to a successful order, especially if the billing information or card number was changed for subsequent order attempts
- IP Addresses that are not in the same area as the billing information on the order
- Email addresses that are excessively random or where the person’s name in the email address is not consistent with the person’s name on the billing details
If it appears to be a business-to-business transaction and they list a business name in the order details or as the email domain (i.e. email@example.com), consider doing a Google search on that company to see if the order make sense and if it is located at the address they represent. Also, consider doing a call-out to the customer to verify they authorized the transaction. Remember – The number provided to you by the “customer” may be the number of the fraudster. Consider looking up the buyer’s phone number online and using a publicly listed phone number to increase the chances of talking to the correct person. You may also consider searching the customer (or business) online or on social media. Is their location consistent with what they represented and does it make sense for them to order the products that they did?
If you would like more information, please take a moment to review the Volusion Fraud Prevention Guide, which will help outline some additional steps you can take when verifying an order.
– Sheldon Cheyney & Jeremy White