Did you know that as a merchant, you’re responsible for preventing fraud on your store? The Wall Street Journal reports that fraudsters are targeting online merchants more and more, amounting to $16 billion in total losses. And when fraudulent online purchases happen, it’s the merchant that is held liable. This means your store could get hit with expensive losses that will be your financial responsibility. Luckily you can protect yourself — and your bottom line — with a little know-how.
As you may know, card issuers have begun to roll out EMV enabled chip cards. These chips are helpful, but only helps cut back on fraudulent activity when the cardholder is present and the chip is inserted into a chip-enabled terminal. What the industry has learned over many years is that fraudsters will generally exploit the path of least resistance – or least risk to themselves. This means that as chip-enabled cards continue to roll out, ecommerce and mobile credit card fraud will be the most obvious paths criminals follow.
Credit card chargebacks and lost merchandise as a result of fraudulent transactions can be costly, and in the case of many small businesses, can cause a severe financial and operational strain. It's important that you know what a high-risk order looks like before you choose to capture payment on the transaction and fulfill the order. This may vary depending on your business model. Since merchants are liable for all the transactions they choose to capture – and because chargebacks can sometimes come in several months after the date of the transaction – by the time you realize you have been targeted and accepted a number of bad orders, you could be looking at a significant loss of inventory and revenue.
As an ecommerce merchant, it's important to be educated about credit card fraud. If you're new to ecommerce credit card processing, or have just been lucky enough so far to not be heavily impacted, please know that now is the time to boost up your fraudulent order review processes before it's too late.
Use extra caution when addresses don’t match up.
One red flag in regards to fraud is if the billing address and shipping address on an order don’t match up. That’s not always the case, of course — some people will ship to work addresses or family members — but if the addresses are different it won’t hurt to take a second look at the order.
Always examine the billing address prior to shipment.
If you’re already a Volusion merchant, the Address Verification System checks orders against street address and zip codes. But even when that comes back clear you should take a look at where you’re shipping the order. If the order needs to be shipped outside of your normal service area or is going to an unfamiliar country, you should double check to make sure nothing else looks suspicious.
If the order is going to an unfamiliar country, you should double check to make sure nothing else looks suspicious.
Additionally, if you receive a very large transaction through your website from a first-time buyer, it may be fraudulent if the customer is requesting to ship it to an address that is different than the billing address.
Perform a reverse lookup.
If an order is looking somewhat shady, you can always perform a reverse lookup on the phone number or billing address. This could be as simple as entering the customer’s information into Google and seeing what comes up, or using a tool like this one from Whitepages. If the results seem innocuous, you’re probably good to go, but if they come up with no results or a weird address you should take a closer look.
Check the IP and ISP
Be certain the customer’s IP address (a unique number assigned to a computer) address and Internet Service Provider are fairly close to the billing address. (Here's a handy tool you can use!) If the billing address is in Atlanta but the IP address is coming from Russia, you may have a fraudster in your midst.
Be wary of orders from certain parts of the globe.
Some parts of the world are more likely to be the source of fraudulent transactions. Watch out for international orders from high-risk regions such as Southeast Asia, the Middle East, Africa, Eastern Europe and Central America.
Keep an eye out for failed order attempts.
If a purchaser has tried and failed to place multiple orders with your store, there’s a good chance that they might be trying to defraud you. If you notice that a transaction has several previous declined attempts, and that each payment attempt has a different billing address and credit card number used, you’re probably being targeted with a fraudulent order.
Keep an eye out for orders with an originating IP address that is in a different state (or country) than the billing or shipping information on the order.
Look at the IP Address
Keep an eye out for orders with an originating IP address that is in a different state (or country) than the billing or shipping information on the order. Additionally, Volusion’s IP firewall controls traffic to your storefront and your Admin Area, blocking harmful and malicious visitors.
Look at the email address.
Be wary of email addresses that contain random-looking character sequences, especially addresses provided through free services like Yahoo, Gmail or Hotmail. Of course, lots of people use these services, but if the email resembles something akin to “[email protected],” it might be fraudulent.
Look at the card name.
Look closely at any order placed with an email address that includes a different name than the cardholder’s. Often fraudsters will steal credit card information but use their own personal email to track orders.
Be cautious with orders that have unusually high transaction totals.
Look at the numbers.
Be cautious with orders that have unusually high transaction totals. Many fraudsters will attempt to get you to ship a big order and they’ve moved on to the next victim before you even know it. Everyone wants a big payday, but if an order turns out to be fraudulent it will unfortunately be up to you (and your wallet) to fix the problem!
Check the order’s Fraud Score
Volusion offers a Fraud Score service to automate checks, as well as performing an analysis to include verification on devices, identity, physical location and cart details. You can easily and quickly approve each store transaction with more confidence and assurance that your orders purchases are authentic and real. This service is included with every plan for the first 10 orders of every month.
It's essential that you have a plan in place and that you know what a high-risk transaction may look like.
Think Back
If you correlate your order details and notice that previously identified suspicious transactions or declined order attempts have similarities to some of your other orders that you have captured payment on, be alert. The similarity could be something like a similar IP address, email address, phone number, shipping destination, order notes, product type, etc.
It's essential that you have a plan in place and that you know what a high-risk transaction may look like.
Here are some potential indicators of transactions that are at a higher risk of being fraud:
- First time customers that your don’t have an established relationship with
- Any order requesting expedited or overnight shipping
- Orders that do not have a good AVS response
- Any previously declined orders prior to a successful order, especially if the billing information or card number was changed for subsequent order attempts
- Email addresses that are excessively random or where the person’s name in the email address is not consistent with the person’s name on the billing details
Consider doing additional verification when something doesn’t add up. If you feel like something isn’t right about the order, do not capture the payment until additional verification is done.
If it appears to be a business-to-business transaction and they list a business name in the order details or as the email domain, consider doing a Google search on that company to see if the order make sense and if it's located at the address they represent.
Also consider doing a call out to the customer to verify they authorized the transaction. Remember: the number provided to you by the “customer” may be the number of the fraudster. Consider looking up the buyer’s phone number online and using a publicly listed phone number to increase the chances of talking to the correct person. You may also consider searching the customer (or business) online or on social media. Is their location consistent with what they represented and does it make sense for them to order the products that they did?
While fraud may seem scary, it's actually fairly easy to prevent on your store.
While fraud may seem scary, it's actually fairly easy to prevent on your store. With attention and due diligence, you should be able to spot most fraudulent orders from a mile away.
When it comes down to detecting fraud, your best resource is your intuition.
You may have an order that looks completely benign on paper, but something about it just doesn’t seem right. You’re well within your rights as a store owner to reach out to a customer if you have any questions or concerns. When in doubt, give them a call, ask them a few questions and trust your instincts! Most honest customers will appreciate your diligence. Even when you do business in the digital world, there’s no substitute for human interaction.