There are always new statistics coming out showing how e-commerce is growing. More and more retailers are getting online and selling. The flip side of this is that credit card fraud through online sales is on the rise too, so what can you do to spot fraud and protect your business from it?
Common fraud identifiers
In my experience across multiple stores with different payment providers, there are a few very common ways of spotting credit card fraud:
- Using a stolen credit card through PayPal Express Checkout as an anonymous user. There are legitimate users making their purchase this way, but PayPal doesn’t make any of the credit card details visible to you, which leaves you open to fraud, so if you use PayPal Express checkout, watch for unregistered users.
- A billing address in one country but the delivery address in another. I’ve seen fraudulent transactions shipped to many countries including the USA, Canada and England, but the most common countries that fraudulent transactions will list as the delivery country are Indonesia, Malaysia and Austria.
- Big orders. Credit cards expire, and as soon as the victim discovers something is wrong, the card will be cancelled, so fraudulent orders are often big and often include multiples of the same products.
- Fast shipping. Generally, fraudsters will go for the fastest shipping method, no matter what the cost. This is even the case on big international orders where shipping might add up to hundreds of dollars. They don’t care though because at the end of the day it doesn’t cost them anything, only you.
- Warehouses and freight forwarders. Often fraudulent transactions will be shipped to warehouses, freight forwarders or somewhere else that can quickly move the product on without making the fraudsters actual address visible. Check Google Maps, satellite view and street view where possible if the address seems fishy.
- Multiple failed transactions. Depending on your software these may not be visible, but some payment providers and e-commerce systems show a list of failed transactions, such as if a customer attempted to pay for an order 3 times on different cards. This can be a big clue as to it being fraudulent, especially if the billing details change each time!
- Multiple purchases close together. They may have more than one card or be unsure of how much is available on a card, so they place multiple purchases, often within minutes of each other, often going to the same address (but not always, sometimes it’s just the delivery name that is the same).
What can you do to protect your business?
There are tools made available by most payment providers, some are visible to you, like the Beagle anti-fraud software provided by eWay. Others are not visible to you, such as PayPal’s fraud detection algorithm’s. These tools can be handy, but they should not be relied upon, fraudulent purchases get past them every day.
My top tips, no matter what payment provider you use are:
- Check the delivery country. If it is a country you have experience fraud from before, or even if it is just different to the billing country you should definitely look closer at this transaction.
- Check the delivery name. Often products are ordered as gifts for family or friends, but if the order is going to a different country to the billing country, then you should be extra cautious if the names don’t match up. If in doubt, call the billing contact.
- Watch for large orders, especially with multiple identical products. Some are legitimate, but most aren’t. If in doubt, call the billing contact to verify.
- Watch for fast shipping. If an order is big, going overseas and is using the fastest shipping method, it most likely is fraudulent.
- Verify the delivery address. Always verify the delivery address, even go as far as looking it up on Google Maps or some other mapping service and checking the street view if it is available. If it looks suspicious, it may well be.
- Check for failed transactions around the same time. If there is more than one attempt at the same purchase around the same time with multiple failed attempts, investigate further to find out why. It may have just been insufficient funds, so mum grabbed dads card instead. It could, however, be attempts at running a few different stolen cards.
- Check for other orders. Is this a repeat customer? Have they ordered legitimately from you before? If so it’s likely fine, if not though and if the same customer has placed multiple orders close together, it could be fraudulent.
- Check the email address. Is it a free email service? If so, it is more likely to be fraudulent than one at a custom domain name or business email address. Does the email address match up with the billing contact at all? For example, [email protected] could be the legitimate email address of John Doe.
- Check their IP address. This isn’t always possible, but some services and software will automatically record and make the customer’s IP address visible to you. Look it up and see if it matches the billing country, or even better, the billing city. If not, it’s likely the order was placed somewhere else and may be fraudulent.
What fraud-prevention services do payment providers offer?
Some services provide greater transparency than others and can make the process of determining fraudulent purchases much easier.
PayPal does a reasonable job of detecting fraudulent purchases and reversing them, but this does sometimes take more than 24 hours. By this time you may have already shipped the order, so definitely don’t send out any orders that may be suspicious without waiting a couple of days first.
As PayPal doesn’t let you view any of the purchaser’s actual details bar the address they enter, you can only check if it is verified or not. If it is verified it is most likely legitimate. If not, then you have reason to be cautious and should investigate further.
Paymate offers their own fraud-detection service, along with limited details about the purchaser, such as their IP address. Sometimes they will hold potentially suspicious purchases for a few days before they accept it, so your best bet is to wait until they approve it and deposit the funds into your account. Never ship anything until it is marked as approved by Paymate.
eWay provides their Beagle anti-fraud service, but it only picks up a small percentage of actual fraudulent transactions. In addition to this, they offer in-depth information about each transaction. Based on the card details, eWay attempts to display the issuing bank, the bank contact number and the country the card is from. It also records the purchasers IP address and analyses what country, city and ISP the IP address belongs to so you can compare it with the billing address. This takes a little more human intervention on your part, but it allows you to make a very informed decision about whether or not a transaction is likely to be fraudulent.
American Express offers an address verification service where you can call up to confirm the billing address you have received matches the address on the card.
Your Merchant Facility Provider
Some banks will call if a transaction is flagged by their fraud department, but again this is something that shouldn’t be relied on for detection of all fraudulent transactions, especially since banks will generally put the onus on you to deal with fraud yourself. Some banks also offer an address verification service, but not all.
Always be vigilant. Many legitimate orders fit into many of the fraud signs above and if you reject all of them you would hardly sell anything. Watch for the signs though and if you are suspicious, you are probably right to verify it in every way you can. If you suspect it is fraudulent, just reverse the transaction, you don’t want to be hit with a chargeback and associated fees later on or risk losing the product value and shipping costs.