Tech-Evangelist

Technical Articles, Musings and Opinions from Tech-Evangelist


Red Flags for Fraudulent E-Commerce Orders

By - Copyright - All Rights Reserved

Every on-line merchant needs to develop a list of transaction issues that should trigger deeper scrutiny of an order. Let’s face it, due to the anonymity of the Internet e-commerce fraud hits almost every merchant to one degree or another. Even if a credit card company approves a card as valid, if the card is later found to be stolen or the card owner claims he or she did not order a product, the online merchant most often gets hit with a chargeback and must absorb the loss.

It is wise to develop a checklist to be used to scrutinize every order for signs of fraud. If an order raises suspicion, it should be held and further verification should be pursued. The following is a starter list of issues that should flag an order for scrutiny.

  1. The billing address is in Florida, but the IP address of the user is in Romania. It’s very easy to capture the IP address of a user and verify its point of origin using one of the many Geo IP locating services or software on the Internet. This is not likely to catch professional thieves. Profession online thieves may use proxy servers to disguise their true IP address, but it will catch most of the less sophisticated thieves. Always capture the user’s IP address and verify the country where it is registered. If you only ship orders to USA addresses and the user’s IP address is registered to a country with a high fraud rate, the chances are good that the order is being shipped to a freight forwarder or drop house where it will be sent elsewhere. There are numerous free sources for verifying IP addresses on the web, such as IP2Location. You should not automatically eliminate all order from foreign sources. Sometimes there are legitimate reasons for a person in Europe to ship a gift to someone in your native country. Just consider the user’s geographic location before you approve an order.
  2. The billing or shipping address cannot be verified. About 5% of people placing orders do not appear to know their own mailing addresses. Mistakes are common and orders can be lost or delivered to a wrong address. There is also the issue of pranksters with stolen credit card who think it is funny to send orders to fictitious addresses. Most addresses can be verified through Switchboard.com, 411.com, the US Postal Service web site and numerous other sources.
  3. Look for numerous misspellings on an order. While many legitimate buyers just cannot spell correctly, it can also be a flag that the order originates with a non-native language speaker.
  4. Develop a list of high-risk countries from which you will not accept an order under any circumstances. High-risk regions of the world include Russia, Russia’s former Eastern block countries, anywhere in the mid-East, Korea, China and Pakistan. There are plenty more.
  5. Verify the telephone number to see if it originates in the billing address area. There are numerous free online reverse telephone number lookup services that may tell you the address associated with the number. You can use Google to look up an area code in the US. Just type the area code in a Google search box.
  6. Always have a specific order size that automatically triggers a review. For many merchants it is $100 or $200. It could be a percentage over the average size of an order. Thieves tend to go for larger than average order sizes.
  7. Always verify an order that ships to a location other than a verified credit card billing address. This is especially necessary for first-time buyers.
  8. Scrutinize all orders requesting overnight delivery. Most customers will not want to pay the higher shipping price for overnight delivery, but if the transaction is fraudulent and the scammer will not be paying for it, it is in their best interest to get you to ship the order as quickly as is possible.
  9. Develop a history file for repeat customers. This can be used as a quick check for orders. If a customer has ordered from you six times over the past two years and always shipped to the same address, the chances are that the order is good.
  10. Always obtain a telephone number from the buyer and call it if questions about an order are raised.
  11. Develop a history file of postal codes and area codes where fraudulent orders have originated. Scrutinize all orders with billing or shipping addresses in these areas.

If you develop your own computer applications in house, it is fairly easy to build fraud screening into the ordering process. Many larger merchants either subscribe to a fraud screening service or they develop in-house systems that may check dozens of order behaviors. If your credit card company or merchant account offers fraud screening of orders for a reasonable fee, it may be worthwhile to purchase the services.

Regardless of which methods you use to screen your orders, realize that successful thieves are very creative and fraudulent e-commerce orders that they place will be hard to detect. No fraud detection method is foolproof, but even a rudimentary system is better than none at all.

If your average sized order is $50 and a first time buyer orders $300 worth of merchandise using a shipping address in a different state than the billing address, and the IP address indicates the user is in China, what should you do? If you don’t know the answer to that, you most likely will not be in business very long.