Stop, Thief! – 7 Tips To Fight eCommerce Fraud

Written by: John Johansen

Ding ding ding! The fight has begun – your eCommerce business vs. fraudsters. Who will be KO’ed – you or the fraudsters? Lets hope these 7 Tips To Fight eCommerce Fraud will help you become the easy victor in this battle.

 

Too Good to Be True

If your business typically sells low quantities of items and suddenly you see an abnormally large sale, use your best judgement before processing and/or shipping the order. Know your customer. Does it make sense for this particular customer to purchase a wholesale or bulk order? Do your due diligence with verifying the order and the customer – don’t be blinded by the sale. Fraud sales lead to chargeback fees, lost product and invites additional fraud attempts. Use rational thinking – if it seems too good to be true it probably is.

 

Validate Orders

If you are uncertain of a transactions validity, verify it. There are multiple free tools you can use on the internet to verify the validity of a transaction. Check the shoppers address and phone number on sites like WhitePages.com or Spokeo.com, search the email in Facebook for possible matches, and don’t forget about Google! A simple Google search on most shopper data will produce a result. But, if nothing can be found about the shopper on the internet you can always call the customer to verify the order. A good verification tactic is to ask the shopper over the phone to verify the billing address associated with their credit card, followed by asking them to name the cross streets associated with their address. (You will need Google Maps open to confirm their answer). Although this is not guaranteed to identify fraud, it is a good technique to determine if the customer is who they claim to be.

 

Common Sense Makes Sense

There is a lot of gray area in fraud, not everything is black and white. One order could be fraud while a nearly identical order could be valid. Use common sense while reviewing your transactions, look for red flags that make an order looks suspicious. Some examples: If XYZ Corporation makes a $10k purchase in computer software, then their address should probably match their business address (that you can find on Google) – not a residential address. If your customers name is Mike Smith why is his email BrianJones@gmail.com? Your customer has attempted to use 6 different credit cards before finally getting an order to process, why/how do they own 6 different credit cards? Your customer lives in Seattle, WA and is shipping to Miami, FL, both addresses belong to different names in white pages, how do they know this person? Fraudsters always want to try to outsmart you, but if you do your due diligence with researching their orders, you should be one step ahead of the game.

 

cybercrime_1585255

Maintaining a Blacklist

A blacklist of key data points such as credit card, email address, shipping address etc. is key to avoid future fraud transactions from processing. If you’ve had a fraud transaction from a specific email address in the past – blacklist them! Don’t let fraudsters run your site. Blacklisting the email address can automatically decline future transactions from processing and keep your company in the clear. Not only is it important to create this blacklist, but it is also important to maintain the blacklist. If you accidentally blacklist good customer data (a false positive) you will prevent them from successfully purchasing in the future. Make sure you are reviewing your declined transactions that have been cited for fraud by being on the blacklist – some may be false positives, remove these to ensure a good customer experience for those who may be on the list accidentally.

 

Rule Performance Tracking

Regardless of if you are using a fraud tool or just monitoring your transactions as they come in, it’s important to track how well the rules and methods in your system are stopping fraud. You obviously want your fraud rules to impact the least amount of good orders while stopping the most amount of fraud orders. A good process to analyze a rule’s performance is to look at the percentage of fraud transactions that the rule has tripped along with the percentage of non-fraud transactions that the rule has tripped. Your top performing rules will trip a high percentage of fraud while simultaneously tripping a low percentage of non-fraud transactions. Optimizing your rule sets will reduce the time spent on manually reviewing orders and cut down on false positives, ultimately enhancing your customers’ experience.

 

Update Rules

As fraud trends change and different fraud rings attack your website, you will need to adapt and change with them. The fraud your site was exposed to last month will evolve and you will need to identify the changes and adjust your rules. Reviewing your declined transactions frequently will give you a glimpse into what fraud trends your site is currently vulnerable to. Examine this data carefully and try to find patterns to the fraud transactions you are seeing and create rules to combat this pattern. For example, if you have multiple fraud orders from different yahoo.com emails shipping to Scottsdale, AZ, create a rule or monitor all transactions with Yahoo email domains shipping to AZ. Leaving your rules stagnant will allow fraudsters to identify what rules you have in place and bypass them by altering their shopping patterns.

 

Identify Why Fraudsters Would Target Your Business

While creating fraud rules and reviewing your orders keep your business in mind – you know your business and product better than anyone else, and should be able to identify trends in them as well. Your best selling products will most likely be the biggest target from fraudsters. However, sometimes this isn’t the case. You may sell the world’s greatest bicycle, but it may not be the item fraudsters will target. Often times they will target the items that they are most easily able to resell – the majority of fraudsters are not stealing from you to keep the items they steal, rather, to make a profit off of them. The world’s greatest bicycle may be why your business is in business, but the fraudster may see your $50 top of the line bike lock as the most profitable target. Fraudsters also know merchants use fraud tools that implement high dollar thresholds. Fraudsters will keep order totals lower to not trigger these high dollar thresholds. And don’t forget about credit card testers. Maybe your business does not sell a physical good or service. Perhaps you sell a subscription with a low initial charge or trial period that requires a small dollar charge. Credit card testers will process multiple attempts using different credit cards on these small dollar transactions, testing the credit cards validity to later use or resell the credit card somewhere else. While this type of merchant may not be at risk of product loss, they will be at risk of chargeback fees, and possible credit card processor or network scrutiny for passing through fraudulent credit card transactions. This can result in numerous related fees and even be place the merchant at risk of losing the ability to process credit cards.

 

Not sure why this applies to you? Check out our blog on EMV and why this is causing fraud concerns for eCommerce businesses: educate yourself.