Recent reports indicate a slight drop in domestic online credit card fraud. In a conversation with my good friends at CyberSource, they had this to say: “While UK merchants saw a slight uptick in fraud rates, online merchants in the United States and Canada remained steady at 0.9% in 2010 for the second straight year.” This may be good news for US e-commerce merchants – but certainly no time to drop your guard.
Here are some practical tips to help identify and reduce fraudulent order fulfillment. First – create a system whereby your staff can quickly identify and flag orders for “fraud screening”.
1. Flag ALL orders that are set for Overnight or 2-Day shipping. Usually, the perpetrators of fraud want their items FAST so there is little time for vendors or victims of fraud to react.
2. Flag ALL orders where the “Bill To” State is different than the “Ship To” State.
3. Most businesses find that particular products or product categories are more frequent targets for fraudulent transactions. For example – in the footwear world – Timberland boot and high-end Nike sneaker orders represented over 30% of all fraudulent orders from 2005-2008. Have your team keep an eye on trends and compile a product “watch list”. (the TSA may want to take notes on this one!)
Have a physical “checklist” for your team to use so that they can quickly and efficiently pre-screen the orders that have been flagged for review.
- Check for discrepancies in Bill To and Ship To addresses. Most fraudulent orders will use a different bill to than ship to. To prevent this, some merchants require the bill to and ship to to be the same. That way, if the person is using a stolen credit card they are required to at least ship the product to the billing address. This is not practical for all merchants since more and more shoppers have items shipped to work addresses. Therefore, a review process becomes a necessary evil.
- Are the Bill To and Ship To names significantly different?
- Are the Bill To name (“Julia Johnson”) and the email address (“George3456@ aol. com”) totally unrelated?
- Does the contact phone number look legitimate? For example – your item is shipping to CA, but you see a (212) area code (NY) in the phone number field.
Most orders, when reviewed for simple discrepancies, will be deemed good to go and can be inserted back into your normal fulfillment process. But since the screening process should be a quick step – it is usually well worth it to be more cautious than not. So…you have a stack of 20 orders that still look suspicous…what next?
1. First things First – CONTACT THE CUSTOMER! Have an email template ready to roll – add all email addresses to a BCC and send. The email should be something like: “we appreciate your business very much…as part of our quality control process, your order was flagged for order verification. We will hold you order for “x” days or until you respond to confirm the order…” (now, whether you really do HOLD or SEND the order is up to you). Most of the time, you will NOT hear back because the email address was totally illegitamate. Email a followup to the customer in 2-3 days to let them know that the transaction will be cancelled “for their protection” due to fraud screening process. In the rare cases where the order ends up being legit, the buyer will typically appreciate that you cared about “protecting” them against fraud.
2. Another easy step is to do an online search for the phone number. Did you know you can Google a phone number? If the Bill To address is Syracuse, NY and the phone number you searched comes back as a cell phone in Reno, NV…it’s a safe bet you have a fraud case on your hands. So MAKE THE CALL…9 times out of 10, this step will answer the question pretty clearly for you.
3. Check the IP address of the transaction: In most cases, your sales report will tell you the IP the address the order came from. If the order is shipping to Canada but it was placed from an IP in Nigeria, the big RED FLAG should be going up!
4. AVS/CVV Codes: Get familiar with the codes that your gateway or processor uses to verify the credit cards when it comes to matching the CVV2 number and the billing address. A quick check of the codes for the transaction may show a mismatch, which you may or may not have set to automatically reject. If you review these daily – you WILL see a clear pattern of processing codes associated with suspicious orders. GET TO KNOW these patterns – it will save you a ton of money on chargebacks!
5. Compile a list of “DO NOT SHIP” countries. You will find that there are some countries where fraudulent transactions are rampant. For example, most online retailer will tell you that if you can help it…do not even offer shipping to Nigeria, Eastern European countries and Russia to name a few.
6. Don’t be afraid to ASK FOR PROOF: you typically won’t need to go this far…but when communicating with the buyer, you can ask them to send in whatever he/she used for proof that he/she is indeed the customer. Do this ONLY if you are talking to someone, but you still have reason to have a strong suspicion. You can ask for:
- FRONT/BACK of Credit Card Used
- Copy of License/Passport ( if international)
- Verification of address or home phone number
I have used these and a variety of other “Best Practices” and have found them to be very effective. Merchant processors such as Authorize.net, Google Checkout and PayPal or even shopping cart packages from Magento, asp.Net, ChannelAdvisor or UberCart will provide additional tools you can implement to curtail online fraud. While nothing can be 100% fail-proof, following a strict fraud-screening process EVERY DAY will save you a ton of money and lots of heartache in the long run!