Ecommerce Fraud Prevention – How To Protect Your Business
BY SHABBIR
Back when Fish Finder Source was an ecommerce store, there was one period of time where I received a ton of fraudulent orders. Unfortunately, I was new to this then, and in the excitement of receiving orders, I fulfilled them without really vetting them.
As a result, I received a string of chargebacks that nearly meant losing my business. A chargeback is when someone calls their bank or credit card company and informs them that they don’t recognize a charge on their statement.
Here’s an eye-opening statistic. In 2012, ecommerce fraud cost merchants a staggering $3.5 billion!
If this happens, the bank will immediately return those funds back to the customer. But where do they get those funds from? Your and my pocket! In the event of a chargeback, the bank will deduct the funds back from whoever they were charged to without even asking the merchant for their side of the story first. How can the bank access your funds? Through your merchant account!
On top of that, you’ll be slapped with a penalty, and you’ll lose a little bit of your credibility. This information actually gets attached to your EIN number, so it sticks with you for good.
Chargebacks are not permanent – merchants can fight them, but the process is long, and even if it comes out in your favor, the fact that you received the chargeback still sticks.
The reason you lose credibility is that ideally, a chargeback should only happen when a merchant commits a fraud on a customer – either not delivering the goods, or falsely advertising their products. So more chargebacks ideally means we aren’t doing our jobs as merchants.
With too many chargebacks(most merchant accounts have a set percentage they allow for per month), you’ll lose your merchant account(as I did mine) and since the data is tied to your EIN number, you’ll have a very hard time getting a new one anywhere.
Now this system is in place to protect consumers – but it is completely consumer-centric, and is built very unfairly for merchants, so some unscrupulous individuals take advantage of this at our expense.
Two major types of chargeback fraud
As a merchant, you’ll face two types of fraud most of the time.
- A cheating customer buys a product from you, you ship it to them, and when they receive their statement, they’ll claim the charge from your store was not recognized. The bank blindly returns them your money.
- Somebody buys something from your store using a stolen credit card. You ship the item to the thief, and when the original cardholder gets their statement, they don’t recognize your charge, and claim a chargeback.
Dealing with the first one is very easy. Most merchant accounts have a process for you to submit documents that prove you are in the right. Usually, these documents are your original invoice and proof of shipping.
Dealing with the second one gets a little tricky. It’s hazy because you never really know whether the card was truly stolen or not – the only thing you can do after the fact is submit your documents and hope for the best.
Ways to avoid fraud
The best way to deal with fraud is to protect yourself before it happens. While there is no way to protect yourself from an unscrupulous customer, fortunately for us, most people are honest. On top of that, providing good customer service will mean that customers will be very appreciative, most of the time.
On an episode of National Geographic’s Brain Games, the host ran an experiment where a coffee shop barista gave back too much change. Everyone they tried the experiment on gave the change back. When the barista became distracted and gave poor service, though, a few people kept the extra change – but most people still gave it back.
Here are some warning signs for potential fraud orders.
Red flag 1: Different shipping/billing address
Red flag 2: The IP address of the order is different than the region being shipped to
Most ecommerce platforms automatically log the IP address of where an order was placed from. If you receive an order with a billing address in one place, the shipping address somewhere else, and the IP address in yet another place, something may be fishy.
Red flag 3: Addresses are different on big-ticket items
If the products you sell are relatively inexpensive($100 and below), it’s highly unlikely someone is going to go through all of this trouble for something inexpensive. If you are selling electronics, expensive items, or items that can easily be flipped elsewhere, you’ll have to be more careful about things.
Red flag 4: Customer does not respond
If you are doubtful about any order, the easiest way to sort out the confusion is by calling up the customer and confirming what’s going on. Most fraudsters will not have a real phone number – so it’s important that you call, and not email. If you are still doubtful, you can just ask them to send a picture of their driving license and credit card side by side. If they want, they can cover up all numbers except the last four on their card.
When you ask for this information, be courteous and inform the customer that you are asking for this information for their protection to make sure someone isn’t using their information without their knowledge. Once you point this out, most honest customers will not mind complying.
Red flag 5: Repetitive orders
One way I realized that an order I received on Fish Finder Source was a fraud was when I got two orders for fish finders in succession from the same address. One day, I received an order, and I shipped it out. Two days later, after the first order was delivered, I immediately got another order from the same guy for another fish finder. Nobody’s going to need two fish finders in three days! I cancelled and refunded the second order, but I had to face a chargeback and the subsequent loss on the second one.
Red flag 6: Big-ticket orders overseas
One of the fraudulent orders I received was for a $1500 fish finder that was supposed to be shipped to Canada. I fell prey to that one, too, unfortunately, but it was an expensive lesson. If you get a large order for an address overseas, be careful. First, it’s harder to verify the customer, and second, unless you use FedEx or some other expensive private shipping, you have no way of knowing whether or not your order will actually reach the customer. Of course, there’s also the chance that it’s some cybercriminal holed up in a room somewhere, too!
Red flag 7: Shipping address doesn’t look right
It’s time to do some sleuthing! Head over to Google Maps and enter the shipping address, and have a look at it in Satellite View. Is the delivery address somewhere you would expect your product to go? Most of the time, it will be a house or apartment building, or maybe an office building.
What if it’s a warehouse? Or if the address seems to be a little off? One order I received on Fish Finder Source was supposed to be delivered to strange large warehouse. This raised a red flag – because the billing address was different, too.
Red flag 8: Express shipping
Most stolen cards have a very limited window before they are reported stolen, so orders with different billing/shipping addresses and requesting rush or overnight shipping are suspicious – it’s best to confirm with the customer in this case, too.
If you are not able to get in touch with your customer about a suspicious order because the phone number provided was incorrect, you can lookup the billing address in the White Pages and see if you can find a phone number there.
AVS settings
In your merchant account, there are a few security settings you can tweak to set how rigorous the verification process for any credit card transaction is. These are usually called “AVS” settings – which stands for “Address Verification Service.”
Usually the settings will be zip code matching, billing address matching, or no matching. If it’s no matching, just a card number, expiration date, and CVV code will let the charge through. It’s a good idea to have at least zip code matching enabled, and if your niche has lots of fraud, then have both matches enabled.
Refund a small amount
Another neat way to verify if an order is genuine or not was talked about by Andrew Youderian on one of his podcast episodes. If you receive a suspicious order, just refund a small, odd amount like $1.32 back to the customer, and contact them asking for how much they’ve received as a refund. If they are the genuine cardholder, they’ll be able to tell you, no issues. Such a small amount is a tiny price to pay for staying safe!
To finish this post off, here are some fraud prevention apps you can look into.
Expert tips
Andy Geldman – Web Retailer
Phone them. Many fraudsters won’t give a genuine phone number, and others won’t answer when you call. Just a few will have the chutzpah to continue the pretence of a genuine order, but are unlikely to give plausible answers to basic questions like, “Did you intend to order ten of this item? Why do you need that many?” It’s one thing to defraud a company online, but a whole other level to do it over the phone.
Richard Lazazzera – A Better Lemonade Stand
Using a modern platform like Shopify or Big Commerce, a lot of the guesswork is taken out of verifying the authenticity of orders. The fraud controls these companies implement are becoming increasingly good at detecting potential problems. If there are any flags raised for an order, I’ll evaluate those flags on an individual basis. For larger orders, or ones I have genuine concerns, I’ll call or email the customer and ask them to provide a photo of their government issued ID that matches the credit card. If I still have any concerns, I’ll just cancel the order.
Mike Ugino – SellBrite
Time is money. Be quick to cancel orders you deem are fraudulent, but always send an email explaining what you’ve done and why you’ve done it. If the order was, in fact, genuine, MOST customers will appreciate the reasoning and be happy to give you their order information over the phone. Alternatively, you can invite them to reorder via PayPal, which offers additional fraud protection to the merchant.
Steve Chou – My Wife Quit Her Job
1. I check to see if the IP address is in the same state/country 2. I call the customer and check that the phone number is in the same country 3. I check the shipping address to see if matches the billing address
Don Bush – Kount
We review hundreds of data elements for every transactions including information about, the device, the location, the payment type, associations, email, links with other transactions around the world, all in a matter of milliseconds in order to give the merchant what they need to validate an order and determine whether they want to accept or reject it. This insight allows each merchant to evaluate the level of risk they are willing to take while at the same time protecting themselves and their customers.
Fraud prevention apps
Here are some popular fraud prevention software you can use if you are a frequent target of chargebacks. Some of these companies are so confident in their algorithms that if you still get a chargeback, they will eat that cost for you.
- ThreatMetrix
- Signifyd
- Kount
- Riskified
Note: I have not used any of these companies myself – before you sign up for any of them, please have a chat with their sales staff to make sure their service is the right one for you.
No comments:
Post a Comment