As the longtime owner of a couple of popular online stores, I’ve learned the hard way – through experience – that online criminals are constantly trying to take advantage of the ease in online shipping to commit fraud.
For consumers whose credit cards are used in online fraud, there’s no loss. The bogus charges are almost always refunded. But for online retailers who get conned into processing the orders, there is no relief.
If it’s fraud, you get a chargeback. You’re out the order, the merchandise you shipped and the online fees charged by your credit card processor.
Those chargebacks are never pleasant. In the early days, I had my share. But after plenty of grumbling, I decided to consider them what financial expert and radio talk show host Dave Ramsey calls a “stupid tax.”
Then, I set my mind to learn from them so I wouldn’t keep paying the “stupid tax.”
I started by making a list of every chargeback I was hit with over a 12-month period. I rigorously examined them, looking for patterns and similarities. As a result, I instituted some security procedures and checklists that have worked well in greatly reducing the fraud losses from my stores.
I still get stung, but very rarely these days.
The one single step that has most helped reduce fraudulent orders for me and my stores is to eliminate shipping to any location other than North America. I know, that’s a drastic step. But while I no doubt do indeed do lose some legitimate business from overseas customers, it has been my experience that most fraud originates overseas.
And my experience is not unusual. Once recent study I have seen, from Cybersource, notes that fraud rates on overseas orders are four times the level of North American orders. Thus, not allowing orders from places other than the U.S. and Canada helps eliminate many of the problems.
Still, almost every day, some thief still tries to get through. Most of them are from criminals trying to see if a credit card number they have is still good. They’ll place an order and provide a ship-to address in the U.S.
Below are my top 10 suggestions for catching the fraud before you complete the transaction. As many of these flags as you have on an order, the more apt it is bogus:
1) Shipping FedEx overnight is a frequent marker. The thief figures the merchant will move so fast to process the order that there won’t be too much scrutiny. A dead give away and cause for you to seriously question the oder is when the overnight shipping costs approximate the item’s cost.
2) Look at the phone number and e-mail address provided by the customer. Does the area code match the city and state of the customer? If the customer uses a free Yahoo!, Hotmail, or Google account, does it correspond to the customer’s name? Thieves always use these free accounts. So, of course, do many genuine customers. But an e-mail to a domain not associated with free web-based accounts, with a username (the part before the “@” sign) that matches the customer, is usually good.
3) If your store has referrer info on orders, like Yahoo! Stores provides, for example, examine how the customer found you. My store’s order info lists the search phrase they used, or the last page they came from. Thieves tend to search on phrases like “international shipping” or “overnight delivery” instead of the category or keywords products are advertised under.
4) Check the IP address. And IP (Internet Protocol) address is a unique numerical identifier that much like a house address. In this case, it identifies the computer network that the order came from. Your oder processing software should also show you the IP address that the order was sent from. Check it out. On my Yahoo! Stores, all I have to do is click the address and it does a trace, identifying the network location. If it’s overseas, shipping to the U.S., I consider it fraud unless I can call the phone number and talk to a real customer.
5) Beware of mail forwarding operations and shipping to Post Office Boxes. Watch out for mail processing locations. Many thieves order your items from overseas and have them shipped to maildrops. Often, instead of a box number, these locations can be spotted by having a “suite” number under the address line. Miami and Houston have a bunch of maildrops serving South America. Seattle and Los Angeles have them for Asia. New Your City handles Africa and Eastern Europe. If suspicious, run the customer address through Google. Often you’ll see it listed to a service for mail forwarding company.
6) Be suspicious if the shipping address and the billing address on the order are different. At the very least, whenever this happens, don’t process the order unless you call the customer to confirm the order. Some stores even make it a policy to ship only to the billing address listed for the credit card. I get a lot of orders from parents buying my products for their kids who are away at college so that’s not a policy we impose. But we always call when the addresses are different.
7) Always expect fraud when you get multiple orders submitted from the same customer in sequence, using the same credit card, or the same ship-to address.
Beware of unusually large orders. You know from your oder processing reports,what the average customer buys. You know what is a big order. Is it over $250? Over $500? Over $1,000? When the norms are exceeded you should carefully examine the order.
9) Be skeptical when you get orders with multiple quantities of the same product. It is common for fraudulent orders to be large quantities of a single item.
10) Look for typos, grammar and punctuation errors. Serious customers make mistakes in filling our your oder forms. But not nearly as often as thieves do.
If I had to boil everything down to a single piece of advice, it would be this: When in doubt, try to reach the customer. If the phone is disconnected, mark it as fraud. If there is no answer, leave a message on the answering machine. Then send an e-mail. If after 24 hours the e-mail and the call are not returned, do not process.
These are just some of the fraud indicators and precautions I’ve learned over the years. They are by no means exhaustive. But I have instructed all my employees to filter our orders through skeptical eyes. As a result, we’ve diminished our chargebacks to only two or three cases a year.
