OK, fighting e-commerce fraud may not necessarily have made it to the top of your New Year resolution list, but if you are involved in any way with an internet retailer, chances are that it will find its way to the top of your work agenda in due course.
Fraud and chargebacks are by far the two biggest concerns for online businesses, much more so than for brick-and-mortar retailers. They are often interrelated and minimizing your losses from one of them will surely lead to the same with the other.
Now, I have no doubt that if your web store has been around for any length of time greater than a few months, you have implemented some sort of a procedure to help you identify potentially fraudulent transactions.
In this post I will offer you a list of eleven of the most common suspicious characteristics that are typically present in fraudulent e-commerce transactions. It is by no means comprehensive, nor should you immediately cancel a transaction if you identify one of these features in it. By itself, each of the following transaction characteristics can have a perfectly legitimate explanation. However, it is statistically proven that most fraudulent transactions display at least one of these characteristics and more often two or more of them.
You should scrutinize such transactions more closely than the others and I will offer you a step-by-step guide on how to do that in one of my next posts.
11 suspicious e-commerce transaction characteristics:
- First-time customers. This one is tricky. New customers are exactly what you should want, but you have to be careful. Criminals can use stolen cards for a very short time, so they are always looking for new victims. Once they commit a fraud at one merchant, they usually move on to another and never come back.
- Larger-than-average orders. Similarly to the previous item, large orders are something that should be welcome. Yet, you need to be careful, especially if they are placed by new customers. Stolen bank cards have a very limited life span so criminals will try to maximize their profits by buying as much as they can before the account is closed. Placing large-size orders are one way of doing that.
- Orders for several similar or identical items. Just as is the case with larger-than-average orders, purchasing multiple items of the same kind is a way of maxing out stolen cards as quickly as possible. Criminals don’t typically buy items for personal use but for resale, so all they care about is how quickly they can flip them.
- Overnight delivery. As criminals don’t much care about shipping costs, because they are not paying for the item, they are more likely than legitimate customers to forgo a free or lower-cost delivery option in order to get the merchandise as soon as possible.
- International shipping addresses. A large number of fraudulent transactions are shipped to international addresses. The Address Verification Service can only work for U.K. addresses outside the U.S., so it will be your decision whether or not to accept orders from abroad.
- Payments with similar card account numbers. Software that generates false card account information is widely available and is often used by criminals. Account numbers generated by such tools are often similar and your fraud prevention system should be able to identify them.
- Multiple orders shipped to the same address. This may indicate that criminals are using a stolen batch of cards or have fraudulently generated account numbers.
- Multiple orders on one card in a quick succession. Such an activity may indicate that a criminal is attempting to run up a stolen card’s credit line as quickly as possible, before the account is closed.
- Multiple shipping addresses. Similarly to the previous scheme, a criminal, or in this case more likely a group of criminals, may be using a card multiple times in a short period of time, but this time the orders would be going to several shipping addresses. You will need to decide whether or not to accept orders where the shipping address differs from the billing one.
- Multiple orders from a single IP address, but with different cards. Such a pattern may indicate multiple orders placed from the same computer, even if different names and shipping addresses have been used.
So this is my e-commerce fraud list for 2011. Again, it is not meant to be comprehensive, but rather to point out the characteristics most often seen in fraudulent orders. Do you have a list of your own? Or a specific feature that you believe should be included in my list? Share your experience in the comments below.
Image credit: Acs.net.au.