Detecting Online Fraud

Table of Contents

1. Use Address Verification Service (AVS)
2. Pay Attention to User Location
3. Record the Shipping Destination
4. Beware the Use of IP Proxies
5. Google Is Your Friend
6. Check Email Addresses for Reputable Domains
7. Look Out for Patterns in Fraud and Theft
8. What Are the Most Common Ways You Can Catch Fraudsters?
9. Have a Fraud Prevention Strategy
10. How Do I Track Down Fraud?
11. How Do I Know Fraud is Friendly?
12. How Is Fraud Most Commonly Detected?

For merchants, there are a lot of advantages to selling goods and services online. You have access to a far wider customer base, there's less overhead involved, and it's easier to gain insight into customer behavior. Unfortunately, there are some downsides to e-commerce as well, and one of the big ones is fraud.

In the digital age, it's a lot easier to steal credit card information than it is to steal a physical credit card. Virtual theft can be committed on a much larger scale, and the victims often won't notice the theft immediately. That means there are a lot more stolen credit cards floating around online than there are in the real world.

Credit card fraud is a common problem for e-commerce merchants, and one that's incredibly difficult to solve. Every time the payments industry comes up with a new way of preventing fraud, the fraudsters come up with a new way of committing it. There are a variety of tools and strategies that merchants can employ to detect online fraud, however, and using several of them in combination can at least cut down on the number of fraudulent transactions that get through.

Receiving a fraud chargeback notification can feel like a punch to the gut. And since credit card companies have put the onus on online merchants to ensure that orders have been placed by cardholders, it is incumbent on them to educate themselves on how to spot fraudulent transactions.

Here are seven tips that can help you detect online fraud:

Use Address Verification Service (AVS)

Address Verification Service is an automated fraud prevention system designed to reduce the risk of fraudulent transactions. AVS compares the billing address supplied by the customer when they checkout to the address the issuing bank has on file.

An AVS mismatch may be a sign of fraud, since the criminal might have limited access to the cardholder’s personal information and be unable to provide an exact match.

An AVS mismatch doesn't guarantee an order is fraudulent, since the customer may have made a typo or forgotten to update their bank on a change of address. However, it is an indicator that you need to take a closer look at the order to better determine the risk of fraud.

When AVS or another fraud check red flags an order as possibly fraudulent, it's often a good idea to mark that order for manual review rather than rejecting it outright. While some indicators of fraud are clear enough that an order should be automatically rejected, many others are more nuanced, and would be better served by applying human expertise in order to minimize the risk of fraud as well as the risk of losing a legitimate customer.

There are many companies with dedicated fraud prevention staff that can review all high-risk transactions. Others may outsource this to third-party companies such as NoFraud.

Pay Attention to User Location

The transactions that are the most secure are those where the shipping address, billing address, and IP address all point to the same location. Transactions that show long distances between these different addresses should be scrutinized more carefully.

Record the Shipping Destination

Fraudsters need a way to get their stolen goods and will often ship the products to addresses other than the billing address. Orders with different billing and shipping addresses are at a much higher risk for fraud. If the destination of the goods is a freight forwarding company or a re-shipper, that is a very big red flag.

Beware the Use of IP Proxies

Fraudsters often try to mask their IP Address using a VPN so you can't see that they're placing the order from a different state or country. There are services that can detect the use of a VPN, but given their rising popularity with the general public, it might not be wise to simply reject these orders.

Manual review can be of use here, but another solution would be to simply display a message to the customer letting them know that they need to disable their VPN in order to complete their purchase.

Google Is Your Friend

When conducting a manual review of an order that appears to be high-risk, finding the customer online with an active social media account can be a strong indicator that the purchase may be legitimate. You can also find a treasure trove of public records that can help you feel more comfortable about shipping an order with elevated risk.

Check Email Addresses for Reputable Domains

Fraudsters usually use free email addresses that are easy to create and use once. Emails coming from domains like Gmail and Yahoo are riskier than emails from a business domain. Using a third-party service can give you more data on the email address, such as longevity.

Look Out for Patterns in Fraud and Theft

If you see multiple failed purchase attempts in succession with different card numbers, the likelihood of a non-fraudulent transaction coming from that batch is slim. In addition, once a fraudster is successful, they're likely to put in further orders to get the most out of their stolen payment credentials. Be sure to blacklist the phone, email, IP address, and billing address of any fraudsters you identify.

What Are the Most Common Ways You Can Catch Fraudsters?

By far the most common way that merchants find out about fraud is through employee tips. The truth is that frontline employees are witness to all the regular fraud attempts your store sees, whether they are in a store or customer service via an online portal.

Because of this, it is incredibly important to both pay attention to your employees and train them on the latest fraud methods. They are your first line of defense.

Following that, look to external audits to help. Third-party fraud and chargeback management companies can help you see gaps in your system or vulnerabilities that you won't catch on your own.

Finally, many merchants simply find fraud by accident. That doesn't mean that they just stumble upon it, but these merchants are always looking and come across fraud that might slip through prevention tools.

Have a Fraud Prevention Strategy

No matter the size of your business, or what method you choose, every company that sells goods or services online should have some fraud prevention strategy in place. You don’t want to learn the hard way.

Prevention of fraud—as well as the chargebacks that come with them—is crucial to operating a financially healthy business in today’s day and age.

Download your copy of An Introductory Guide to E-commerce Fraud Prevention, which covers five main types of fraud—true fraud, friendly fraud, phishing, refund fraud, and card testing—and provides effective tools and strategies to combat each of them.

Contribution by NoFraud.

FAQ

Thanks for following the Chargeback Gurus blog. Feel free to submit topic suggestions, questions or requests for advice to: win@chargebackgurus.com