Fraudulent use of credit cards poses a major threat to an online business. Transactions that seem out of the ordinary, suspicious, or are of a high value should be manually verified.
Many aspects of fraud detection are simply common sense and the process is not time-consuming. Incorporate manual fraud checks into business processes.
E-Next marks potentially fraudulent transactions with a caution or warning. You should check these transactions in order to:
- reject high risk payments and
- avoid rejecting payments that are legitimate but have been tagged potentially fraudulent (due to things like typing mistakes made by shoppers)
If you are not convinced that the individual who placed an order is legitimate, immediately refund the transaction and do not ship the items.
Identify high-risk names, IP addresses, and email addresses through manual checks. Merchants who use the E-Next Risk Management service can block these shopper names, IP ranges and addresses, and email domains and addresses.
Tip: Registered Post
To help protect against fraudulent claims that items were not received, send items by recorded or registered post and request a dated and signed delivery note.
Name and telephone number
- Be alert to incorrect formatting or nonsense in the shopper name field. Use http://www.192.com or another service to verify customer details on the electoral role.
- Transactions are riskier when the customer provides a mobile number as the telephone number.
- If the customer provides a landline telephone number, use a free online lookup program such as http://www.ukphoneinfo.com/section/tci/locator.shtml (UK only) to verify that the telephone number area code and the address match.
Most fraudsters who obtain data by coping information from a card do not have the billing address of the authorized user. Look for these indicators:
- Incomplete billing address
- Different billing and delivery addresses
- Boarding house, hotel, or other temporary address
- Deliveries to an airport or another unlikely address (such as an industrial estate for a transaction that is not business-to-business)
- Export delivery address, particularly in a high-risk country (refer to the information on the Country Checks page)
- Customer refusing to confirm billing address and debit or credit card details
These are not always evidence of a fraudulent transaction. For example, a shopper may request that an order be delivered to a hotel address, not the billing address, due to being on holiday. However, it is always smart to check these situations. Verify customer names and addresses with the UK Electoral Register or a local equivalent.
If running these checks does not convince you that a customer is legitimate, consider checking the ID of the individual and trying to confirm that the person is the genuine cardholder. Request a copy of one of the following:
- Driving license or passport
- Utility bill for an address that matches the provided billing address
- Credit card or bank statement reflecting the billing address (allow the customer to obscure sensitive information)
As a merchant, you bear responsibility for managing sensitive and confidential information so these details should be securely filed or destroyed after being used.
- Use a free lookup tool for IP addresses such as http://www.ip-to-location.com/free.asp to verify that the billing country and IP address listed on the order confirmation match. To find other tools, search for “IP look up tools” or enter similar terms online.
- With the E-Next Risk Management service, you can block transactions from known fraudulent IP addresses automatically.
- Realize that an email address from a free site such as Hotmail is riskier than one that requires user registration through an ISP.
- To verify an email address, try to access the email domain name within an online browser. You may discover that the domain is registered abroad or is not registered. To help confirm the existence of an email address use http://www.verify-email.org or a similar website. Note that this will not work for all email providers.
- To confirm that an email address is active, send an email to it and verify that this is not returned as undeliverable by your email server.
- Shoppers sometimes make mistakes when entering their email addresses. They often misspell .com, .co, or .uk or enter another character for the @ symbol. Compare the name of the customer to his or her email address to spot an obvious spelling error.
- If you cannot reach the customer through email and cannot identify an obvious mistake, contact the customer using the provided telephone number.
Look for these signs of potential fraud:
- An order of an unusually large quantity of an item without a noticeable preference for make, model, colour, or size
- An existing customer ordering an unusually large amount of items
- An order that is unusually large or small
A repeat order quickly following an order that is unusual
- Orders of multiples or a top-of-the-range item
- Use of several different cards to attempt multiple transactions. This process, referred to as card testing, is used to confirm that a card is valid and a transaction using it will receive authorization.
- Use the provided telephone number to contact the customer and confirm details of the order. This will verify that the customer and telephone number are legitimate.
If one of the following situations is identified, it is worthy of checking, though it is not always evidence of fraud:
- Request for expedited delivery
- No regard for delivery cost (legitimate shoppers typically avoid expensive delivery charges)
- Delivery and billing addresses do not match
- Request to leave items on the doorstep or similar area
- Boarding house, hotel, or other temporary address
- Export delivery address, especially to a high-risk country (see the list below)
To assure that the transaction is legitimate, further checks are recommended.
Tip: Intercept Services
When using a courier to sent items, instruct it not to accept “redirect” or “intercept” services that allow customers (including fraudsters) to make changes to delivery addresses when shipments are in transit.
These countries are among those with higher fraud risk:
- Russian Federation
Fraudsters know many ways to use cards to get money from customers and goods or services from your business.
Protect your profits, your business, and your customers by using the E-Next fraud prevention service and conducting manual checks.