WHY READ THIS BLOG POST?
Credit card fraud costs online retailers millions each year in lost revenue and stolen goods. The problem is growing and it’s only a matter of time before you are the target of a fraudster (a.k.a sh*t-bag). In this post, I’m going to teach you how to protect yourself as a small online retailer and how to handle fraudulent orders if you receive them via credit or debit card. I also have a big rant at eBay for being fecking useless and a dig at the anti-fraud police for lack of action.
“The best way to battle credit card fraud is to be vigilant and not take risks. Don’t let the bastards win.”
Matt Thorpe, The Webshop Mechanic
The Fraudster Plague
If there’s one thing that gets my goat is fraudsters who commit credit card fraud. These people prey on yours and my livelihoods.
They are utter scumbags. Scum of the earth. I appreciate that’s not a nice phrase and I rarely use it but in this instance, I think it’s well deserved.
These f**kers (excuse my french), are responsible for causing endless pain and heartache to many online stores, especially during the busy pre-Christmas shopping season when chargebacks are rife.
I’m going to teach you how to steer clear of falling victim to these internet fraudsters (mainly debit and credit card fraud). I’m going to teach you what to look out for so you can spot a fraudulent order a mile away and the steps you need to follow to deal with it.
What is Credit Card Fraud?
As I write this, I’m sitting here boiling up inside. The anger I feel for these people who commit credit card fraud is immense. I’ve seen many small online businesses deeply affected by the havoc they cause and many livelihoods affected.
As e-commerce business owner, you don’t go out of your way to ask for trouble. Unfortunately, that doesn’t matter because these people will find you and try to steal from you.
The usual cowardly approach for is through identity theft or credit card fraud. The fraudster in question would have stolen, bought or replicated an unsuspecting victims credit or debit card details and then proceeded to use it across as many online stores as possible, until the card is declined by the card issuer.
The problem lies in that it usually takes a few days or multiple transactions before it a fraudulent pattern is flagged and the card declined by the bank.
By that point, the fraudster has placed orders all over the internet and the retailer’s logistics team has picked, packed and shipped the items from the warehouse. It’s unlikely the bank will contact you in time to cancel the order.
And that means the sneaky scumbag has got away with it.
How Online Retailers Get Stung By Credit Cards Fraudsters?
Internet fraud for e-commerce businesses is like a disease. Sometimes it hits in large bouts and comes back again if it sees a weakness.
Once a fraudster has stolen card details, they will usually kick off by placing a few small orders on various sites to see if the card details are still active. If they manage to sneak through a few orders then they will come back for more.
The second time around they usually hit a store for a larger number of orders with higher values. In most cases, the order will go out the door way before they can be stopped. The delivery driver for DHL, UPS or MyHermes will just deliver the parcel to whoever is at the address.
Often this is at a block of flats or apartments which make’s it difficult for the fraudster to be tracked down. The driver won’t check for i.d so they won’t even care if Mickey Mouse is there to sign for it. They are on a tight schedule and they are paid to deliver the parcel, nothing more.
Once the product is in the hands of the fraudster then it’s ‘game over’. They’ve won.
The sad part to this all-to-familiar story is that, as the retailer, you believe you have secured another sale but, in reality, you haven’t. A few weeks later you will get a letter in the post from the credit card company saying the transaction has been disputed by the owner of the card.
When you check the details of the card owner on the letter with the order shipping address on your system, you’ll realise it’s miles away and that you’ve been had.
The credit card company will then take the money back off you in the form of a ‘chargeback’. They will even kindly charge you an administration fee for the privilege. The fee is usually around £20.
And the worst part? You’ve also lost the goods and the cost of the next day shipping charge too.
Reporting Credit Card Fraud To The Police (as pointless as a chocolate teapot!) / My eBay Rant!
In my experience, reporting credit card fraud to the police is a waste of time unless it’s for £10,000 or more.
Whilst the police do a fantastic job here in the UK, they simply don’t have the numbers in their fraud departments or local constabularies to handle this type of crime. This makes credit card fraud a popular and, dare I say it, easy business.
eBay: The perfect marketplace for fraudsters (and they don’t give a shit)
Last Christmas I had a run-in with a fraudster who ripped off one of my friends.
My friend sells luggage at £150 a pop. Somehow, the fraudster managed to sneak through 6 orders, sending the items to slightly different addresses each time. He literally had a field day and my friend didn’t know until it was too late.
When he spotted what had happened, I undertook a little bit of detective work on eBay. I noticed that there was one seller of this same product who had 5 or 6 new suitcases available to buy at half the price. (I want to include his user name but I obviously can’t)
Knowing my friend’s business very well, I knew that his distribution network was extremely tight and nobody was authorised to sell products on eBay, especially not at such a cheap price. If this was a reseller then they would be losing money on the wholesale buy price.
I contacted him via the eBay message service pretending to be buyer so I could ask him if I could collect the item in person but he said no. I then told him that I suspected the items were stolen from my friends business and he replied with insults and sarcasm.
I knew this was our man.
I proceeded to contact eBay to report the stolen goods and I wanted to see if we could get the individual removed from the site, at the very least. I requested that they ask the seller to provide proof of purchase since the goods were new.
I thought eBay would be helpful, understanding and do whatever they could to prevent fraud happening on their platform.
The response from eBay was a joke.
They replied telling me they can’t do anything to the seller because there was no proof the goods were stolen. With online fraud, this is almost impossible to prove.
They proceeded to tell me to report the seller to the police and for them to take care of it. So I contacted the police, they took my statement over the phone and gave me a good old, Crime Reference Number.
I asked them about the next steps and I was told it would be referred to the National Fraud Intelligence Bureau to see if it was worth investigating. Nice, I thought. We’re on a roll.
I asked how long that would take and they said 6 weeks.
Yes, 6 sodding weeks! Pointless.
I basically put the phone down and felt like breaking something in the office. I had the stark realisation that there is clearly no way to combat these shysters in a legal way.
I was frustrated at how unhelpful and useless eBay was to help resolve the situation. I only wanted them to ask the seller for proof of purchase to prove the good were not stolen but it fell on deaf ears. They were not interested.
It’s an unfortunate fact, but the only way you can fight them is to be extremely vigilant in the first place and try to intercept fraudulent orders as they arrive.
So, to help you guys, I’ve put together 10 tips on how to avoid credit card fraud orders. These tips come from over 14 years experience in dealing with fraudulent e-commerce orders.
If you follow these rules to the letter then you will significantly reduce the risk of being ripped off by a fraudster on your online store.
How To Spot Fraudulent Orders?
Check 1: Compare cardholder address with shipper address
In most instances, the card holder address on a fraudulent order will be significantly different to the shipping address. I appreciate that some people want orders delivered to their place of work but a fraudster is different.
Your card issuers will have something called an AVS check where they check the cardholder address against the address that was used as the cardholder address. If this fails then it’s likely the fraudster has the card in their possession but doesn’t know the actual cardholder address.
They also usually have the item delivered to an address quite a distance away. For example, I’ve seen many card holder addresses in London and delivery addresses in Manchester or Birmingham, usually to a block of flats.
Check the pattern of the addresses and raise a red flag to query if the addresses are not local to each other. Do not ship to PO boxes unless you have approved the customer on the phone.
Also, never ship abroad if you suspect an order may be fraudulent because it will be an expensive lesson. Never ship to Nigeria either. It’s known as a hotbed for fraud. Other countries that are fraud hotspots are:
If in doubt, Google the address for other online reports. Check Google maps and street view to help you make a decision.
CAUTION: Some fraudsters will place an order and then have the nerve to call up and ask for the delivery address to be changed, usually to a block of flats. Don’t ever fall for this scan. If you are in any doubt, cancel the order and explain to the customer that it is against your security policy.
Check 2: Does the email address contain the customer’s name?
I appreciate some people use nicknames or other names for their email addresses but the majority of people don’t. Most people use their own name in one form or another.
If the email address on the order bears no significance to the customer’s name then raise a flag. It’s not worth taking the risk.
Secondly, many fraudsters use a Yahoo email address for orders in my experience. I’m not entirely sure why this is, possibly due to being easier to register. I would double-check these.
(P.S For the record, [email protected] was actually an email used by one of these imbeciles.)
Check 3: Is the telephone number legit?
In many cases, the fraudster will use a false telephone number on their order. They may add a number that is one digit short or a number that isn’t even theirs. If it looks dodgy then call it to see if anyone picks up.
Some of the most brazen criminals do use their own number. If they do, it’s great opportunity to interrogate them about the cardholder address and the product they order. (Be careful to do this in a friendly way until you know they are a fraudster and not a legitimate customer).
Check 4: Is the order value above average?
Credit card fraudsters are greedy creatures and they often try to get away with whatever they can. If you see any orders that are way above your average order value then it’s worth checking it out.
In some cases, the blighters will run a few high-value orders through hoping to get away with one of them. Remember, they want expensive items to sell on for decent money so keep your eyes peeled.
Check 5: Fraudsters usually use Express Delivery
As we focus all our efforts on trying to replicate the rapid delivery service of Amazon, these crafty ‘barstewards’ are sitting there trying to capitalise on it, hoping you’ll take your eye off the ball.
A fraudster knows a retailer will try to rush through an express delivery order so they keep their customers happy. This might just be enough to slip through the net.
My advice is to scrutinise all express delivery orders before sending them, especially if they are high value. If you are in doubt, call the customer to run some fraud checks, especially when time is important. The order may be a gift.
Treat every order like you could lose money on it. That way, you’ll very rarely be caught out.
Check 6: Check Payment Details with your payment services provider
Any payment services provider worth their salt will be able to tell you whether the payment card used has matched against the cardholder address and the 3-digit CV2 code on the back of the card.
If the address does not match then it’s a red flag. Most banks and card issuers in the UK, Europe and USA will match the address against the card.
The same goes for the 3-digit CV2 code on the reverse of the card. Let’s face it, if the person using the card cannot enter the 3-digits that are on the card in front of them then there is something wrong. Red Flag!
Check 7: Check your failed orders
Your e-commerce platform should give you the option to see incomplete or failed orders.
If you see some failed orders around the same time then it’s likely the fraudster tried to use a number of cards before he or she got lucky.
Check 8: Check the time the order was placed.
Fraudsters tend to be night owls and place orders in the late or early hours. It’s probably something to do with avoiding being caught by the authorities at that time.
If you receive an irregular flurry of orders during the night then it’s likely they could be suspect, especially if they in the space of 10 minutes.
Check 9: Is the purchase a gift card?
Some of these swindlers are smarter than they look. I’ve seen fraudsters try to purchase gift cards or online gift vouchers so they can then buy the good using them.
Why would they do this?
Because, as a store owner, you wouldn’t assume a fraudster would purchase a voucher to buy goods. You would always think they would go for the goods straight from the off so, any gift voucher purchase, must be a gift for someone.
Of course, if they manage to slip through the net with the voucher, you wouldn’t question the purchase using the voucher because that’s already been paid for. Sneaky!!!
Check 10: Check their I.P address
An I.P address is the basically the address of the computer they are using on a particular network. By checking the I.P address on a site like IPLocation you will be able to see the location of the customer and decide whether they look fraudulent.
For example, you may have an order with a cardholder address in London, a shipping address in Birmingham and an I.P address in Novosibirsk, Russia. This could lead you to believe the order is fraud, that the fraudster is based in Russia or they have used a VPN (I.P cloaking tool) to hide their location.
Either way, it’s looks suspect!
How to handle customer orders you may think are fraudulent
If you think an order might be fraudulent then it’s time to play ‘Sherlock’, using the tips I’ve taught you. If you see a pattern of information that doesn’t quite look right then it’s time to contact the customer by phone.
Don’t bother sending an email because it’s an easy way out for the fraudster.
Call them directly and get them to recite their order details. Ask them to confirm the cardholder address and the item they ordered. You can even go so far as to ask for the last 4 digits of the card (whether you have them or not) and also where they heard about your company. This prolongs the conversation and puts them on the spot.
You should be able to detect a confidence in their voice if they are legit and some nervousness or stuttering if they are a fraudster. Make sure you are clear from the start of the call that you are checking the order details to protect the customer against fraud.
What to do when you know an order is 100% fraudulent
Whatever you do, don’t ignore the order because it will end up costing you money with the bank.
First off, make sure you cancel the order on your system and refund any monies paid back onto the card. It’s not your money so you can’t keep it.
Refunding the card will help you to avoid the chargeback fee from the card issuers because you’ve already beaten them to the refund.
In theory, you shouldn’t have to do anything else for the bank. Once the card is refunded and order cancelled then its job done.
Next up, you need to take action at your end. In addition to cancelling the order you need to:
- Block their I.P address (The address of the computer they used) – It won’t make much of a difference because they will probably use another computer but it will prevent them from using the same computer location and may put them off.
- Block their email – Again, they may use another one but at least you’ve taken that step.
- Check for other fraudulent orders – Are there any similar orders placed at around the same time, to the same approximate location? If so, check them in the same way.
- Block the card number – It’s better to be safe than sorry. Remove the chance of being charged by the bank by blocking the card number with your merchant.
What steps can you take to avoid fraudulent orders in the first place?
To be honest, there is very little you can do to eradicate fraudulent orders completely. However, there are some steps you can take to reduce your chances of being stung.
- Be vigilant with checking orders (And I mean like a Hawk!) – Don’t take risks as it’s not worth it. It’s your livelihood at risk!
- Switch on 3D secure authentication with your merchant – It’s more secure because it requires a password from the customer.
- Only ship larger orders to the billing address – Be strict unless the customer passes authentication over the phone.
- Don’t rush order processing & fraud checks – Take your time to check orders. Customers are understanding if you keep them in the loop.
Share your card fraud experiences, thoughts and suggestions
Some there you have it. My strategy for dealing with fraudulent orders. It’s not 100% foolproof (nothing ever is) but it will help you to reduce that risk so those scumbag fraud monkeys don’t get their evil little way.
If I can help just one person to avoid a fraudster then I have done my bit. 🙂
If you have any comments, experiences or advice you’d like to share then feel free to comment below. We’re all in this together so it would be great to help the rest of the e-commerce community.
Matt Thorpe is straight-shooting, no-bullshit marketer with a proven track record of delivering what he says he will deliver. Matt knows a bit about SEO, (which is why he’s ranked 1st on Google), is an ecommerce wiz and has helped a his customers (90+ and counting) to make a ridiculous amount of money. He’s a big fan of billionaires shortbread (so you can send him some), goes soppy for dogs and loves 80s actions films. You can follow Matt down the street or on Twitter (@Thorpeedo)