Courtesy of <a href=Most online fraud is pretty easy to spot. And it seems most of the perpetrators must either be stupid, ignorant, or maybe both.

If you run an online store selling anything remotely valuable for the black market (like electronics, car parts, expensive hobby items etc) then you have no doubt received fraudulent orders from Indonesia, Russia, or Ghana. Fraudulent orders from Indonesia and orders from Ghana are the most common for us.

They are often accompanied with a message like this :

Dear sirs, please attempt to ship my items the fastest, charge my credit card and get me the gifts as soon as possible they are urgent!

Thankyou,

John Port

Of course, these ones stand out. Along with the generic ‘hotmail’ email address and expensive items in the order they are the easy ones to pick.

But what about the fraudsters that aren’t as stupid? What about orders that don’t come from Ghana or Indonesia, for common items?

Over the past 9 years my business has seen lots of fraud attempts, some which has been quite clever. So how do you spot fraud and what tools are available to protect yourself?

If you have a fraud problem then the best option is to find some tools to identify orders. Some of these tools can be configured to automatically advise if an order might be fraudulent or you can do some manual checks.

Credit Card Payment Gateways

Most credit card gateways have some basic fraud checking enabled. Australia’s eWay.com.au has some measures that can help identify possibly fraudulent orders and I have a consulting client that currently uses them.

Some gateways like Payflow form PayPal have basically no fraud checking at all and disapppointingly our main ecommerce application at the moment (ChannelAdvisor) doesn’t even provide you with the IP address of customer’s orders!

So what can you do?

Order checking basics

Starting with the basics is a good idea. If you are selling electronics, gadgets, remote control toys/cars, perfumes and other popular products or you are about to start selling these items the you are certainly at risk of being targeted.

These are the most common visual flags that an order might be fraudulent

  • Order comes from Indonesia/Ghana
  • Customer doesn’t leave legitimate phone number
  • Customer uses generic (hotmail, yahoo etc) email address
  • Customer emails at time of order, asking you to ship it express, as ‘they need it fastest’
  • Expensive items are ordered, sometimes in multiples

These things are dead giveaways.

Also, you can set your payment gateway to Authorise only, and not to charge the card. That way you can check your orders first before charging the card.

In fact, when we first started selling online in around 2000 we simply canceled any orders that cam from Indonesia. We didn’t even bother responding to their emails or asking them to pay with something other than a credit card. And this is a rule we still use today!

So you can scan your orders visually, and make some quick assessments. But what if nothing seems to stand out?

Better fraud checking

There are some nice tools out there that can help you look at more information in an order to test for fraud ‘indicators’

One tool that we use is from Maxmind, and based on the order information you send to them they return an order score between 0 and 100.

Typically, the checks involve things like:

  • Is the IP address near the Billing/Shipping address?
  • Generic email?
  • Is the credit card bank near the customer address location?

they also tell you the issuing bank of the credit card, which can be handy.

For example you might receive an order that you just aren’t sure about putting through. You can ask your customer service staff to casually call the customer and ask them some questions, such as

  • Do you have a home phone (or alternate) number our driver can use for delivery?
  • We are having trouble processing your card, what bank issued it to you?
  • What is the CVV number on your credit card?

(these last 2 questions try to ensure that the customer is actually holding the physical card.

We recently wrote a module to integrate Maxmind with Magento to provide some nice fraud checking. We should be releasing this soon to the public. It is now released here.

Prevention

Of course the best way to beat fraud is to prevent it happening in the first place. You can do things like

  • Don’t accept credit cards/western union from ‘suspicious’ countries
  • Don’t accept ‘free’ email addresses
  • Require CVV numbers on credit cards
  • Specify that all orders detected as attempted fraud will be passed onto federal police

And there are probably more things you can do too.

The results?

Well, we continually pick up fraud attempts, most obvious, but some not so obvious at all.

In fact, during our development of our Magento plugin we ran a few recent orders through the tool. One came up red (highlighting suspected fraud). It turned out that the IP address was based in Ghana but all the order details indicated the customer based based in Sydney and was sending the goods to Sydney.

So what was going on there? We think these fraudsters are using a local house that they (or friends) might rent or own to act as a dispatch point for stolen goods. I can just imagine all the deliveries of electronic items to that address from online sellers that don’t do thorough fraud checks…

Got any other good tips/tricks to use? Let us know!