Most Online Fraud Attempts Are Easy To Spot, But What About The Rest?
Most online fraud is pretty easy to spot. And it seems most of the perpetrators must either be stupid, ignorant, or maybe both.
If you run an online store selling anything remotely valuable for the black market (like electronics, car parts, expensive hobby items etc) then you have no doubt received fraudulent orders from Indonesia, Russia, or Ghana. Fraudulent orders from Indonesia and orders from Ghana are the most common for us.
They are often accompanied with a message like this :
Dear sirs, please attempt to ship my items the fastest, charge my credit card and get me the gifts as soon as possible they are urgent!
Thankyou,
John Port
Of course, these ones stand out. Along with the generic ‘hotmail’ email address and expensive items in the order they are the easy ones to pick.
But what about the fraudsters that aren’t as stupid? What about orders that don’t come from Ghana or Indonesia, for common items?
Over the past 9 years my business has seen lots of fraud attempts, some which has been quite clever. So how do you spot fraud and what tools are available to protect yourself?
If you have a fraud problem then the best option is to find some tools to identify orders. Some of these tools can be configured to automatically advise if an order might be fraudulent or you can do some manual checks.
Credit Card Payment Gateways
Most credit card gateways have some basic fraud checking enabled. Australia’s eWay.com.au has some measures that can help identify possibly fraudulent orders and I have a consulting client that currently uses them.
Some gateways like Payflow form PayPal have basically no fraud checking at all and disapppointingly our main ecommerce application at the moment (ChannelAdvisor) doesn’t even provide you with the IP address of customer’s orders!
So what can you do?
Order checking basics
Starting with the basics is a good idea. If you are selling electronics, gadgets, remote control toys/cars, perfumes and other popular products or you are about to start selling these items the you are certainly at risk of being targeted.
These are the most common visual flags that an order might be fraudulent
- Order comes from Indonesia/Ghana
- Customer doesn’t leave legitimate phone number
- Customer uses generic (hotmail, yahoo etc) email address
- Customer emails at time of order, asking you to ship it express, as ‘they need it fastest’
- Expensive items are ordered, sometimes in multiples
These things are dead giveaways.
Also, you can set your payment gateway to Authorise only, and not to charge the card. That way you can check your orders first before charging the card.
In fact, when we first started selling online in around 2000 we simply canceled any orders that cam from Indonesia. We didn’t even bother responding to their emails or asking them to pay with something other than a credit card. And this is a rule we still use today!
So you can scan your orders visually, and make some quick assessments. But what if nothing seems to stand out?
Better fraud checking
There are some nice tools out there that can help you look at more information in an order to test for fraud ‘indicators’
One tool that we use is from Maxmind, and based on the order information you send to them they return an order score between 0 and 100.
Typically, the checks involve things like:
- Is the IP address near the Billing/Shipping address?
- Generic email?
- Is the credit card bank near the customer address location?
they also tell you the issuing bank of the credit card, which can be handy.
For example you might receive an order that you just aren’t sure about putting through. You can ask your customer service staff to casually call the customer and ask them some questions, such as
- Do you have a home phone (or alternate) number our driver can use for delivery?
- We are having trouble processing your card, what bank issued it to you?
- What is the CVV number on your credit card?
(these last 2 questions try to ensure that the customer is actually holding the physical card.
We recently wrote a module to integrate Maxmind with Magento to provide some nice fraud checking. We should be releasing this soon to the public.
Prevention
Of course the best way to beat fraud is to prevent it happening in the first place. You can do things like
- Don’t accept credit cards/western union from ‘suspicious’ countries
- Don’t accept ‘free’ email addresses
- Require CVV numbers on credit cards
- Specify that all orders detected as attempted fraud will be passed onto federal police
And there are probably more things you can do too.
The results?
Well, we continually pick up fraud attempts, most obvious, but some not so obvious at all.
In fact, during our development of our Magento plugin we ran a few recent orders through the tool. One came up red (highlighting suspected fraud). It turned out that the IP address was based in Ghana but all the order details indicated the customer based based in Sydney and was sending the goods to Sydney.
So what was going on there? We think these fraudsters are using a local house that they (or friends) might rent or own to act as a dispatch point for stolen goods. I can just imagine all the deliveries of electronic items to that address from online sellers that don’t do thorough fraud checks…
Got any other good tips/tricks to use? Let us know!
Related Posts :
If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Comments
Hi Nathan,
My company is very interested in this MaxMind integration into Magento, please do let us know how this is going as it seems almost not worth while running a live magento store without MaxMind.
It has saved our oscommerce store many 1000’s of dollars in preventing fraud.
Thanks
Tim
Tim,
We are close to release. Just sorting out our online store for these products and a few others. You are right, it is an extremely useful service that we have used for years and our Magento integration is top class!
I will be in touch.
Nathan
Hi Nathan,
Would it be possable for us to grab the latest version of this asap from you guys?
We are happy to paypal you to get this happening.
Please let me know via email if this is possable.
Thanks very much,
Tim
We have finalised our Magento Maxmind module now. We will be offering it for sale within 2 weeks, we haven’t finalised a price yet.
One of the Maxmind staff said it was the best integration with an eCommerce platform that they had seen so far, so that is encouraging feedback!
I will post in my blog when it is available, and we should have it on Magento Connect as well.
Cheers
Nathan
Put me in line for this. Do you guys have somewhere I can go to buy it or get on the waiting list?
Thanks
Jason,
I will comment here on release. Should be any day now (hopefully tomorrow, fingers crossed). I will probably do a new post on it too.
Cheers
Nathan
OK, our Magento Fraud Alert Module is now in release!
Please visit our site at DirectshopSolutions.com to download.
For the first 10 blog readers to buy I have set up a promo code to get 15% off your purchase. Use the code 15offx10 in checkout.
If anyone has issues, as this is a first release (but we believe very stable), please use the contact form on the website.
MaxMind is ok but at the end of the day it’s simply software that gives a fraud score. When I was looking for a fraud prevention solution for my website I signed up with PreCharge.com
I integrated their software with my shopping cart and payment gateway. When a custoomer places an order on my site it gets sent to them, they manually review and approve or decline. If they approve an order that results in fraud they reimburse you for the full ticket price including shipping and the merchant chargeback fee.
I was only shipping to billing adresses but since I started with them I’m shipping to non billing adresses and internationally. It’s cost effective and the best part of their service is that I don’t have to review any of the orders. They approve I ship out. Wish I would have found out about them sooner but it’s been a year so far, they’ve saved me a ton of money and I couldn’t imagine doing business without them.
@Tony
Did you get PreCharge integrated with Magento or a different ecommerce platform? How difficult would you say the integration was to complete?
My main complaint with PreCharge is they want to verify EVERY transaction transmitted to them. Unless I come up with a solution to *submit* only the orders we deem need for review by PreCharge then I can’t use their service.
PreCharge would be a backup to the Maxmind solution when an order receives a high risk score.
@Dan
I have a custom shopping cart and use authorize.net as my payment gateway. Technically I did not do the itegration, my programmer did, but it took him a few hours.
I referred a friend of mine to them and he either chose not to integrate or couldn’t. Regardless, he manually inputs his orders through preCharge’s website. He only sends them shipping/billing mismatches as he doesn’t ship internationally.
Things must have changed since you last spoke to them as I understand they only require you send them all of your international business but you can pick and choose domestic.
Do post your MaxMind integration plug-in on Magento Connect. I am sure others like me will be very interested in this module. Thanks for tackling the integration with Magento
- Dan