Ecommerce fraud: How to avoid being stung

  1. credit card fraud

    WebshopMechanic UKBF Regular Full Member

    Posts: 218 Likes: 89
    0 |

    November is approaching, along with Black Friday and Cyber Monday. This signals the busiest time in the digital world for both shopping and online fraud. As an online retailer, you want to attract more customers and you want to increase your online sales, but you need to be vigilant because it could all end in tears and potentially end your business.

    I’ve seen online fraudsters strike smaller online stores like yours, time and time again.


    Because they know they can away with it. They know you don’t have a fraud department or sophisticated fraud detection software in place. They know you're busy and that a large order means a good profit and that it’s tempting for you to dispatch it.

    I’m going to teach you how to spot fraudulent orders, how to handle them and how to avoid the pain of losing money. I’m going to help to ensure you are not caught out by these unscrupulous ‘bar-stewards’ and that you don’t lose your shirt.

    Online fraudsters try to catch you off guard

    As if running a small business isn’t difficult enough, smaller retailers are also at the sharp end of online fraud. They are targeted by fraudsters because they know we're just trying to make a living and a sale over £100 is probably a big deal. Hey, even a sale over £25 might be a big deal for some.

    Fraudsters also know that Black Friday and Cyber Monday are the busiest times of year, when we'll be rushing around trying to process orders, count stock, update our websites and keep up with customer service emails. They know we might not be on our guard.

    This is when they strike!

    How online fraudsters work

    Fraudsters know what they are doing and tend to operate in a way that they will rarely get caught.

    They have numerous ways to steal someone’s identity and financial details. This could be through their wallet at the gym or the pub, they might have a friend who works in the postal service who hands them new credit cards that arrive by post, or they could use social engineering, where they trick people into handing over their card information. Alternatively, they might just go to some shady website and buy a list of stolen credit card details.

    Yes, it’s that easy.

    The fraudster then proceeds to use the cards on as many websites as they can in a very short space of time. Sometimes they will test the cards on a charity website first to check that the details are active and haven’t yet been reported stolen.

    They use charity websites as a testing ground because they have reduced security checks – charities don't want to place obstacles in the way of donations (like addresses). This makes sense, but it’s also the reason why these charities have the highest levels of loss due to online fraud.

    Fraudsters generally operate around the law on a smaller scale. When I say operate around the law, I mean they are often too small for the local police force to bother getting involved with. And they know this.

    In my experience, if you report a fraud that has been carried out on your ecommerce store, the police give you a crime reference number and then you probably won’t hear from them again. I was told they're not interested unless the fraud exceeds £10,000, as they have limited resource.

    So basically, you’re on your own (but I can hopefully help you with what I’m about to share with you).

    The cost of fraud to your ecommerce store

    When a fraudster places an order, the chances are, your online store was not the only one hit that day. They probably hit 20 other stores in the space of 3-4 hours, all with orders that have next day delivery.

    They will then sit and wait outside the block of flats or apartments the next day, while the delivery companies turn up in their droves to deliver the parcels. If 4/20 turn up then it’s a good day's work for doing absolutely nothing, apart from being a scumbag. 

    As a small retailer, you bear the full brunt of the crime. It’s not right and it’s not fair, but that’s how it goes down. For every fraudulent order:

    • You lose the goods. You lose the cost of the goods and any profit made by selling them.

    • You lose the cost of shipping. If you sent the order by next day delivery, then you’ve probably lost £5-£8.

    • You lose the money. The person who owns the card will say they didn’t make the purchase. That means the credit card company will process a chargeback and the funds will be taken back from you.

    • You will pay an admin fee. Chargebacks require paperwork by the credit card company – they call this a ‘Dispute Administration Fee’. As these financial institutions are never the ones to lose out, they charge you anything from £10-£25 as an admin fee.

    • You will lose time. Fraud orders cause significant admin delays by the time you have checked, chased and refunded. It’s painful.

    Forbes actually reports that in the US, every $1 of fraud costs the retailer $3.08 by the time the cost of the goods, the chargeback and the admin time are added up. That’s a scary thought if you have higher fraud levels.

    As you can see, a fraudulent order can be expensive, so it pays to be vigilant with every single order. It may even be worth hiring extra resource as a fresh pair of eyes during the busiest times. It could save you a lot of money and the headache.

    Spotting fraudulent orders: signs to look out for

    Okay, now we’re into the important stuff so please pay attention. These small pointers could prevent a world of pain.

    • Fraudsters often order in the early hours. It doesn’t mean it’s always fraud, but shopping at 2 am is a better way to avoid the authorities.

    • Fraudulent online orders usually have an alternative shipping address. In many instances, this can be over 100 miles away (i.e cardholder in London, order shipping to Manchester). Again, it might be a gift, but it's worth checking.

    • Fraudsters usually get their orders delivered to blocks of flats or apartments. This is so the exact address can't be traced to an individual and parcels can go missing easily. It's also easy for them to sit outside and wait for the delivery, and can't be tracked to an individual address.

    • Fraudsters often use an email address that looks nothing like their name. I know this is a loose one, but people usually try to have some resemblance to their name these days.

    • Fraudsters often use addresses – I don’t know why. Maybe these are easier to register. It's just a common pattern I've seen.

    • Fraudulent online orders use false telephone numbers. Sometimes these are dead numbers, so test them and make sure they work.

    • Fraudsters will try small orders first before large ones, so keep an eye out for this. They will test the water first and then go for the more valuable products that they can sell on.

    • Fraudsters usually order more if they get away with it. These can be lots of small orders in a short space of time. They'll always go for the low-hanging fruit so be aware.

    • Fraudsters will order by next day delivery. They place orders using fast delivery, so you don't have time to check it before it goes. Beware, this will add to your pain because you will lose the cost of shipping.

    How to handle orders you think are fraudulent

    If you think an order is fraudulent, then here are my suggestions on what to do:

    1. Call them. Don’t waste time with a dodgy order by emailing them and waiting for a reply. Call them using the number they have provided and ask them to confirm the cardholder address. If the number is dead or they sound flustered, then they have failed the security checks. Nine times out of ten, the number will be a deadline with a fraudster.

    2. If you can’t get through to them or it goes to voicemail, send them an email and ask them to call you for complete security checks. Explain that you can’t dispatch the order until they do. Don’t tell them what information you want in the email as they will have time to find it. Catch them on the back foot.

    3. If the person in question has not replied for three days, cancel the order. If it was legit and the customer complains, simply apologise and explain that you have increased your fraud procedures for their own benefit. High security measures are for their protection as well. You can always recover the situation by offering them an incentive to re-purchase.

    The other type of online fraudster to be aware of

    There has been a rise in another type of online fraud in the last couple of years: 'friendly fraud'. ‘This is where customers just tell their credit card company that they did not authorise the transaction, even when they did.

    According to CBS News, 86% of chargebacks are in fact fraudulent, which means customers are just trying to ‘pull a fast one’.

    In these instances, it is up to you, the online retailer, to prove that they did actually place the order. This means you need to supply order details, delivery address and proof of signature.

    This can obviously prove challenging if the item was delivered to someone other than the name on the card (maybe as a gift) and if the address is completely different. It also takes you time to provide the relevant documentation and to fill out the required paperwork.

    Fortunately, this type of fraud is rare, but just be aware that it pays to store order information where you can easily lay your hands on it.

    ACTIONS: your anti-fraud don’t lose your shirt checklist

    Okay, here’s a recap on how you protect you and your online store.

    • Check every order for consistency. If the shipping address is very different to the cardholder address, contact them by phone and ask for confirmation.

    • Contact your customer if you're unsure. It really isn’t worth the risk just to get the sale. If the customer is legitimate, then they won’t mind you contacting them to confirm some details.

    • Make sure you have AVS (Address Verification System) switched on with your payment provider. This will make sure the billing address entered is checked against the cardholder address. If it doesn’t match, the order will give you an alert to check the order. This is free to have in place. It doesn’t always work for international orders though.

    • Check their I.P address. Fraudsters sometimes operate remotely as part of a group. If their I.P address (generally their location) is in Nigeria and their delivery address is in London, then there may be cause for concern. You should be able to find the I.P in your payment gateway dashboard. If you get a fraudulent order, then block the I.P address immediately.

    • Never ship to high-risk countries. Only ship internationally if you are confident the order is legitimate. I would suggest you never ship to Nigeria, Brazil, Russia, Ukraine, Ivory Coast, Republic of Congo, Iraq, Somalia, Pakistan, Yemen or Indonesia. Their postal systems are also very poor so items go missing.

    • Always check high-value orders. Contact the customer to verify the details and ask them a few questions about their order. Fraudsters often won't even be able to tell you what they've ordered, because they have placed so many orders. Legit customers will always know straight away. If they get shirty about the questions then explain it's for their own safety.

    • Check the delivery method. Fraudsters always order with next day shipping. Be aware of this and check your next day shipping orders with vigilance.

    • Check your failed orders. Fraudsters will probably have tried a few cards with different physical addresses and email addresses around the same time period. Check to see if there's a pattern.

    What should you do if you are the victim of ecommerce fraud?

    Alert your local authorities. They will probably add it to their system and give you a crime reference number. Don’t hold your breath for any further investigation though.

    Refund the card immediately. If you refund the order within a couple of days, then you probably won’t be liable for the chargeback admin fee because the customer won’t have seen their credit card bill yet.

    I hope the points above haven’t scared you too much! It’s unfortunate, but there are some unscrupulous people out there who want to get ahead by cheating others. Many will never be made to pay either.

    To combat this, we just need to keep our eyes peeled and be vigilant. Only accept and send orders when you are confident they are authentic.

    Good luck all. I hope the crazy Black Friday weekend and holiday period proves profitable.

    Matt Thorpe

    The Webshop Mechanic

    For more free ecommerce help and advice then check out my blog Webshop

    Twitter: @thorpeedo