If you run a busy ecommerce website, fraud might be of concern to you. In fact, if you’ve been in business for a while, it’s fairly likely that you’ve already been hit by fraudulent transactions at some point.
Fraud can include a number of things, but for the purpose of this article we’re mainly referring to stolen credit cards that are used to purchase goods online. When this happens, retailers often unwittingly take the money and dispatch the goods, only to be hit with a “charge-back” later on. This is where their bank or merchant services provider recoups the money when the real owner of the credit card realises it’s been used without their permission.
Below are a few steps that you can follow to help spot and prevent fraudulent payments:
Make CVV number matching mandatory
The CVV number is the 3 digit number on the reverse of a credit or debit card. Often, credit card details are stolen without the physical card itself. This means thieves might try to use the card details without knowing the CVV number. There is no excuse for a legitimate purchaser to not know what this number is, since it’s printed on the back of the card. Therefore, we always advise that your store is set to reject orders where the CVV number is entered incorrectly.
Consider enforcing Address and Postcode matches
Your chosen payment gateway will often indicate whether the address the customer entered matches the address their payment card is registered to. You can choose to automatically reject orders where the address and postcode doesn’t match. This is often advisable with high value goods, for example Televisions and electricals. If you do this, it’s a good idea to explain to your customers that you can only deliver to the address that their payment card is registered to, and that they must enter it exactly as it appears on their credit card or bank statement.
Unfortunately this can prove too restrictive for many ecommerce businesses. Customers often mistype their address, or they order goods using a credit card registered to their home address but then want it delivered to their work address. Similarly, business customers might not remember whether their card is registered to their home address or work address. Automatically enforcing an address and postcode check can often result in lost business from genuine customers.
The alternative is to manually check whether the address and postcode entered by the customer matches their registered card address. If it doesn’t, action can be taken depending on the value of the order and whether the customer is previously known to you.
Enable 3D Secure
3D Secure is an initiative created by MasterCard and Visa. If your customers join 3D Secure then you can use this feature to identify shoppers as genuine cardholders, before they pay for their online purchase.
Watch out for low value transactions
Fraudsters will often place a low value transaction using stolen details to check whether they succeed. If they do, this will often be followed by an order for a much larger value several days later.
Treat high value orders with more suspicion
It goes without saying that the stakes are higher with a £1,000 order compared with a £10 order. Whilst low-value orders can still be fraudulent, the financial risk to you is less. Therefore, treat high-value orders with more suspicion and be vigilant in checking the address and postcode match for such transactions.
Capture the IP address of your customers
Your customer’s IP address can help to show the region of the world that they are located, using a simple IP lookup tool online. If the IP address points to a region vastly different to their billing or delivery address, this can ring alarm bells. It might also be possible to spot a pattern between several different fraudulent orders that, on the surface, appear to unconnected but are actually carried out by the same person.
Ask for your customers telephone number and consider calling them
It’s always useful to capture your customer’s telephone number as part of the order process. If you find an order to be somewhat suspicious it can be worthwhile calling the customer for clarification. Bear in mind the telephone number provided could belong to a fraudster, so this type of check isn’t foolproof. However, it’s unlikely that a fraudster would supply you with a valid telephone number nor wish to speak to you in person.
Accept that fraud is a way of life, but stay on your guard
Sadly, when a case of fraud is reported it’s nearly always the retailer that loses out. Having dispatched the goods, your bank or merchant services provider will reclaim the money from you, leaving you out of pocket and with no recourse.
When you’re busy dispatching lots of orders, it’s possible that one will slip through the net from time to time. However, if you remain vigilant and carry out the checks discussed above, you’ll stand a greater chance of stopping fraud in its tracks.