Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Tip on how to spot fraudulent transactions


mdtaylorlrim

Recommended Posts

I have not seen a topic like this in a while and it bears repeating once in a while since we get so many new users. This is just my main topics, certainly others can add much more to this and are welcome to do so. The more information available, the less likely someone is going to get taken...

 

 

The first thing you need to know about fraud is that the credit card companies are never the losers, and the merchant is. It is our responsibility not only to obtain proper authorizations, but to recognize and take appropriate steps to prevent scam artist from successfully completing a fraudulent transaction.

 

I see two main areas to be very aware of. The first is preventing bad authorizations.

 

Check with your credit card merchant provider and see what tools are available to you as a merchant to control what is required for a transaction request to be authorized. At very minimum the cardholders name, address, city, and state must match the billing address provided by the customer, the zip code must translate to the city provided, and the cvv codes must match. That is usually the default settings. As a merchant you can adjust those. If you remove any of them you are just asking for trouble, but you can make the authorization process more stringent, if your processor allows. Some settings that you may have access to include:

 

Blocking countries

Blocking IP address ranges

Blocking email addresses or hosts

Requiring a telephone number that matches the card used

Preventing the same card from being used multiple times

Preventing purchases over certain amounts

Blocking cards from specific banks (Bin numbers)

Card Level Results (allow purchases only by business cards, for example)

Card ID Checks (detailed CVV response settings)

 

Perhaps you may even have access to a AI type of 'Fraud Calculator' that measures risk and returns a score signifying the possible risk. You can choose the maximum risk number you are willing to accept.

 

The key is to READ your documentation to your merchant console and understand what all of the settings can do for you. With a good understanding of the resources available to you the authorizations you receive will provide you with minimal risk against fraudulent transactions.

 

 

The next is recognizing transactions that are potential fraud attempts.

 

This is merely a section of 'red flag' type of situations that will vary from store to store. What may be a red flag for one store may not be for another. It is up to you to know the purchase habits of your industry. For example, it would be quite common for a purchaser to purchase multiple items of one product like, a dozen canned drinks for example. But, it would not be common for someone to purchase a dozen rifle scopes. That would throw up a red flag. Knowing your industry is what allows you to set what conditions might trigger that suspicion about a transaction. Here are some possible red flags to look for.

 

Shipping address differs from billing address. It happens, but you might want to determine a method of contacting the purchaser using a contact method NOT PROVIDED BY THE PURCHASER, such as a telephone number verified as the phone number attached to the card used. I actually send out post cards to the purchasers billing address for high dollar purchases. The customers appreciate it, especially when you catch a fraudulent transaction in progress.

 

The area code of the telephone number provided does not match the area code expected for the billing address. There is an Area Code Lookup Table online. It's easy to find and use.

 

A long list of items on the purchase. Fortunately my customers typically order one or two items. When I see a list of 6-7 items I get suspicious.

 

Expedited shipping. Most people that order online are not as interested in fast delivery as they are in finding the purchase at a lower price. So if you see a $150 purchase and they want to spend $50 to get it there fast then I would take a second look. Most criminals want to get the transaction and delivery done and get away fast..

 

Business purchasers delivering to residential addresses, or vis a vis.

 

Then there are the deliveries to PO Boxes that a lot of people are leery of. Deliveries to Mail Drop Box stores. Deliveries to hotel rooms, and sometimes even apartment buildings. Again, knowing your industry may add some additional or completely discount some of these as perfectly legitimate possibilities. Then there is a long list of countries that are known for attempting fraud transactions. I won't go there...

 

 

So, what do you do when you get that bad feeling about a transaction? Here are some of my possible actions:

 

Verify the phone number against the credit card.

Verify the area code against the city/state.

Look up the purchasers on Google. You would be surprised what you can learn.

On high dollar purchasers I contact the purchaser by alternate means (not provided by the purchaser online)

Call your merchant provider and they will review the transaction and notify the cardholder to verify the transaction.

 

What are some of the things you do when you suspect a fraudulent transaction? Or, what else do you do to prevent bad authorizations and/or transactions?

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Link to comment
Share on other sites

And, for any suspected transaction, go to the web page of the email provider. For example, if you have a transaction you suspect is a fraud, and the user signed up with the email address [email protected] then go to the web page www.buyemail.org and see what is there. Many 'parked' domains, or search assistant domains, will not reject bad email addresses. Therefore, if you were to send status email messages to the address you would not get an undeliverable message even though the email address is no good.

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...