| Growing side by side with the worldwide increase in | | | | every fraudulent order we encounter at our online |
| internet usage and online sales is the notorious | | | | store involves overnight shipping. People placing |
| cesspool of frauds seeking to find a flaw in whatever | | | | fraudulent orders typically show no regard for cost, |
| system they can to exploit anyone who uses (or | | | | since they aren't actually paying for the order. Most |
| accepts) credit cards. Pretty well everyone associated | | | | stores offer discounts for customers who order |
| with any significant online business knows that without | | | | products in large quantities. When a customer goes to |
| fraud prevention controls in place, businesses are set | | | | our store and orders fifty basketball jerseys at the |
| up for substantial financial losses. There are a few | | | | retail price without calling to check on a discount, it |
| trends we have noticed that should be helpful for | | | | raises a red flag about their intentions. |
| anyone involved in the operation of an online store. | | | | Checking the IP address of a customer can help to |
| Detecting a fraudulent customer | | | | identify where the customer was physically located |
| There are some distinct behavioral patterns exhibited | | | | when an order was placed. We have received many |
| by the majority of the perpetrators of fraudulent | | | | fraudulent orders from Ghana and Nigeria. The |
| purchases online. In the majority of cases we | | | | prospective thieves set up a network that allows them |
| encounter, the person attempting to make a fraudulent | | | | to have a product shipped to an address in the United |
| order has stolen someone's credit card (likely from a | | | | States and then forwarded to them in their home |
| restaurant or retail store) or has purchased a list of | | | | country or sold in the US, with some of the proceeds |
| credit card numbers from an identity theft black | | | | going to the criminal who originally placed the order. |
| market. In cases such as those, the fraud likely has a | | | | The order is normally shipped to a house or business |
| credit card number and expiration date, but nothing | | | | office that is vacant, or the item is stolen by someone |
| else to verify his identity. In some cases, the fraudulent | | | | in the fraud network after UPS or FedEx drop the |
| customer has been thorough enough to get the 3-digit | | | | product off at the shipping address. We have noticed |
| CVV number from the back of the stolen credit card. | | | | a connection between fraudulent orders placed from |
| In either of these situations, figuring out that the | | | | computers in Venezuela that are shipped to Miami. |
| customer is using a stolen credit card is a fairly simple | | | | Close to twenty percent of the orders placed on our |
| process. If he can't verify the billing address associated | | | | online store with shipping addresses in Miami are |
| with the credit card, chances are you have a | | | | fraudulent ones that were placed from Venezuela or |
| fraudulent customer. | | | | another Latin American country using a stolen credit |
| Most of the time, fraudulent customers try to keep | | | | card. |
| themselves isolated from the business they're trying to | | | | How to Reduce Fraud on Your Online Store |
| scam, for obvious reasons. When they sign up for a | | | | A simple solution to the problem of international fraud |
| customer account, they provide a telephone number | | | | involves blocking people from certain countries from |
| that doesn't work. Often we even see bogus area | | | | accessing your web site. We found a list of IP |
| codes used in telephone numbers provided by | | | | addresses that originate from Ghana and Nigeria, and |
| fraudulent customers. Our online store requires an | | | | we set up our web server to deny users from those |
| email address from customers. Because free public | | | | countries from accessing our store. Not only does it |
| email addresses (like those from Yahoo.com, | | | | greatly reduce the risk of being taken by someone |
| Hotmail.com, or Gmail.com) are difficult to trace back to | | | | placing a fraudulent order from there, but it reduces the |
| their owners, most fraudulent customers use one of | | | | amount of time we have to spend investigating and |
| those kinds of no-hassle email addresses. | | | | canceling orders we determine to be fraudulent. If you |
| In our experience, the most obvious of fraudulent | | | | are not willing to take the risk of shipping to addresses |
| customers naturally seem to be the dumbest. We | | | | outside the United States, you can successfully block |
| often receive emails from people who ask whether | | | | most people from accessing your site outside of the |
| we accept credit cards for payment and then ask us | | | | country. |
| to send them a list of products we sell. It's not hard to | | | | If you are set on serving the international community, |
| tell that those emails are fishing for scam opportunities. | | | | you can still reduce your risk. Any order we receive |
| Other fraudulent customers will ask for multiple | | | | from countries besides the United States, Canada, and |
| quantities of a specific product found on our web site, | | | | the United Kingdom has to be shipped to an address |
| and they'll ask whether we accept international credit | | | | that is validated through PayPal or through the credit |
| cards. These emails typically mention that the sender is | | | | card issuing company. Keeping such a policy as this in |
| buying products for some worthy cause, and they'll | | | | place enables an online store owner to be confident |
| use a benign name (such as "Doctor Johnson" or | | | | he's shipping international orders to a recipient who has |
| "Pastor Murphy") that the perpetrator believes will | | | | legitimately paid for the product and isn't using a stolen |
| convince the owner of an online store that he's not | | | | credit card. Visa and MasterCard have made it a |
| being duped. I'm pretty confident that online businesses | | | | straight forward procedure to contact the bank that |
| rarely fall for those tricks, especially since most of the | | | | issued any card with either of their names on it. |
| "Doctor Johnsons" we encounter appear to not spell | | | | Merchant account security settings |
| very well and have poor grammar. | | | | Merchant accounts allow store owners to set security |
| There are some fraudulent customers who are | | | | levels to catch billing address or CVV mismatches, |
| smarter and bolder than the typical ones I've discussed. | | | | flagging orders that are made by people using stolen |
| We've encountered customers using stolen credit | | | | credit cards. To prevent fraud, make sure your |
| cards who use valid phone numbers and email | | | | merchant account checks the billing address and zip |
| addresses, and who communicate as if they are | | | | code given to you by any new customer using a credit |
| legitimate. Sometimes we don't find out until after the | | | | card. |
| order has been delivered that the customer was | | | | Payment Policies |
| actually using a stolen credit card. In one particular | | | | If you accept methods of payment besides credit |
| case, a customer's billing address didn't match the | | | | cards, it is wise to implement policies that prevent your |
| address on file with the credit card issuer. A phone call | | | | company from shipping items to someone who has no |
| was made to the customer, and he matter-of-factly | | | | intention of paying. If a customer hasn't established |
| gave a different billing address. Because of a glitch in | | | | credit with your store, require that payments made |
| our merchant account system, the order was shipped | | | | using a check be cleared before an order is shipped. |
| even though the alternate billing address wasn't the | | | | We have seen checks bounce after more than five |
| correct one either. The end result was a free set of | | | | business days after being deposited, and on one |
| six hundred dollars worth of football jerseys for a thief | | | | occasion a check bounced even after a customer |
| in Dallas, Texas. Another fraudulent customer ordered | | | | service representative from our bank claimed it had |
| some gym bags and requested that they be sent | | | | cleared. The truth is it's almost impossible for your bank |
| overnight to Miami, Florida. She wasn't dissuaded when | | | | to tell you whether a check has cleared an account in |
| she was contacted and told that her check had to | | | | another bank (especially if the banks are in different |
| clear the bank before her order could be shipped. She | | | | states) without researching it with the other bank |
| persisted and mailed a bogus check from an account | | | | directly. If the customer is in a hurry to receive a |
| that didn't exist. | | | | product, he can expedite a money order to you, or |
| Here are some principles that should help with | | | | pay using a credit card. You can also use wire |
| combating fraud from customers shopping at your | | | | transfers or WU money transfers to ensure you have |
| company's online store. | | | | the payment in hand before shipping an order. |
| Common Indicators of Fraud | | | | Conclusion |
| The most common characteristic of fraudulent orders | | | | Our company has learned some of these principles |
| is a request for expedited shipping. Thinking about it | | | | the hard way, and it's cost us thousands of dollars. |
| from a thief's perspective, one of the best ways to | | | | Spending the time to ensure that your fraud prevention |
| have an order picked, packaged, and out the | | | | controls are solid is well worth the hassle. Hopefully the |
| warehouse door without a thorough check to validate | | | | tips and guidelines included in this article have been |
| the order is to request overnight shipping. Almost | | | | helpful to your organization. |