eCommerce, Retail

eCommerce credit card fraud: how to catch (and prevent) a thief

BY Crystal Gilliam 25 Nov, "15

For eCommerce retailers, it’s an unfortunately familiar scenario. You receive an amazingly large order from a new customer. It’s an unprecedented sale for your store and business looks good. But at closer look, something just isn’t quite right.

With a little research, you realize it’s a case of credit card fraud, hopefully before you’ve shipped anything. Party over. While it’s difficult to catch 100% percent of fraudulent orders, there are some ways to identify credit card fraud, and some things you can do to prevent it from happening in the first place.

A little fraud overview

Avoiding eCommerce credit card fraud entirely is pretty much impossible. According to an online fraud report by CyberSource from 2013, credit card fraud caused an estimated $3.5 billion (USD) loss in total revenue to eCommerce retailers in North America the previous year.

What are some of the common characteristics of many fraudulent orders? CyberSource found that it is becoming more and more likely for fraudulent transactions to come from purchases made on mobile devices. Another common characteristic: international orders. While the survey found that fraud makes up about 0.9% of total orders for any given retail store, that number goes up to 1.6% for half of those who sold retail internationally, indicating a much more significant risk.

mobile credit card fraud

It’s all about the prevention

So, what’s the first step in fighting this credit card fraud? Doing all you can to prevent it from happening in the first place. There are several preventative steps you can take against these fake orders.

- Make your website as secure as possible.

Make sure your site has an SSL certificate, which is a tool that encrypts and protects data that is passed between sites; or in other words between your customer, your site, and the credit card scammers. Your customers will also feel safer providing you with that personal info and credit card details over a secure connection.

- Bring your website up to PCI standards

PCI is the Payment Card Industry, a group made up of the major credit card companies. This group establishes standards for secure financial transactions online. They developed the PCI DSS (Data Security Standard), which is a set of requirements your site should follow to be considered trustworthy enough to handle credit card information. Using an SSL certificate is one of these standards, and implementing all the PCI standards will only make your site more secure and customers more trusting.

- Verify your payment methods

If you deal with PayPal, only allow verified, confirmed accounts. With credit cards, see if you want to participate in extra verification programs like Verified by Visa or MasterCard SecureCode. Also for credit cards, require those extra digits that are always hanging around...

- Require CVV/CSC/CID verification

CVV/CSC/CID are just the numbers on the back or front of Visa/MasterCard/American Express credit cards required for extra verification. It can be a challenge to get these codes if the person committing the fraud doesn’t have the card itself. This could be the difference between an order passing through or not.

- Use an AVS or Address Verification System

This system piles on the verification, checking the billing address provided on your site by the customer with the billing address of the credit card on file with the credit card company. Again, it’s an additional step to check that the person using the card is who they say they are.

Your fraud screening process

And now, how to catch the orders that do make it through all your preventative steps? There are a few ways you can set up an effective screening process to catch a thief.

- Use software that performs automated screening as a first step.

Fraud screening software programs, such as Kount, LexisNexis or ThreatMetrix, are able to quickly and easily cross references data provided to identify any big red flags.

- Send orders that are flagged by the software can go on to a manual review.

There’s not really a ‘one-size fits all’ way that people use to commit fraud, so invest in training your team on ways to identify a fraudulent order. As your team develops your own review processes using the preventative steps we’ve outlined, you’ll probably start to see some patterns of credit card fraud that include discrepancies in address, telephone number, email address and other personal details that don’t match.

Follow up

Once you have those screened, what’s best way to check if an order is fraud? Contact the customer, either by phone or email. Many retailers worry about offending an actual customer with a verification email. But this method, if you have the resources, can easily prove if the order is legit or not.

If you do find that the fraud has been committed, you may want to take the extra step of contacting the person whose details are being used, especially if they are existing customers. This will build trust of your company and, you know, it’s the right thing to do. You could also report the fraud to the credit card company.

prevent credit card fraud

Spotting a fraudulent order

While the methods people use to commit credit card fraud vary greatly, there are some common red flags for fraudulent orders. The following list isn’t a definitive way to identify fraud. But, it helps to keep an eye out for any one or a combination of the following to spot a fraudulent order:

- A brand new customer who makes a very large order.

If it seems like the order is too big and good to be true, it’s worth checking out if it is actually a real order. -Any size order that lists a P.O. Box as a shipping address.

- An order that comes from a random IP address

And one that doesn’t match the country’s shipping address. Or, multiple transactions from the same IP address.

- An order that lists a strange email address.

Yes, we know you still have your email account '', which doesn’t seem weird to you at all, but email addresses can be a good indicator when it comes to fraud. Keep an eye out for email addresses that have nothing to do with the name of the customer. Or an email with a lot of random, non-sensical letters or numbers.

-An order that is completed with the same credit card that has just gone through multiple declined transactions.

These aren't foolproof, but any information provided that just doesn’t quite add up can be a really good indicator that the amazingly large order, isn’t quite what you had in mind.

Go with your gut

When it comes to eCommerce credit card fraud, there are many ways that orders slip through. But as a general rule, it’s safe to say that it’s worth the extra time to investigate suspicious orders. When you come across anything that strikes you as just not quite right, verify the order to make sure it’s all above board. We want you to sell as much as possible, but, of course, to actual people, rather than thieves around the world.

Source: 1 


See Also: 

10 ways to fight shopping cart abandonment on your eCommerce site

What's your retail niche market? 7 questions to help you find out

Don't let inventory theft steal your cheer this holiday season! 

Subscribe to our email updates

Get the latest expert advice and tools for your business

Maybe later, thanks!

Subscribe for insights into building world-class eCommerce companies