Who loves being a victim of online fraud? That’s right: no one.
Online retailers are facing record high risks and losing billions of dollars each year from internet-savvy thieves and their credit card fraud. But these fraudsters aren’t invincible, and any shrewd business can stop credit card fraud in its tracks.
Here are a few tips to make sure you’re not about to become their next victim.
If you have an eCommerce solution like RevolutionParts, all of these factors will show up in our fraud scoring tool. The more red flags a buyer raises, the higher their score will appear. You can even click on the score to see more information, like which specific behaviors are suspicious.
It still helps to know the basics of detecting online fraud, so you can make the most informed decision possible when fulfilling orders. That said, a letting a high-value fraudulent order go through by accident can set your team back by WEEKS, so its best to play on the safe side.
1. The billing and shipping addresses don’t match.
Is the customer's billing address different than the shipping address? While this one by itself isn’t an automatic reason for alarm, it’s something to take note of—especially if the billing, shipping, and IP addresses are all states or even countries apart.
There are plenty of honest reasons the addresses wouldn't match. The customer could be ordering a gift, they could have just moved and hadn't had a chance to change their billing address, and so on.
Then again, it could also be a not-so-honest customer with a stolen card and its stolen billing address.
2. The order values are abnormally high, with expedited shipping.
Most fraudsters have limited time before their stolen card is canceled. So if they’re going to get away with something, they’ll try to maximize their takings.
This means a HIGH order value plus the fastest shipping option available. Any online parts seller will know that shipping auto parts is costly enough as it is, so expedited shipping can get incredibly steep. Sometimes, it just doesn't make sense for a shopper to be willing to pay such a high price.
Again, this by itself isn’t a reason to instantly deny the purchase, but be smart about it. Is the “customer” ordering an abnormally large amount of product? Are they paying more for shipping than the product itself? Like, $500 of shipping for a $250 purchase?
3. The billing or shipping address seems a bit… off.
Does the zip code match the area code? Does that address even exist? Check the provided billing address in Google Maps or another mapping service in order to verify the place exists.
RevolutionParts actually provides a link to Google Maps street view next to the shipping address on the order page so dealers can quickly check to see if the location is an abandoned house.
To further ease your mind, confirm that the credit card’s issuing country and billing address country are the same. Sometimes, honest customers made an honest typo and there’s no cause for alarm—simply call them to confirm their billing address.
4. The IP address doesn’t match the shipping address.
Since an IP address can tell you a lot about where your customer is ordering from, it might be a bit suspicious when it doesn’t line up with the other addresses. It’s an especially big red flag is the IP address is from an entirely different country.
For example, if the IP address claims someone is in New York, but their billing address is listed as Canadian and the shipping address is somewhere in Africa, then that mix of locations should raise an eyebrow.
Sometimes it’s nothing to worry about. Someone living in Canada might be purchasing a part for their friend or family member in the US. Still, it’s outside the norm and should be enough to look over their order for other red flags.
5. The IP address points to a high-risk area.
Certain countries and neighborhoods see higher rates of fraud than others. While it shouldn’t be an end-all decider, it’s something to keep in mind when you process orders from a high-risk country that already raise multiple flags for fraud.
SiftScience compiled a list of the top 25 high-risk countries based on a sampling of online transaction data, but the list varies among other studies.
Certain fraud detectors (such as the one on the RevolutionParts platform) will alert you to high-risk areas so you don’t need to memorize a list of risky locations.
6. The order was placed with a Proxy server.
With a Proxy server, Internet users can hide their real IP address and effectively remain anonymous and undetected.
Not everyone uses a Proxy server for evil, but fraudsters definitely like them. It’s an easy way to trick merchants into thinking the “customer” is in New York, rather than in a high risk country like Nigeria or Romania.
Dealers selling parts through the RevolutionParts platform automatically get fraud screening service, which detects proxy servers for them.
7. They have a shady email address.
Would a real customer have an email like email@example.com? Maybe. Probably not. Yeah, it’s pretty unlikely. It only takes a second to check the customer’s email, and usually the “address” they give you will be a dead giveaway for fraud.
Here's another pro tip: In general, fraudsters prefer to use free email addresses (Hotmail, Gmail, Yahoo, etc). The majority of your customers will be using these free email addresses too, but at least being aware of this preference can help you spot a problem. A business address (such as firstname.lastname@example.org) can be helpful evidence that an order is legitimate.
8. The shipping address is a PO box.
In order to hide their actual address, many fraudsters set up alternate means of receiving their parts. While it isn’t always the case, PO boxes, drop ship address, and mail forwarding address are typically a sign of fraud.
Some dealerships flat out refuse to ship to these addresses, but it’s up to you to decide.
9. The customer didn’t provide a phone number.
As a safety practice to avoid online fraud, you should always require your customers to provide a phone number. This additional information will allow you to contact them and confirm their identity.
Fraudsters want to provide you as little accurate information as possible. Even if they provide a number, you should call suspicious-looking orders to confirm that the number is real.
Don't want to call someone up? Don't worry—Fraudsters don't want to talk to you, either. Most of the time, the phone number on a fraudulent order won't even work, since they just typed in random numbers instead of real contact info.
10. The buyer isn’t verified on PayPal
If a customer is purchasing from you though PayPal, you should be aware of whether or not they are a verified member.
Verified members have gone through PayPal’s process in order to establish their identity. Depending on the country, this might mean adding and confirming a bank account. You can read more about Verification from PayPal’s website.
To find this information, go through your History tab on PayPal. And even though an unverified member might raise a red flag, you should also consider other factors such as the length of their PayPal membership and their reputation scores.
If you’re still having doubts, contact the customer!
Calling will not only verify they’ve provided you with the correct phone number, but also give you a chance to speak with them, ask questions, and request further confirmation of their identity. The customer will appreciate your dedication to security.
For more preventative measures:
- Always use tracking numbers. Tracking numbers will prove the package was delivered, in case a customer claims it never arrived.
- For expensive items, require a signature and never leave the package at the door. Sometimes fraudsters will have the product shipped to an abandoned house where they can pick it up without giving away their true location.
Having a secure and reliable eCommerce solution also helps, since it will make your dealership a harder target for fraud. If you look like easy pickings, fraudsters will jump on the opportunity!
If you’re vigilant, aware, and informed, you can reduce fraud significantly!
Editor's Note: This article was originally published in March 2015, but has been updated to include a more in-depth analysis and more accurate information.