Credit card fraud is big business, with a big price tag for everyone – and unfortunately on some eCommerce websites it is easy to make a purchase with a stolen credit card without being detected.
All online merchants have access to security settings in their credit card processing accounts, which they should discuss with their gateway providers for optimal use to prevent fraudulent orders. In the Nexternal platform, merchants can require the CVV number (“Card Verification Value”), virtually eliminating the ability for those with stolen credit card numbers, but not the cards themselves, to place online orders.
Merchants who use Nexternal’s eCommerce platform enjoy several additional security features that allow the merchant to block access to the online store (and the order management system) to specific countries or IP ranges, so that orders cannot be placed from those locations, and access to the Order Management System can’t occur from those locations. Also, Nexternal’s eCommerce platform automatically flags any order that was placed from an allowed IP address in a country that differs from the country of the billing address.
However, when an order gets flagged or simply looks suspicious – many merchants ask what to do next? How to vet an online order for fraud? It’s certainly not an exact science – but here are some easy steps to consider:
1. Take a look at other aspects of the order.
• Has expedited shipping been selected? (regardless of price in relation to the product(s) ordered) This is especially suspicious when the order is placed from one country but shipping to another, or when the IP from which the order is placed differs from the billing IP.
• Are the items being ordered from overseas but being delivered domestically? In many cases (except perhaps with overseas military) this is a big red flag.
• Check out how many card attempts were made in order to successfully complete the order. If someone tried 40 cards (or even 10!) before one worked, you know it’s fraud! (In Nexternal, you can limit the number of attempts allowed in settings/compatible software/payment gateways/preferences – we recommend 3-4 tops. And you can view how many card attempts there were on any order, in the credit card terminal for that order – you can also see the last 4 digits of each card to verify whether the attempted cards were the same card or different cards.)
• Does the email address look suspicious? Very few legitimate email addresses consist of long strings of numbers or unrelated letters.
• Do the shipping and billing addresses seem legitimate? Google them and see what comes up. Feel good? Feel suspect?
• Is this a new-ish but frequent, repeat purchaser of fairly large amounts? Why would they need or be willing suddenly to spend so much on your products so frequently? Check it out!
2. Call the purchaser.
• See if they answer the phone – many fraudulent purchasers will try to switch the conversation to email using any excuse, or won’t respond at all. If you think the order may be fraudulent, let them know via voicemail that you can’t ship until you speak to them. And mean it.
• If they do get on the phone with you – verify some information on the order or clarify what was ordered – or you can say that you are having trouble charging the credit card and need to verify the number!
• Ask them about addresses in two different countries – why? How are the purchaser and recipient related? What’s the occasion for the purchase? Do not ship if you don’t feel completely comfortable with the answers.
• Notice how you feel in general when on the phone with them – chat with them, ask them some questions about themselves – as if they were standing in front of you with a smile. Listen to how they react, and see how you feel.
There’s no rule book, and often no black and white – just listen to your gut. Regardless of your experience level, your gut is usually right. Review all your orders if possible, prior to fulfillment. Don’t delay in taking these investigative steps when you smell fraud – flag or no flag, and if you think an order might be fraudulent after taking some or all of the steps above, don’t delay in canceling it. Of course, when you do so, it’s best to write the customer a note letting them know you have canceled the order. You may even mention that it’s because the order was flagged by your software as potentially fraudulent. Be polite – it’s possible they are legitimate!