August 19, 2016
Be Your Own Fraud Team
Tips for Small Businesses Trying to Fight Fraud
By Karisse Hendrick, Editor-at-Large, CardNotPresent.com
As e-commerce fraud has increased explosively over the last 15 years, most medium to large card-not-present companies have tapped their available resources and invested in teams and tools to protect themselves. But, as larger companies have become better at pinpointing fraud, criminals have moved on to smaller, usually more vulnerable, companies.
The cost of even one fraud order can have a much stronger impact on a smaller business than on a larger one. But, because most of these companies don’t have dedicated fraud teams, tools or processes—unless they’ve been burned before—it can be difficult to know the right steps to take, even if they come across an order that seems suspicious.
What does fraud look like?
As fraudsters become more sophisticated, fraudulent orders are looking more like legitimate orders. However, there are a few things to keep in mind as you look at an order that can help you tell the difference.
The best way to know if you should be looking closer at an order is to know what a good order on your Website looks like. What is the average dollar transaction? What shipping method is typically selected? Do customers usually ship the item(s) to their home or a business? Do they usually contact you outside the order process for additional questions about their order? Understanding these identifiers will be key to knowing which orders to pay closer attention to. When you find an order that looks different than an average order, trust your gut. If the overall story doesn’t make sense for a good customer, then consider taking a second look at the order.
As you do that, continually ask yourself, “does this make sense?” If a new customer has placed a high-dollar order with the shipping address in a different state than the billing address and the shipping is expedited, can you explain why? Could this be a surprise Christmas gift, or could the cardholder be unaware of the purchase? Would the average person use this e-mail address or is it something that probably doesn’t make a lot of sense (ex. firstname.lastname@example.org or Iamforreal@example.com)? If the person who placed the order is contacting customer service often to confirm the order, are they really excited about their order or are they nervous that the order might be canceled?
What can I do to know for sure if this is a good or bad order?
For small companies that don’t have sophisticated fraud tools or dedicated teams, there are a few things you can do to give yourself peace of mind before fulfilling an order.
- Do a “reverse look-up” on the phone number and/or shipping address of an order. This will provide a fairly accurate explanation for who the phone is registered to and where the item is being shipped to, and will help answer the “does this make sense?” question.
- Perform a search engine look up on the e-mail address provided. You can also use the search function to look up the e-mail address. If you see that several accounts are registered to this e-mail address, and the registered name (if available) matches the person making the purchase on your Website, this is a lot more credible than if you cannot find any history for this e-mail.
- Call the phone number listed on the order. Be prepared to talk to either the legitimate customer or a trained fraudster. If the phone number is disconnected, this can make your decision fairly easy. If someone answers, however, ask to speak to the customer’s name and then simply advise that you wanted to confirm the details of their order. Ask simple questions like, “where are you shipping this item to?” or “what is this for?” Are they caught off guard and grasping for an answer or do they sound sincere? How they respond to these questions can help you know what to do.*
Once you have gone through a couple of these steps, you should have a pretty good idea if this order was made by the cardholder or by a fraudster. If it still just doesn’t feel right, you’ll need to decide if it is worth the risk or if you should cancel the order. When canceling an order, be sure that you do not charge the credit card for that order. If you already have, issue a proactive refund, since you will not be providing the goods or services ordered and this would open you up to a chargeback.
It is also important to advise the customer their order was canceled. E-mail is the best way to do this. Let them know there was an issue with the order and you are unable to fulfill it. Be sure, though, that you do not give any indication of why the order was canceled. Doing so could provide information to the fraudster about what you look at and how to appear more legitimate next time. If, after receiving the e-mail, the customer contacts you and sounds legitimate, you can always have them place their order again. But, it is almost impossible to recover the product if it is shipped and turns out to be fraud.
It is important to stay vigilant in vetting questionable transactions. Once a fraudster succeeds in receiving a product from your store using a stolen credit card, more fraud is sure to follow. If you find you are experiencing more than just a few fraud attempts per month, you may want to consider hiring a full-time staff member to review transactions or reach out to a consultant to build a process and potentially select a tool that can make the review process more automated. While these steps may require an upfront investment, they will pay for themselves in lost-revenue avoidance.
Beyond everything else, always trust your gut. One of the biggest mistakes small businesses make when they receive a high-dollar order is get excited about the large purchase, which can sometimes cloud common sense. Keep in mind that if this order turns out to be fraudulent, you will have to repay the cardholder for the purchase (via chargeback) and will also have no way to recover the item. So, slow down and trust your instincts.
*While these are valuable tips, no one suggestion will guarantee that an order is fraudulent or not.