Preventing Order Fraud

Over the past several months we have seen an increase of fraudulent order attempts on our customers' websites. This is a disturbing trend and one that requires more vigilance on the part of Ecommerce site owners. The approach we recommend is one that involves a three-pronged approach: preparation, scrutiny, and follow-up.

Preparation

* Use a secure server. If you are already hosting your site with MightyMerchant, your transactions are going through a secure server. If you aren't using a secure server, you could actually be contributing to credit card fraud. The key element is for your checkout pages - where your customer enters their credit card information to have the correct security measures in place. You should be able to confirm this by seeing a "lock" symbol in the corner of the browser and the web page address should begin with "https" instead of "http".

* Keep good records. Record keeping is a good idea in general. If you haven't done so already, set up a filing system for all business and customer information. Specifically in the context of preventing fraud, record keeping will allow you to easily spot patterns suggesting repeat offenders.

* Use a real-time credit card authorization gateway on your site. This will verify that the credit card number exists and that it has not been reported stolen. It is possible that someone can steal a card number and make a charge against it, so be aware of orders that are abnormally large or exhibit one of the other "red flags" described below.

* Use the Address Verification System (AVS). This will confirm that the address and zip code given by the customer matches the address and zip code associated with the credit card. If you are using a credit card gateway, this feature can easily be turned on and configured. Please note that although AVS is a good technique to use, it is by no means foolproof and has definite limitations.

* Use Card Verification Codes (CVC). Most credit cards have a special 3 or 4 digit number printed on the back. This number does not appear on statements, receipts, or anywhere else other than on the card. We recommend including this field on your payment form and using it to verify your customers' credit cards. If the customer can give you this number (and it successfully goes through the verification system of the particular credit card company), there is a good chance they are actually in possession of the card.

* Post a warning on your website that says you use anti-fraud procedures. Simple, but effective. Some people won't attempt credit card fraud if they think it's going to be too much trouble or too dangerous.

* E-mail address from a free provider
* Shipping address doesn't match the mailing address
* IP address is from a different country than the addresses given
* Large orders from first-time customers
* International orders
* Orders with incomplete information
* Overnight/Express delivery
* Same shipping address, different credit cards
* Multiple orders sent from the same IP address
* Same credit card number, different expiration dates
* Orders with an unusually high number of the same item
* A phone number from a different state than the billing address

The appearance of one or two of these indicators isn't conclusive, of course, but several of these red flags coming through on your orders is a cause for concern.

Follow-Up

If you think you've discovered orders with a fraudulent intent, you'll want to do some research and customer follow-up. Here are some procedures to go through if you suspect fraud:

* Look up the person's telephone number at http://www.switchboard.com/ and see if the resulting information matches what was given to you.

* Send the person an E-mail. If it bounces back, you'll know something strange is going on.

* Telephone the person. Tell the person that you need the name of the bank that issued the card for verification purposes. In most cases, only the real owner would have this information.

It's not always easy to spot fraud, but these tips are concrete things you can do to protect yourself. There's no need to treat every order with suspicion, but staying watchful and vigilant before there is a problem can save you time, money and the hardship of cleaning up the aftermath of credit card fraud.