In Part 1 of this post, I looked at some of the ways that you can tell if an order is fraudulent. In Part 2, I want to share techniques for rejecting those fraudulent orders to save your business from losing out on thousands of dollars in lost products and potential chargebacks.
Each of these is a specific technique we employed for fighting ecommerce fraud. The more of these you practice, the more powerful your fraud fighting arsenal will be!
Assess all orders
In the ideal world, you should screen every single order that comes your way – remember the Ministry Of Order Control! In practice, that’s not always possible. Here are two scenarios for you:
- A company sells hundreds (or thousands) of items a day, each under $10. They can’t possibly screen every order – so they rely on their system to flag suspicious orders, as well as a bit of manual work (again, check my last post). Some chargebacks will slip through, but that’s all a part of being in ecommerce.
- Another company sells only a couple of items every week – very expensive rugs and carpets. Because their products are so expensive, and orders so infrequent, they have the time to manually vet each order to ensure it’s legitimate. Again, one or two may slip through over the space of a few years, but on the whole this company has a much easier time weeding out the bad eggs.
Decide which category your company falls into, and work out how much time you can afford to spend vetting orders.
Don’t rely on your CMS
In my previous post I discussed the fact that some content management systems will flag any potentially fraudulent orders, automatically.
It’s a handy feature but not an exact science – some of the most expensive chargebacks we dealt with were not flagged, whereas some [genuine] customers who ordered from us every couple of weeks had their orders flagged every single time (we learned just to process them because they’re legit).
So those flags in your CMS are really useful, but take them with a grain of salt. They’re for indication only – that order might be a bad one. At the same time, bad orders can come through with no red flags at all, I’ve seen it happen. Refer back to Part 1 to help detect fraudulent orders.
Send everything tracked (if possible)
One of the best ways to avoid chargebacks is to send your packages tracked so you can confirm delivery.
Now, you’re not 100% free of chargebacks if you use tracked delivery… some payment processes (like WorldPay) will not cover you even if the item has been delivered and signed for, and a chargeback has been initiated. Other payment processors, like PayPal, may cover you.
If you’re going to the trouble of sending all of your orders by tracked delivery, make sure you use a payment gateway that will not debit your merchant account if a chargeback occurs when you can prove delivery to the stated address.
Use ‘3D Secure’
There are various enhanced security schemes that can be incorporated into the checkout flow, including 3D Secure. It involves the customer entering a secret password as part of the payment process, and the zip code entered has to correlate with that of the billing address.
While 3D Secure might appear to be the answer to your prayers, bear in mind it can bring some limitations to the way your checkout functions – and it can lead to a fall in conversion rate.
In general, the more hoops you introduce for customers when checking out, the more people fall away before converting (even legitimate customers). If fraud isn’t a massive hindrance to your business and one or two chargebacks a month occur, perhaps you can forego 3D Secure. If fraud is a big problem, however, it’s definitely an option to consider.
Report all fraudulent activity
At my last company, we reported all fraudulent activity to hopefully prevent another company out there falling victim to the same scammer. The size of a chargeback dictated who we report the fraud to – a couple of chargebacks we received for over $500 were actually reported to the police, who raided one fraudster’s home and recovered all of the products we shipped to them. It was actually pretty awesome!
Different countries have different procedures in place for reporting minor and major fraud. For smaller instances of fraud, perhaps calling the local police department isn’t the best way to deal with it – however on larger scale fraud, a non-emergency call to the local police isn’t a bad idea.
Record all fraudulent zip codes
Another way to help you identify fraudulent orders and prevent falling victim to the same person twice is to record all information supplied – including IP address(es), postal addresses, billing addresses, zip codes and so on. Some ecommerce platforms, like Shopify, allow you to build fraud rules to automatically cancel orders that fit certain parameters.
Recording as much information about fraudsters as possible allows those businesses processing just a couple of orders each day to manually cross reference known addresses and zip codes – just for that extra peace of mind.
Cancel orders quickly
Do you think an order is fraudulent? Cancel it. Quickly.
However, when canceling potentially fraudulent orders, be sure to email customers quickly and politely – just in case they aren’t scammers after all… (it happens)
Even though I’ve dealt with lots of chargebacks and fraud cases, I still got things wrong from time to time. Usually a quick email explaining our internal system identified their order as potentially fraudulent is enough. If the person is genuine, we then take their order over the telephone or invite them to reorder using PayPal, which offers us more protection should things take a turn for the worse further down the line.
Detecting and rejecting fraudulent orders is not straightforward, no matter how much experience you have. As long as you recognize there are people out there with dubious intentions, and as long as you know how to identify the tell tale signs, you can catch and diffuse potentially expensive situations before they ever materialize.
I hope these strategies can help your team with fighting ecommerce fraud, just as they have me.
Practice any other techniques that you want to share with us? Leave us a comment!