Detecting online credit card fraud is an ongoing problem. As the fraudsters get more intelligent, the problem gets harder to handle. Sure, AVS helps but it’s not nearly foolproof enough to be reliable.
Lately, the new pattern has been to have an item ship to the credit card’s billing address then attempt to reroute the package after it ships to the new location. Calling UPS to disable this option on your account can solve this, so at least you can get your item back, if there is a fraud attempt. We did this years ago.
Lately, I’ve found the easiest way to detect fraud is to look at the email address – assuming you smell something suspicious about an order. For example:
Ship to Elizabeth Standard
Notice how the email address has no logical connection to the ship to or bill-to’s name. It’s (more or less) a random string of characters going to a free email address such as yahoo or MSN. Now, not everyone will make their email address “estandard@XXXX.com” or “elizabeth.standard@XXXX.com” of course. But, generally, people will try to relate their email address to themselves, simply so they can remember it. Such as “lizsflowers@XXX.com” or “Lizlovestoknit@XXXX.com” – where there is a somewhat logical connection to the person and their email address.
Over the years we’ve been doing this, very few people will have a name such as “Elizabeth Standard” and then have an email address that doesn’t, in any way, connect to the person. Even if the email address is “ilovefuzzybunnies@XXX.com” the logical string of words makes it far more likely that this person is real and that this order is not fraudulent.
If you are new to verifying credit cards, I’d recommend a basic flow chart questionable transactions, something like this:
- Does AVS Match? CVV?
- Is the shipping address same as the billing? Are they valid addresses?
- Is the phone number valid? (This can be hard to know, though, especially during business hours – customer might be at work)
- Is the IP address logically close to the billing address (IE, if the IP originates in CA, while the person claims to live in VA, it might be suspect – but this is not 100%)
- Is the email address related to the person in some way?
Another suspicious things that a fraudster will do is to send a weird email after the order has been placed:
GREAT SITE VERY WELL LAID OUT
This sort of communication should immediately raise a red flag. You’d be surprised how many fraudsters will obsess over their criminal activity by contacting you constantly about their order, so it’s smart to keep track of contacts in relation to orders – especially if they do so “too soon” after an order is placed. This sort of thing can take a while to get used to; but your average customer will not pester you about shipping information moments after an order is placed but, oddly, a fraudster will.
This year is already gunning for a bad year for credit card fraud online, so merchants, try to protect yourself.