Avoiding Fraudulent Orders And Unscrupulous Customers

0
September 16, 2009
by Bryan Broussard

In this article, you’ll learn how to spot the signs of potentially fraudulent orders and protect yourself from unscrupulous consumers.

Currently, identity theft laws are anemic and law enforcement is often unwilling to pursue “minor” cases. Until the laws catch up and law enforcement begins to prosecute these cases more aggressively, online merchants are pretty much on their own.

Because of this, it pays to be informed about what you, as an online merchant, can do to protect yourself from credit card fraud and other deceptive activities.

As described in this tutorial, you can implement four proactive strategies to protect yourself and your business from fraud:

  • Prevention: Stop fraud by following fraud-prevention strategies.
  • Early detection: Watch for red flags that indicate possible fraud.
  • Investigation: When you notice suspicious activity, investigate.
  • Action: When you’re relatively certain that fraud is occurring, contact someone who can do something about it.

Protect yourself

Customers typically pay for merchandise with credit cards, checks, money orders, or PayPal payments. In the following sections, we reveal several ways to identify and stop the most common payment scams.

Preventing credit card cons

Credit card con artists have numerous hi-tech and no-tech ways of obtaining credit card numbers:

  • Hacking into internet sites where credit card numbers are stored.
  • Scanning the card into a reader/recorder when the card is out of the holder’s possession, even for an instant.
  • Duping an unwary card holder into providing credit card information over the phone or online (phishing).
  • Digging credit card receipts or statements out of trash cans.
  • Stealing the actual credit cards.
  • Reading the number when the holder uses the card at a store or restaurant (shoulder surfing).

Completely eliminating credit card fraud is impossible, but you can put a big dent in it by taking some fairly simple preventive measures, including the following :

  • Require the CVN (Card Verification Number).
  • Ensure your credit card processor is conducting AVS (Address Verification System) checks.
  • Ship only to the AVS approved billing address.

As shown below, the CVN is a 3-digit number (4-digits for American Express cards) that appears after the credit card number.

Card Verification Number

Card Verification Number

Because the CVN is not raised and is not programmed into the magnetic strip, it won’t show up on credit card receipts or on carbon copies, and it doesn’t register on magnetic strip readers. You have to read it off the card. The CVN provides some assurance (although no guarantee) that the person placing the order is the actual card holder.

Ensuring your credit card processor conducts AVS checks to verify customer addresses is not a guaranteed fraud deterrent, but it does at least guarantee that the person giving you the information knows the billing address that the card issuing bank has on file. All credit card processors have the ability to conduct AVS checks on your customers’ billing information, however, it’s important to know that some processors require that you request this service first. Conducting these checks improves the odds that you are dealing with the actual card holder.

Another preventive measure that can help is letting customers know that you ship only to the AVS approved billing address. Billing addresses are most often a person’s home residence. Identity thieves
generally aren’t willing to stake out a person’s home, waiting for the UPS, Fed Ex, or DHL driver to show up. Even then, the thief would have to rely on the possibility that no one is home and hope the driver
leaves the package at the door.

Although the previous preventive measures provide pretty good security against most credit card cons, you can take some additional failsafe measures:

  • Ask for wire transfers for large orders—Requesting wire transfers on all orders over $2,000, not only to protect yourself, but to protect your customers as well. Wire transfers are as good as
    cash. Once the money has been wired to your account, the sender cannot get that money back. Someone attempting to commit fraud generally would not agree to send you money they know they’ll never see again.
  • Use well-known escrow services—Using an escrow service benefits both the buyer and the seller. Escrow accounts ensure that sellers get their money and buyers get what they paid for. An exception to the rule occurs when someone sets up a bogus escrow service to defraud you. Never agree to use an escrow service that you don’t know for sure is legitimate and trustworthy.
  • Log IP addresses—If you have the skills required to log IP addresses of customers who place orders with you, do it. In particular, watch for orders from foreign IP’s that have a shipping address that doesn’t match up. Although users can mask their IP addresses, those with the skill and knowledge to do so are few. And if someone is masking an IP address, you might want to scrutinize that transaction a little more closely.

Verifying checks & money orders

Personal checks and even money orders are easy to counterfeit and forge. People can now even order boxes of checks through the mail, simplifying the process of obtaining phony checks that look perfectly
legitimate.

Some sellers choose to accept personal checks because the percentage of bad checks they receive is small. If you do choose to accept personal checks, always wait to ship an item until the check has
cleared. That way, if the check bounces, the most you lose is a $15 or so bank charge.

Although some merchants treat money orders like cash, money orders are nearly as easy to counterfeit as checks. Money orders are considered certified funds, which means that they are as good as cash. That is, assuming the money order is a real one. Counterfeiting money orders has become big business overseas. Even though counterfeiting is far less common in the states, make a habit of always calling the issuing bank for confirmation when you receive payment via money order.

Securing PayPal Payments

PayPal has revolutionized e-commerce by enabling fairly secure transactions online, but PayPal is not completely immune to fraud. If you accept PayPal payments, ensure that the payment is coming from a Verified account with a Confirmed shipping address. Particularly, be wary of unconfirmed shipping addresses.

When you receive a PayPal payment, you automatically receive a notification via email. The notification contains the sender’s shipping address and looks something like this:

Shipping AddressJoe Somebody
4545 SOMEWHERE ST
LAKE WORTH, FL 33463
United States
Confirmed

In this case, PayPal has confirmed the shipping address. Typically you want to ship only to confirmed addresses.

If the address is not confirmed, you see this:

Shipping AddressJoe Somebody
4545 SOMEWHERE ST
LAKE WORTH, FL 33463
United States
Unconfirmed

The difference between shipping to a confirmed, as opposed to unconfirmed, address is that PayPal offers fraud protection only when you’re shipping to a confirmed address. (Other eligibility requirements may apply in order to qualify for fraud protection.)

Here’s how it works. When you accept payment from a Verified account, ship to a confirmed address, AND use some form of delivery confirmation or shipment tracking, PayPal essentially guarantees payment up to $5,000. In other words, even if the buyer does a chargeback, PayPal will reimburse you for any lost funds. This is part of PayPal’s Seller Protection Program that you receive automatically as a verified Premier or Business PayPal account holder. In the case of unconfirmed addresses, you have no protection at all.

Every day, online merchants ship items to thousands of unconfirmed addresses without a glitch, but the risk is always present. Ask yourself how much your business could afford to lose if a PayPal payment fell through. Could you easily absorb a $25 loss? $250? $500? $1,000? If you can’t afford to lose the money, don’t take the risk of shipping to an unconfirmed address.

Following are some tips to consider before accepting PayPal payments, especially those with an unconfirmed address:

  • Consider accepting PayPal payments with unconfirmed addresses only for lower priced items (typically $250 or less) that fly below most con artists’ radars. Fraud is less prevalent with low-priced items, and if
    a payment falls through, your business won’t be devastated.
  • In the case of big-ticket items where fraud is more prevalent, state that you ship only to PayPal-confirmed addresses.

To learn more about what you need to do to protect yourself as a seller who accepts PayPal, visit PayPal Security Center for Sellers.

Spotting red flags

For orders that make it through your frontline defenses, you can further protect yourself by watching for suspicious activity. Keep an eye out for the following red flags:

  • Multiple big-ticket orders—Defrauders are generally out to score as much money as they can, as quickly as they can. This means purchasing as many big-ticket items as possible before the real card holder has a chance to notice and cancel the card.
  • Orders for multiple items of a product customers rarely buy in bulk—Few people need five 42″ plasma-screen TV’s or seven laptop computers. If you see something like this, it might merit some investigation.
  • Several orders coming from the same person within short time periods—While an occasional shopper likes to browse and shop over a period of days, most consumers generally know what they want and purchase everything in a single shot. If you see a repeat customer who is just “too good to be true,” look into it.
  • A large volume of orders when you’ve done little to no marketing—Contrary to popular belief, just because you built a website does not mean people will automatically descend upon it in droves. Consumers usually try to find you through search engines. Defrauders find you by checking for new domain name registrations, something that consumers never do. Criminals know that new business startups are the easiest to defraud because the business owner is often inexperienced. If you build a site and start getting orders the very next day, it’s a good sign that someone may be trying to defraud you.
  • Be wary of international orders—As powerless as law enforcement seems in the United States, it’s even worse overseas. As a result, the percentage of fraudulent orders in foreign lands is substantially higher. According to the Merchant Risk Council, in Yugoslavia alone, more than 1-in-8 e-commerce transactions turn out to be fraudulent.

The main point to remember is to use common sense. If you notice something fishy, investigate it before shipping the order, especially if the order is for one or more big-ticket items.

Don’t let the excitement of receiving a large order blind you to common sense. You should never be afraid to ask the buyer qualifying questions such as:

  • Why do you need 5 plasma screen TV’s?
  • How did you find my website?
  • What made you want to buy from me?

Some customers (especially if they are attempting to commit fraud) might hesitate to answer any questions. To put them at ease, you can pretend that you are conducting a customer service interview.

Investigating suspicious activity

If you see the red flags waving, notice any other suspicious activity, or just “have an uneasy feeling” about an order, the following sections provide tips on how to confirm the legitimacy of an order.

Call the customer to verify an order

Calling your customer is often the easiest and quickest way to find out if your customer really exists. When you call, you can expect one of the following responses:

  • Your customer answers and confirms placing the order.
  • The number rings but nobody answers. Call back later to confirm. The customer may have placed the order from another location.
  • The answering machine picks up. Leave a message and request a call back to confirm the order. If you are unable to contact your customer after multiple attempts, you may be dealing with a fraudulent order.
  • You get a recording that the number does not exist or has been changed. This typically means that you have a fraudulent order on your hands, but you may need to do a little more detective work.
  • The person who answers has never heard of your customer. This is a fairly good indication of a fraudulent order.
  • Your customer answers and denies placing the order. This is another fairly strong sign that someone other than the customer placed the order, but it could indicate that a family member or some other person the customer authorized placed the order without the customer’s knowledge. In any case, you should at least investigate further or simply cancel the order.

In the first scenario, the order is very likely to be legitimate. However, a seasoned con artist may have set up a phony account with a temporary phone number. If, after talking with the customer, you feel
uneasy about the transaction, call the bank that issued the card to confirm the information the customer provided.

In the last three scenarios, fraud is very likely, and unless you can dig up proof to the contrary, you should cancel the order right away. If you’re willing to go the extra step, call the bank that issued
the card, describe your reasons for suspecting fraud.

Call the bank to verify customer information—The bank through which you have your merchant account can help you verify credit card orders and contact the bank that issued a particular credit
card. You may want to take this step before calling your customer.

Although the bank won’t give you any private information regarding a person’s account, the bank can and usually will confirm whether the information you were given is correct.

If you find, for example, that the phone number doesn’t match up, try calling your customer. The bank probably won’t give you the phone number that’s on file, but you can always ask your customer what number
is on file with the bank, call back the bank to confirm that number, and, if it’s legitimate, try calling that number just to be sure it’s the same person.

Confirm email addresses

If your customer uses an email address with a domain that you don’t recognize (recognizable domains include gmail.com, hotmail.com, aol.com, msn.com, earthlink.net, etc.) then enter the domain into a web browser to make sure it’s legitimate.

Also, watch out for domains located outside of the country. Our experience has shown that defrauders like to use email addresses from free email services located in countries outside the U.S.

Additionally, defrauders often register their own domain names just so they can create their own unlimited supply of email addresses. If you enter a domain into your web browser and it’s not a legitimate commercial site or the opening page says “under construction,” then investigate the order more thoroughly.

: E-Commerce
: , , , , , , , , ,

About the author

acadianawebsites.com

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>