Credit card fraud has always been an issue in ecommerce, but – lately – it seems to have increased. We’ve heard this from our clients, and recent news reports have mentioned this as well. So, in response to these reports, we’ve put together a comprehensive guide to preventing credit card fraud for auto parts and accessories etailers.
If you want to prevent or dramatically reduce credit card fraud, here are five things you can do.
1. Be extremely suspicious when a buyer’s shipping and billing address are different. One of the tell-tale indications of fraud: your customer lives at one address, but they want their order shipped to another address. Fraudsters usually don’t want whatever they order to go to the stolen credit card’s owner.
If an order comes in with different shipping and billing addresses listed, flag the order for review.
NOTE: We provide details of a standard order review process below.
2. Be suspicious when the customer’s billing address is a PO Box. Another telltale sign of fraud: the customer’s billing address is a post office box.
Generally speaking, people with a PO Box are rural residents who aren’t entitled to home delivery. If you get an order from someone using a PO Box as their billing address, you can check to see if their shipping address is eligible for home delivery using the USPS address lookup tool here. If the US Postal Service doesn’t deliver mail to that address, you’ll see a warning: Mail sent to this address may be returned.
While there are other legitimate reasons for a person to have a PO Box (for example, the post office may not deliver because of concerns about a vicious dog, or because the address is inaccessible), these situations are unusual. The order should definitely be flagged for review.
3. Be suspicious if the customer’s IP address isn’t located near their stated billing or shipping address. While some ecommerce systems do not provide IP address info, the customer’s IP address is a great tool for identifying orders placed by a fraudster working overseas. It’s quick and easy to lookup the IP address of an order – just visit a website like IPlocation.net, enter the customer’s IP address, and see if it’s located near the customer’s stated billing and/or shipping address.
If your current ecommerce system doesn’t identify the customer’s IP address, it’s a good idea to talk to your ecommerce website provider about this functionality.
4. Be suspicious when the order is for a larger than average dollar amount. Credit card fraudsters tend to order expensive parts. They do this because the card number they’ve stolen is “on the clock,” and they know the credit card will be deactivated soon. So, rather than order something small, they go for the big score.
It’s a good idea to automatically flag any order that’s for a larger than average dollar amount. Most of our clients that sell parts online set that threshold at $300 or $500.
5. Be very suspicious when the shipping address and/or IP address have been previously associated with fraud. Fraudsters often have a limited number of shipping addresses that they can send parts to. As a result, fraudulent orders often share a shipping address with a previous bogus order. If possible, it’s a good idea to check the customer’s delivery address against all your previous orders.
This can also be true of the customer’s IP address, so it’s a good idea to compare the IP address of every order against previous orders.
How To Review Orders You’ve Flagged As Potential Fraud
If/when you suspect an order of being fraudulent, there are some things you can do to review the order for fraud.
1. Search your previous order history for the customer’s shipping address and IP address. Fraudsters often re-use bogus shipping addresses and/or computer IP addresses.
2. Pick up the phone and call the customer. Ask them to verify their name, address, email address, shipping address, what they ordered and when they ordered it, etc.
If the customer can’t recite the details correctly, and/or has no knowledge of the order, explain that their order has been flagged as potentially fradulent. You can then explain that either a) you’re going to cancel the order or b) you need the customer to fax or email a copy of their government issued ID, and that they need to sign the copy they’re sending you.
3. Look at what the customer has ordered. Did they order something that’s easy to re-sell or pawn? Or did they order something specific and unique that would be hard to re-sell?
For example: A suspicious order for a set of wheels is more likely to be fraudulent than a suspicious order for a 2002 Mercury Sable alternator. Re-selling a new set of wheels? Easy. Reselling an alternator for a 2002 Sable? Not so much.
4. Call the bank that issued the card, and ask them to call the customer. While some banks won’t do this, it’s worth a try. Just be sure to have your merchant ID and all the customer’s details ready when you call. Then, wait at least 24 hours for the card issuing bank to do their thing.
5. When in doubt, cancel the order. Sometimes, the best thing to do is cancel an order you suspect, even if you don’t have a good reason for doing so. That’s because the math always favors canceling. Consider:
- A legitimate sale of a $500 item to a real customer will net about $50 in profit after expenses (on average)
- A fraudulent sale of a $500 item to a bogus customer will cost $500 to $550 dollars, after accounting for the cost of the part and shipping charges
Mathematically speaking, one single bogus order loses as much money as you can make on 10 legitimate orders. So, assuming your net margin is 10% (and for many etailers, that’s too high), you should cancel any order that has a 1 in 10 chance of being bogus.