Retailers are often held financially accountable for credit card fraud. In this regard, ecommerce enterprises are particularly at risk because in every case it’s a “card not present” transaction. In a time when expedience is a competitive advantage, it becomes important to balance speed of processing orders against talking steps to ensure each transaction is a legitimate one. With that said, here are seven solid strategies for preventing ecommerce credit card fraud.
1) Match billing and shipping addresses
Yes, people do place orders as gifts, but any time the shipping and billing addresses don’t match, a verification protocol should be triggered to ensure the legitimacy of the transaction — particularly when the customer is trying to rush the order. Google maps can be employed to make sure the difference between the two addresses is reasonable — and/or if it even exists. Suspicions should also be aroused when multiple orders employ the same shipping address, but different billing addresses.
2) Call the phone number provided with the order
In the case of particularly large orders, a follow-up call to the phone number provided should be conducted as well. Services like 411.com can be employed to make sure the phone number and the billing address are in the same area code. When someone answers the phone, ask a few simple questions about the order. If they’re hemming and hawing, you’re probably dealing with a fraudulent transaction.
3) Match IP addresses to billing addresses
Perpetrators of credit card fraud are often offshore, so their IP addresses can be used to determine their locations in relationship to the billing addresses provided. Even if they’re not in a different country, if the IP address is in Maine and the billing address is in San Diego, added scrutiny is warranted. A good tool for this purpose is IP-LOOKUP.
4) Use fraud filter apps
The best ecommerce website builder software offers fraud filter applications to provide advanced risk mitigation functionalities. These enable merchants to block users who have been caught placing fraudulent orders in an effort to prevent repeat offenses. Merchants can also set specific rules to automate key aspects of fraud detection.
5) Pay attention to the configuration of email addresses
Most people don’t want to have to tell friends their email address is something like 5#29&^%$hkg@whatever.com. If someone is trying to conduct a purchase with a long alphanumeric email address like that, it’s probably a fake. As part of your order screening process, use a search engine to look up email addresses. If you find instances of such an unusual address matching the name of the person placing the order, you’re probably good to go.
6) Set a declined transaction limit
Often, fraudsters with a large cache of credit card numbers employ a software script to throw a variety of numbers at your site until one is accepted. If you set a limit of three declined transactions, after which the user is instructed to contact your customer service department, you’ll greatly reduce the likelihood of falling into this trap.
7) Flag unusually high value orders for human interaction
Most ecommerce software allows you to keep track of the average value of a transaction. This allows you to set a limit above which orders must be handled by a live human being — rather than automated. Scammers tend to rely upon anonymity, so when they’re directed to speak with customer service, most will move on to an easier target.
In addition to the above, it’s always a good idea to make verifying the security code on the back of credit cards part of taking every order. Orders should ship with signatures required for delivery and you should ensure your system maintains a log of bad credit card numbers. Employing these safeguards, along with the aforementioned seven solid strategies for preventing ecommerce credit card fraud, will go a long way toward protecting you from illegitimate transactions.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.