Archive for March, 2010

Things You Can Do To Prevent Credit Card Fraud

Recently I’ve run into a couple issues with stolen credit cards being used on my site.  There are a lot of things you can do to prevent it in the first place, for example only allowing the billing/shipping address to match.  Unfortunately this is an unreasonable thing to do as many people order things and have them shipped to friends/family as gifts, work, etc.  It most likely wouldn’t be worth the money lost in having this policy.

While there is unfortunately no fool proof method, there’s quite a bit of research you can do, especially for US orders.  Here’s some of the stuff I’ve done, please feel free to comment with further ideas or anything else that you may do.

  • Make sure the AVS code is a match.  You can see what all the codes mean here.  I can’t think of any instance other than human error why the AVS code should not match.  For those that don’t know generally having the AVS code helps prove that the customer has the actual card in-hand.
  • If a billing/shipping address are a match I feel that you are pretty safe to ship an order without worrying about fraud.
  • Call the customer if you have any concerns.  While somebody using a stolen credit card may lie on the phone, you may be able to catch something.  Sometimes they even use the billing phone #, so you’ll end up calling the actual person that owns the stolen credit card and you’ll find out right away when they have no idea that something was ordered from you.
  • Google the e-mail address with quotes around it.  Something may turn up that shows you it’s the person that actually ordered.
  • Google the billing and shipping address and see what comes up.  Street view on Google Maps is a great feature.  While it may seem somewhat shallow, when you have a billing address which shows some sort of nice huge house, and a shipping address that shows a crappy looking house…that should raise a flag.
  • Google the name with quotes around it.  You may have to add the state or city name into the query if it’s a common name.
  • Search the name and e-mail address on sites like Facebook, LinkedIn, MySpace, etc.
  • If the e-mail is something that looks like a screenname, Google that portion.  For example if an order is placed under something like mrpowerman2738@yahoo.com, search “mrpowerman2738″.  They may use this name on things like forums or anything else that may help link the order validity.
  • Use a site like IP-Lookup to get information on the IP.  This can help make sure that the billing or shipping location is the same as the IP.  Have an order going to Nebraska, but the IP is from Croatia?  That’s a red flag to do some research before sending out an order.
  • Use WhitePages.com to check up on the address and phone number to see if customer data matches.  You can use WhitePages.ca for Canadian customers.  White Pages allows you to do reverse phone and address searches for free, which can be very helpful.
  • Sometimes you end up calling a mail forwarding company that international customers use to forward shipments to their country.  This is fairly common from what we’ve seen, but also has a potential for fraud. You can speak with the company and have them either look up the suite # or the name and verify that the information is correct.  Sometimes you can even make sure the last 4 digits of the credit card match when they opened up the freight forwarding account.  Companies like Bongo do a security check before accepting customers to open an account with them, so they can verify the validity of an order.

Of course none of the above can guarantee you won’t have issues, but if something seems fishy you’ll at least have some steps you can take to help verify an order.  Generally if something seems too fishy, I’ll contact the customer and tell them we’ll need another form of payment like a wire transfer.  You take the risk of losing a sale by doing this, but you also stop the potential for sending out an order and not getting it back while losing the money on a chargeback.  Just explain to the customer that you’ve had problems with credit card fraud and because of certain reasons their order raised a flag.  Alternatively I’ve even had customers scan in their drivers license with the billing address.

I’m sure there may be some better methods out there, so I’d love to hear your feedback.  How does a company like Amazon help defeat fraudulent orders when they do so many transactions per day?

My next post will be about what happens if the product has already been shipped and you find out it was ordered with a stolen credit card.  What can you do about it?  Stay tuned!