Evaluating the Legitimacy of a Transaction
There are steps that you can take to mitigate the risk of fraudulent transactions and processing stolen credit card numbers.
We’ve provided a comprehensive list of ways you can fight fraud, but keep in mind that these steps do not need to be completed in any specific order, and not all steps will apply to every transaction. What’s important to remember is that by keeping an eye out for common red flags and suspicious patterns, you are better equipped to be vigilant and protect your business. If there is a transaction that you are not comfortable processing, then you can always void or refund the credit card and notify the customer.
When evaluating a transaction for its legitimacy ask yourself these questions:
1. HAS THERE BEEN A SERIES OF DECLINED ORDERS WITH THE SAME SHIPPING ADDRESS?
Fraudsters often have a list of stolen credit cards and will try each one until they get an approved transaction. Be vigilant for series of "DECLINED" and "PICK UP CARD" notices.
2. HAVE THERE BEEN PRIOR CHARGEBACKS FROM A SIMILAR ADDRESS OR LOCATION?
Certain countries and regions have large fraud problems and many online retailers refuse to ship orders to those regions. Look for patterns based on your previous chargebacks and make decisions on what you will allow. If fraudulent orders to a specific country go over a certain %, strongly consider banning that country from purchasing from your online store.
3. ARE THERE MULTIPLE ORDERS FOR THE SAME CUSTOMER USING DIFFERENT CREDIT CARDS? Be on the lookout for multiple orders with the same shipping address but different credit card numbers.
4. DID I REQUIRE THE CVV DURING THE PAYMENT/CHECKOUT PROCESS? There are no longer any major card brand credit cards without a security code on the back. If you are manually entering your customer's card information, you should always ask for and enter the CVV code. If your customers are entering their own information during the checkout process, you should require the CVV code and not allow the security check to be bypassed. Just remember to never record or make note of the CVV, as it is a violation of the PCI requirements.
5. IS THE TRANSACTION SIZE OR THE ITEMS PURCHASED OUT OF THE ORDINARY? Often fraudsters will purchase items that they can resell, like a specific shirt of every size or color, or a larger number of the same item. Compare every new order with previous ones and be wary of orders that don't fit with the rest. Very large transactions that seem too good to be true often are.
6. DOES THE SHIPPING ADDRESS MATCH THE BILLING ADDRESS?
Although it can have somewhat of an impact on legitimate sales, by only allowing the shipping destination to be the same as the billing address, you can greatly reduce your exposure to fraud. Fraudsters will often use the billing address of the stolen cardholder but will put their own address as the shipping destination. If you do not wish to enforce this limitation, make sure that the shipping address is at least within the same city, state/province, or country depending on your risk threshold.
7. ADDRESS VERIFICATION SER VICE (AVS) The address verification service (AVS) takes the street address (one line) and the postal/zip code and compares it with what the cardholder's bank has on file. Chargebacks with an AVS response of X, Y or Z are most often ruled in favor of the merchant if you have a proof of shipping delivery to that specific address. However, this does not apply if the chargeback was because of a dissatisfied customer (as opposed to a stolen credit card).
8. IS THE INFORMATION PROVIDED BY THE CUSTOMER WELL FORMATTED?
Although fraudsters will often make sure that their shipping address is correct, the billing info is often lacking proper formatting. Lookout for street addresses without numbers, postal/zip codes that do not match the city, or even first and last names that are incomplete.
9. DID YOU CALL THE CUSTOMER? DOES THE TELEPHONE AREA CODE MATCH THE ADDRESS? A simple courtesy call to the customer to confirm their order and address will often give you a better sense of the legitimacy of an order. Are they nervous or dismissive? Do they challenge you when asked to confirm their information? The area code of the telephone number can also help in making sure that the customers are within the same region as their billing and shipping address.
10. AVOID SHIPPING ORDERS TO PO BOXES.
Keep in mind that postal offices in some rural areas do require a box number. However, PO Boxes for major cities should generally be avoided.
11. DOES YOUR SHIPPING COMPANY REQUIRE ID OR SIGNATURE UPON DELIVERY?
For international orders and transactions without proper AVS results, consider asking your shipping provider to require an ID or customer signature before delivering the package. Some shipping companies will also provide you with a copy of the signed delivery receipt.
12. DOES THE SHIPPING/BILLING ADDRESS MATCH THE COUNTRY OF THE ISSUING BANK?
The credit card BIN (the first 6 digits of the full credit card number) will provide you with the specific bank that issued the credit card. Perform a BIN lookup to receive the contact information for that specific bank. Is the customer in the same country as the bank that provided them with the credit card? If you aren't sure about a transaction, try contacting the bank's risk department and let them know that you have doubts about the transaction. They might be willing to perform a courtesy call to the customer to confirm the purchase.