Preventing Chargebacks and Fraudulent Online Orders
Below is a list of steps recommended to help online merchants prevent fraudulent transactions and stolen credit card numbers. These steps do not need to be performed in any specific order and might not apply to all transactions. What's important is that merchants are vigilant in looking for common red flags and patterns. If you deem a transaction too risky to process, make sure to void or refund the credit card and notify the customer.
Activate Helcim Fraud Defender
If you are using our Helcim Commerce platform, you can activate Helcim Fraud Defender and analyze your transactions for indications of fraud. The system uses some of the points listed below, amongst others, to help sniff out suspicious transactions. It can even be set to automatically void e-commerce transactions that do not meet your set minimum criteria. To learn more about Helcim Fraud Defender, please click here.
If you are using our Legacy Virtual Terminal/Gateway and would like to switch to Helcim Commerce, please get in touch with us.
Has there been a series of declined orders with the same shipping address?
Fraudsters often have a list of stolen credit cards and will try each one until they get an approved transaction. Be vigilant for series of "DECLINED" and "PICK UP CARD" notices.
Have there been prior chargebacks from a similar address or location?
Certain countries and regions have large fraud problems and many online retailers refuse to ship orders to those regions. Look for patterns based on your previous chargebacks and make decisions on what you will allow. If fraudulent orders to a specific country go over a certain %, strongly consider banning that country from purchasing from your online store.
Are there multiple orders for the same customer using different credit cards?
Be on the lookout for multiple orders with the same shipping address but different credit card numbers.
Did you require the CVV2 during the payment/checkout process?
There are no longer any major card brand credit cards without a security code on the back. If you are using our virtual terminal and manually entering your customer's card information, you should always ask for and enter the CVV code. If your customers are entering their own information during the checkout process, you should require the CVV code and not allow the security check to be by-passed. Never record or make note of the CVV, it is a violation of the Card Brand Rules.
In Helcim Commerce, the CVV is a required field when a customer enters their own card information for payment of an online invoice or in the online store checkout.
If you are using Helcim Commerce Virtual Terminal, and your customer does not want to provide you with the CVV - send them an invoice (click here for more info). This allows them to make a payment without having to relay their sensitive card information to you.
Is the transaction size or the items purchased out of the ordinary?
Often times fraudsters will purchase items that they can resell, like a specific shirt of every size or color, or a larger number of the same item. Compare every new order with previous ones and be vigilant for orders that don't fit with the rest. Very large transactions that seem too good to be true often are.
Does the shipping address match the billing address?
Although it can have somewhat of an impact on legitimate sales, by only allowing the shipping destination to be the same as the billing address you can greatly reduce your exposure to fraud. Fraudsters will often use the billing address of the stolen cardholder, but will put their own address of the shipping destination. If you do not wish to enforce this limitation, make sure that the shipping address is at least within the same city, province or country depending on your risk threshold.
Address Verification Service (AVS)
The address verification service (AVS) takes the street address (one line) and the postal/zip code and compares it with the what the cardholder's bank as on file. Chargebacks with an AVS response of X, Y or Z are most often ruled in the favor of the merchant as long as you have a proof of shipping delivery to that specific address. However, this does not apply if the chargeback was because of a dissatisfied customer (as opposed to a stolen credit card). Take a look at the AVS response page for more information: https://www.helcim.com/support/article/240-general-resources-avs-response-codes/
Is the information provided by the customer well formatted?
Although fraudsters will often make sure that their shipping address is correct, the billing info is often lacking proper formatting. Lookout for street addresses without numbers, postal/zip codes that do not match the city or even first and last names that are incomplete.
Did you call the customer? Does the telephone area code match the address?
A simply courtesy call to the customer to confirm their order and address will often give you a better sense of the legitimacy of an order. Are they nervous or dismissive? Do they challenge you when asked to confirm their information? The area code of the telephone number can also help in making sure that the customers is within the same region has their billing and shipping address.
Avoid shipping orders to PO Boxes.
Keep in mind that postal offices in some rural areas do require a box number. However, PO Boxes for major cities should be avoided.
Does your shipping company require ID or signature upon delivery?
For international orders and transactions without proper AVS results, consider asking your shipping provider to require ID before delivering the package. Some shipping companies will also provide you with a copy of the signed delivery receipt.
Does the shipping/billing address match the country of the issuing bank?
The credit card BIN (the first 6 digits of the full credit card number) will provide you with the specific bank that issued the credit card. Perform a BIN lookup to receive the contact information for that specific bank. Is the customer in the same country as the bank that provided them with the credit card? If you aren't sure about a transaction, try contacting the bank's risk department and let them know that you have doubts about the transaction. They might be willing to perform a courtesy call to the customer to confirm the purchase.