Ecommerce Fraud Prevention – How To Protect Your Business
Back when Fish Finder Source was an ecommerce store, there was
one period of time where I received a ton of fraudulent orders.
Unfortunately, I was new to this then, and in the excitement of
receiving orders, I fulfilled them without really vetting them.
As a result, I received a string of chargebacks that nearly
meant losing my business. A chargeback is when someone calls
their bank or credit card company and informs them that they
don’t recognize a charge on their statement.
Here’s an eye-opening statistic. In 2012, ecommerce fraud cost
merchants a staggering $3.5 billion!
If this happens, the bank will immediately return those funds
back to the customer. But where do they get those funds from?
Your and my pocket! In the event of a chargeback, the bank will
deduct the funds back from whoever they were charged to
without even asking the merchant for their side of the
story first. How can the bank access your funds? Through
your merchant account!
On top of that, you’ll be slapped with a penalty, and you’ll
lose a little bit of your credibility. This information
actually gets attached to your EIN number, so it sticks with
you for good.
Chargebacks are not permanent – merchants can fight them, but
the process is long, and even if it comes out in your favor,
the fact that you received the chargeback still sticks.
The reason you lose credibility is that ideally,
a chargeback should only happen when a merchant commits a fraud
on a customer – either not delivering the goods, or falsely
advertising their products. So more chargebacks ideally means
we aren’t doing our jobs as merchants.
With too many chargebacks (most merchant accounts have a set
percentage they allow for per month), you’ll lose your merchant
account(as I did mine) and since the data is tied to your EIN
number, you’ll have a very hard time getting a new one
Now this system is in place to protect consumers – but it is
completely consumer-centric, and is built very unfairly for
merchants, so some unscrupulous individuals take advantage of
this at our expense.
Two Major Types of Chargeback Fraud
As a merchant, you’ll face two types of fraud most of the time.
A cheating customer buys a product from you, you ship it to
them, and when they receive their statement, they’ll claim the
charge from your store was not recognized. The bank blindly
returns them your money.
Somebody buys something from your store using a stolen
credit card. You ship the item to the thief, and when the
original cardholder gets their statement, they don’t recognize
your charge, and claim a chargeback.
Dealing with the first one is very easy. Most merchant accounts
have a process for you to submit documents that prove you are
in the right. Usually, these documents are your
original invoice and proof of
Dealing with the second one gets a little tricky. It’s hazy
because you never really know whether the card was truly stolen
or not – the only thing you can do after the fact is submit
your documents and hope for the best.
Ways to Avoid Fraud
The best way to deal with fraud is to protect yourself before
it happens. While there is no way to protect yourself from an
unscrupulous customer, fortunately for us, most people are
honest. On top of that, providing good customer service will
mean that customers will be very appreciative, most of the
On an episode of
National Geographic’s Brain Games, the host ran an
experiment where a coffee shop barista gave back too much
change. Everyone they tried the experiment on gave the change
back. When the barista became distracted and gave poor service,
though, a few people kept the extra change – but most people
still gave it back.
Here are some warning signs for potential fraud orders.
Red Flag 1: Different Shipping/Billing Address
For most orders you receive, the shipping and billing address
are going to be the same. They may be different on occasion,
such as when somebody is buying a gift for someone else. But
use your common sense here. My general rule is that if the
addresses are close by, chances are someone’s billing address
is their home and they are shipping it to their office, or vice
Red Flag 2: The IP Address of the Order is Different Than the
Region Being Shipped To
Most ecommerce platforms automatically log
the IP address of where an order was placed from. If you
receive an order with a billing address in one place, the
shipping address somewhere else, and the IP address in yet
another place, something may be fishy.
(IP address crossed out by me for customer privacy)
Red Flag 3: Addresses are Different on Big-Ticket Items
If the products you sell are relatively inexpensive($100 and
below), it’s highly unlikely someone is going to go through all
of this trouble for something inexpensive. If you are selling
electronics, expensive items, or items that can easily be
flipped elsewhere, you’ll have to be more careful about things.
Red Flag 4: Customer Does Not Respond
If you are doubtful about any order, the easiest way to sort
out the confusion is by calling up the customer and confirming
what’s going on. Most fraudsters will not have a real phone
number – so it’s important that you call, and not email. If you
are still doubtful, you can just ask them to send a picture of
their driving license and credit card side by side. If they
want, they can cover up all numbers except the last four on
When you ask for this information, be courteous and inform the
customer that you are asking for this information
for their protection to make sure someone isn’t
using their information without their knowledge. Once you point
this out, most honest customers will not mind complying.
Red Flag 5: Repetitive Orders
One way I realized that an order I received on Fish Finder
Source was a fraud was when I got two orders for fish finders
in succession from the same address. One day, I received an
order, and I shipped it out. Two days later, after the first
order was delivered, I immediately got another order from the
same guy for another fish finder. Nobody’s going to need two
fish finders in three days! I cancelled and refunded the second
order, but I had to face a chargeback and the subsequent loss
on the second one.
Red Flag 6: Big-Ticket Orders Overseas
One of the fraudulent orders I received was for a $1500 fish
finder that was supposed to be shipped to Canada. I fell prey
to that one, too, unfortunately, but it was an expensive
lesson. If you get a large order for an address overseas, be
careful. First, it’s harder to verify the customer, and
second, unless you use FedEx or some other expensive private
shipping, you have no way of knowing whether or not your order
will actually reach the customer. Of course, there’s also the
chance that it’s some cybercriminal holed up in a room
Red Flag 7: Shipping Address Doesn’t Look Right
It’s time to do some sleuthing! Head over to Google
Maps and enter the shipping address, and have a look
at it in Satellite View. Is the delivery address somewhere you
would expect your product to go? Most of the time, it will be a
house or apartment building, or maybe an office building.
What if it’s a warehouse? Or if the address seems to be a
little off? One order I received on Fish Finder
Source was supposed to be delivered to strange large warehouse.
This raised a red flag – because the billing address was
Red Flag 8: Express Shipping
Most stolen cards have a very limited window before they are
reported stolen, so orders with different billing/shipping
addresses and requesting rush or overnight shipping are
suspicious – it’s best to confirm with the customer in this
If you are not able to get in touch with your customer about a
suspicious order because the phone number provided was
incorrect, you can lookup the billing address in the White
Pages and see if you can find a phone number there.
In your merchant account, there are a few security settings you
can tweak to set how rigorous the verification process for any
credit card transaction is. These are usually called “AVS”
settings – which stands for “Address Verification Service.”
Usually the settings will be zip code matching, billing address
matching, or no matching. If it’s no matching, just a card
number, expiration date, and CVV code will let the charge
through. It’s a good idea to have at least zip code
matching enabled, and if your niche has lots of fraud, then
have both matches enabled.
Refund a Small Amount
Another neat way to verify if an order is genuine or not was
talked about by Andrew Youderian on one of his podcast
episodes. If you receive a suspicious order, just refund a
small, odd amount like $1.32 back to the customer, and contact
them asking for how much they’ve received as a refund. If they
are the genuine cardholder, they’ll be able to tell you, no
issues. Such a small amount is a tiny price to pay for staying
To finish this post off, here are some fraud prevention apps
you can look into.
Andy Geldman – Web
Phone them. Many fraudsters won’t give a genuine phone number,
and others won’t answer when you call. Just a few will have the
chutzpah to continue the pretence of a genuine order, but are
unlikely to give plausible answers to basic questions like,
“Did you intend to order ten of this item? Why do you need that
many?” It’s one thing to defraud a company online, but a whole
other level to do it over the phone.
Follow Andy on
Richard Lazazzera –
Better Lemonade Stand
Using a modern platform like Shopify or Big Commerce, a lot of
the guesswork is taken out of verifying the authenticity of
orders. The fraud controls these companies implement are
becoming increasingly good at detecting potential problems. If
there are any flags raised for an order, I’ll evaluate those
flags on an individual basis. For larger orders, or ones I have
genuine concerns, I’ll call or email the customer and ask them
to provide a photo of their government issued ID that matches
the credit card. If I still have any concerns, I’ll just cancel
Follow Richard on Twitter
Mike Ugino –
Time is money. Be quick to cancel orders you deem are
fraudulent, but always send an email explaining what you’ve
done and why you’ve done it. If the order was, in fact,
genuine, MOST customers will appreciate the reasoning and be
happy to give you their order information over the phone.
Alternatively, you can invite them to reorder via PayPal, which
offers additional fraud protection to the merchant.
Mike on Twitter
Steve Chou –
Quit Her Job
1. I check to see if the IP address is in the same
state/country 2. I call the customer and check that the phone
number is in the same country 3. I check the shipping address
to see if matches the billing address
Steve on Twitter
Don Bush – Kount
We review hundreds of data elements for every transactions
including information about, the device, the location, the
payment type, associations, email, links with other
transactions around the world, all in a matter of milliseconds
in order to give the merchant what they need to validate an
order and determine whether they want to accept or reject it.
This insight allows each merchant to evaluate the level of risk
they are willing to take while at the same time protecting
themselves and their customers.
Kount on Twitter
Fraud Prevention Apps
Here are some popular fraud prevention software you can use if
you are a frequent target of chargebacks. Some of these
companies are so confident in their algorithms that if you
still get a chargeback, they will eat that cost for you.
Note: I have not used any of these companies myself –
before you sign up for any of them, please have a chat with
their sales staff to make sure their service is the right one
Image credit: Don Hankins