Most ecommerce merchants learn the hard way; orders and registrations from fraudulent sources cause financial, merchandise, and time losses. With the rise of mobile ecommerce and the proliferation of high-profile data breaches, you’ll need the best information and tools available to combat fraud in your marketplace. The October 2017 Global Fraud Index reported a total of $57.8 billion in ecommerce fraud losses in eight major industries.

Ecommerce fraud continues to grow, and the best way to protect yourself is a good defense. Here are some of the most troubling fraud issues ecommerce merchants face, and how to limit your exposure.

Identity Theft

Identity theft is defined as the fraudulent acquisition and use of a person’s private identifying information, usually for financial gain. Financial identity theft through credit card fraud is what most people envision when they think of identity theft.

Identity thieves use a person’s identifying information, such as name and address, or an existing credit card to make a purchase on your website. Frequently, this data is acquired in a breach or skimming scam and sold on the black market before a victim even knows they’ve been compromised.

DOTS Order Validation can help identify if a user is who they claim to be by cross-checking the information provided at the point-of-sale, such as Ship To and Bill To address, phone number, and Banking Identification Number (BIN). IP address location is also compared to the billing and shipping addresses to determine if the order should be flagged.

Order Validation assigns individual quality scores to each input and a composite quality score to the overall transaction. You determine your quality score threshold, which is used to flag suspicious transactions for your team to review or reject.

Here are a few examples of transactions that might be flagged for additional review:

• Phone number not matching the name and state on the order
• Issuing bank (via BIN) in a different country than shipping address
• IP location not close to shipping address

Your team can review and manage flagged transactions before the order is fulfilled.

Chargebacks

A chargeback occurs when a customer disputes a transaction and their payment is returned to their account. Sometimes this is referred to as “friendly fraud,” meaning it was a misunderstanding on the part of the consumer. Perhaps they didn’t read the fine print to see that they were signing up for a subscription with recurring fees, for example.

Frequently, chargebacks are caused by a fraudster either using stolen financial information to make a purchase or by lying and claiming they never received the product. Friendly or not, chargebacks cost your customer service team time, both interfacing with the customer and researching the issue.

Chargebacks are particularly nasty because you lose product, incur shipping costs, chargeback fees AND they hurt your standing with creditors over time. If your business reaches the high-risk threshold for your industry your processing rates will increase, or worse – your processor could drop you.

DOTS Order Validation can again flag risky transactions by cross-checking customer information and location elements through more than 200 proprietary tests, resulting in a quality score based on the validity of the information. Order Validation also provides a record of the order with all the information you need to argue a chargeback should one occur.

Order Validation also helps your customers correct typos in shipping info at the point of entry, so you can avoid chargebacks from misdelivered shipments and any related customer service headaches.

High Risk Cards

With the rising sales of prepaid credit cards and gift cards, the frequency of scams involving these cards has risen. There are many types of prepaid and gift card fraud, involving both the sale or loading of cards, and using prepaid or gift cards to make a purchase. High risk cards can cost you on either end of the transaction.

High risk cards can also hurt you if your product or service is offered on a payment plan. The first payment on a prepaid card might be approved, but subsequent payment transactions could return insufficient funds. Not only do you have product loss, you’ll incur additional costs attempting to collect the debt internally or settle for a fraction of the debt through a collections service, if you can collect at all.

DOTS BIN Validation uses the Bank Identification Number (BIN), comprised of the first six digits of a card number, to identify the issuing bank and card-type, including those higher risk prepaid and gift cards. Cross-referencing the BIN with user phone and address information can help you identify a high-risk transaction.

Your team creates protocol to manage these transactions, such as:

• declining prepaid cards outright at point-of-sale
• requesting a secondary form of payment in real-time
• simply flagging the order for review before fulfillment

BIN Validation also provides the name and phone number of the issuing bank, so you can call to verify flagged transactions.

Validation services help your team stop wasting time identifying and troubleshooting fraudulent transactions, and spend more time managing transactions flagged as high-risk before they become a problem.

It’s increasingly important to protect your business from fraudulent transactions. Implementing an API can literally stop fraud before it even begins, right at the point of sale, and in real-time. Learn more about how Order Validation or BIN Validation can help you prevent fraud and enjoy the benefits of improved customer satisfaction and more efficient resource management.

The holidays are approaching. For many merchants, this is the busiest and most profitable time of year. Especially if you sell high-ticket items that are popular as gifts. Unfortunately, the holidays are also the high season for incorrect and fraudulent orders.

First of all, both your staff and your customers are human – and it is easy for both to be more human than ever over the holidays, because of high transaction volumes, rush orders, and the stress of the season. A bungled address or a credit card problem can have effects ranging from time and human intervention to the possible loss of merchandise. And your valuable customer service reputation can also take a hit from order and delivery errors.

Merchants are also often targeted for intentional fraud over the holidays. Did you know that stolen credit card numbers sell on the black market “dark web” for as little as $5 each? And that cards with what hackers call “full info,” including name, address, expiration date, verification info and CVV can be had worldwide for $30-40 apiece? It is a small price to pay for someone who uses that card with a fraudulent name and mailing address – and a large cost to you when they use it to order expensive merchandise from your business.

The cost of fraud to unsuspecting businesses can sink your profit margins. Small businesses, in particular, can be on the hook for merchandise ordered by thieves who never intend to pay, and globally this kind of fraud costs businesses throughout the US $14 billion per year . Online merchants have become particularly vulnerable, with a 9-12% year-over-year increase in fraud levels as of 2016 . Beyond chargebacks for stolen or fraudulent credit cards, there are costs in your time and manpower involved – not to mention the aggravation of unexpected losses.

Thankfully, you can mitigate a great deal of this risk with a little planning. Here are some tips for putting a little more holiday cheer back into your busiest season:

Look for the red flags

Fraudsters often have a common modus operandi. Look for orders where the “Bill to” and “Ship to” addresses are different, unusually large orders from unknown sources, or international orders, particularly from developing countries. And particularly around the holidays, pay attention to last minute high-ticket orders with rush shipment, where merchandise can fall into the wrong hands before the fraud is discovered.

Have a policy

What procedures do you follow when you receive a questionable order? What procedures do you follow to make sure that orders are valid or accurate? Are there circumstances where it would be prudent to delay shipment or decline an order? Learn the norms for vendors in your business, and teach all of your employees to follow them.

Validate your orders

For most businesses, one of the most reliable solutions is to use an inexpensive online service to verify the authenticity of a customer. A validation service can compare your order information against existing databases to quickly answer critical questions like whether an address is valid, a name or its corresponding credit information is legitimate, whether the IP address of an online order matches the address you are shipping to, and much more.

One solution for this is Service Objects’ DOTS Order Validation^SM, a real-time API that verifies, standardizes and authenticates customer order information. It performs 200 proprietary tests including address, BIN, email and IP validation, giving you an overall order score of 0-100 to flag suspicious orders. Check it out today and make sure your business avoids the perils of fraudulent orders this holiday season.

_{¹ Danielson, Tess, “Here’s exactly how much your stolen credit card info is worth to hackers,” Business Insider, Nov. 30, 2015. http://www.businessinsider.com/how-much-stolen-credit-card-info-is-worth-to-hackers-2015-11}

_{² Heggestuen, John, “The US Sees More Money Lost to Credit Card Fraud than the Rest of the World Combined,” Business Insider, Mar. 5, 2014. http://www.businessinsider.com/the-us-accounts-for-over-half-of-global-payment-card-fraud-sai-2014-3}

_{³ LexisNexis, 2016 LexisNexis® True Cost of Fraud^SM Study}

The United States is finally catching up to its European neighbors in terms of adopting the more secure EMV chip credit and debit cards. EMV, which stands for Europay, MasterCard, and Visa, is considered less vulnerable to credit card fraud than magnetic stripe cards because their embedded, encrypted chips cannot be copied by counterfeiters. Despite the ongoing shift to EMV chip cards, projections point to a doubling of credit card fraud from about $3.1 billion to over $6.4 billion in 2018.

How is this possible? Fraudsters will have fewer opportunities to clone cards with illicitly placed magnetic readers, so counterfeit cards will likely become less prevalent. Just as bankers, merchants, and consumers shift to EMV chip cards, fraudsters will have to shift to other devious means of committing credit card fraud. One area prime for fraud involves “card not present” (CNP) fraud.

CNP fraud takes place when someone uses someone else’s credit card to pay for a transaction but does not physically present the card to the merchant. For example, when placing an order over the phone or online. It doesn’t matter if the card has a secure chip or not if the card is not present to be scanned and verified. So long as the fraudster has the credit card’s number, billing ZIP code and CVV (Card Verification Value) number.

CNP fraud is expected to displace the gains made by EMV chip cards, nearly dollar for dollar. This happened when Canada adopted EMV cards a few years ago. According to the Canadian Bankers Association, counterfeit card fraud went down from $245.4 million (CAD) in 2008 to $111.5 million in 2013. At the same time, CNP fraud increased from $128.4 million in 2008 to $299.4 million in 2013.

How to Prevent CNP Credit Card Fraud

An article on the subject posted on Pymnts.com offered a three-pronged approach to prevent CNP credit card fraud:

• Tokenization, which makes stolen data useless 
• Behavioral analytics, which helps in making authorization decisions 
• “3-D secure,” which adds another layer of security such as a PIN or password 

Take CNP one step further by using order validation tools to verify customer information and detect signs of potential fraud. For example, DOTS Order Validation will produce an overall quality score based on inputs such as customer and credit card details.

Order Validation cross-validates data against seven distinct contact validation services such as BIN Validation, Address Validation, and Phone Exchange. Mismatches and risk factors (such as if the cardholder’s name is bogus, the shipping and billing addresses are different, or the card is a gift card or from a country of high risk) are immediately flagged before the transaction reaches the payment gateway. Using the quality score and warnings from our Order Validation API, you’ll be better able to detect potential CNP fraud before it happens.

We listened to our clients feedback and performed some fine tuning on our DOTS Order Validation service to better meet their needs.

Our DOTS Order Validation service performs multi-function verifications including address validation, BIN validation, reverse phone lookup, email validation, and IP validation. Our proprietary normalizing algorithm inspects the various customer components and returns a 0-100 quality score on the overall validity and authenticity of the customer. 

With the fine tuning, quality scores in many of the test categories were re-balanced to no longer be as strictly penalized. Changes were also made so that the service could handle a wider variety of cases where data may or may not be available.

While the service still errs on the side of caution and will remain strict,  it is no longer as heavy handed with its penalties. Clients will still encounter orders that require review, as it is part of the service’s duty to make clients aware of suspicious looking orders, but they will also see many more valid orders pass. This means that the number of orders that need to be manually reviewed will be lower and will consume less time.

Click here to learn more about DOTS Order Validation.

Amex Express Checkout is a new checkout option that recently went live this month, and unlike the other payment methods it is not an e-wallet in the conventional sense. Instead of creating and managing payment accounts for one or more payment methods, the Amex system leverages a user’s existing account information, so when a user is ready to check out all they need to do is enter their Amex username and password. The same credentials they would use if they were to log directly into their online Amex account. That’s because they actually are.

Like the other payment methods, the Amex system is focused on security and ease of use. The idea being that the card holder never has to enter their credit card information, instead the data is securely sent directly to the online store from American Express and so both the online merchant and the card holder can rest assured that the provided information is current. With other e-wallet systems, it is up to the card holder to update their card information if a card expires or a new card number is issued and so on.

There is Still a Potential for Fraud, Even With Fast Checkout Options

One would think that with so many secure payment options available today that an order validation service in your checkout system would be unnecessary, but that’s not the case. These payment systems may be designed to be secure and easy to use, but there is still a potential for fraud. These checkout systems primarily only fill out the billing details and have nothing to do with the shipping details or other aspects of the order. A service like DOTS Order Validation can take a look at the individual details as well as the big picture to help prevent fraud. Also, not all customers are going to use these sort of checkout systems; so an online store will almost always have an option available for a user to enter their own checkout information. Otherwise, the store risks losing a potentially large customer base.

If a fraudster has an opportunity to circumvent additional security then they are going to take it, and they will most likely not choose these checkout systems. Which means that a service like OV will play an even larger part in helping fight fraud. Overall, e-commerce shopping cart programmers would do well to make use of these e-wallet systems and use a service like DOTS Order Validation. A service like OV is not in competition with these type of systems and it will still have a place in helping prevent fraud.

Online fraud affects businesses of all sizes. According to The Nilson Report, in 2012, payment card issuers, merchants, and their acquiring banks lost over $11 billion to fraud. Whether you’ve already been hit by fraudulent orders or are concerned about the potential, online fraud prevention is a must. One of the best ways to prevent online fraud is to be aware of the following three telltale signs that an order is fraudulent. This awareness allows you to stop that transaction from taking place or implement other security measures.

 

1. The IP address of the customer does not match the shipping or billing address entered or the IP address is from a high risk country.

   When users browse websites, their IP addresses provide valuable clues as to their physical locations. A quick IP address lookup can tell you which city or country an online customer is located in. If that location does not match the shipping or billing address, it could indicate online fraud. In addition, several countries such as Russia, Malaysia, and Ghana, are notorious countries of origin for many online fraudulent orders. If a customer’s IP address is from one of these high risk countries, the order could be fraudulent. What if the IP address is cloaked or it’s obvious that the user is using some sort of proxy? While many computer users use proxies for legitimate purposes, a cloaked IP address is another red flag to be aware of.

2. BIN of the payment card indicates a country of origin that is inconsistent with where the customer says he/she is located.

   A Bank Identification Number (BIN) is a prefix on a credit card which identifies the issuing bank’s name, payment method, card type, and issuing country. If the BIN’s country of origin does not match the customer’s location, it could be a strong indicator that the order is fraudulent.

3. Infidelity between the phone number owner and billing name.

   Another clue involves a mismatch between the billing name on a credit card and the customer’s entered phone number. For example, if the customer says his name is Bob Smith and uses Bob Smith’s credit card but enters a phone number that is not owned by Bob Smith, this could indicate online fraud.

Looking up IP addresses, BIN numbers, and phone numbers for each transaction is an effective means of online fraud prevention. However, doing it manually is generally not an option. Fortunately, DOTS Order Validation, which combines multiple DOTS services, automatically cross-validates customer information in real time at the point of purchase. DOTS Order Validation can instantly flag these telltale warning signs (and many others) so that you can prevent fraudulent orders from occurring.

Updated from original post Why Cross Checking is Important When Using a Contact Validation Web Service, published 02/17/10

Although the Internet allows for many business benefits, it is also an effective way that fraudsters create bogus leads or orders—ultimately creating business headaches. Online fraud is a pervasive issue that costs businesses billions of dollars every year in lost merchandise, customer satisfaction, and resources. There are many data quality companies who provide services to verify your online leads and orders, but how exactly do they go about doing that? And how are you supposed to decide which service provider will best meet your fraud-prevention needs?

Given that online leads and orders consist of multiple pieces of customer data points, it is imperative that the data verification process goes beyond checking the validity of each individual piece of information. In a truly valid lead or order, all elements must not only be accurate, genuine, and up-to-date, but consistent with one another. This means that your fraud-detection software service should normalize, cross-reference and compare the contact data for consistency, and generate a score or rating of the customer’s authenticity. It should be able to flag warnings that include:

• A mismatch between the computer’s IP address and billing/shipping addresses
• Inputted phone number owned by a different name and address
• Disposable or bogus email addresses
• A fictional or bogus name
• Bank Identification Number of credit card is from a country of high risk

If the lead or order validation service you’re using does not employ advanced cross-checking algorithms, you risk accepting accurate but not genuine data in your database and systems. Your sales team may waste time trying to qualify fake contacts, or you may send out a shipment without knowing if the credit card used is legitimate and actually belongs to the intended recipient.

Here are some other crucial data elements to look for in a strong Lead Validation or Order Validation web service:

• US address verification that includes Delivery Point Validation and USPS CASS-certified data
• Canadian address verification
• Reverse phone lookup
• Detailed phone exchange information
• Email validation with MX record and syntax checking
• Comprehensive IP address validation
• Bank Identification Number (BIN) validation for issuing bank authenticity

If your business relies on ecommerce transactions for revenue, Order Validation is a must to protect your business. And if your sales team relies or accurate, genuine leads to bring in new sales, a Lead Validation tool is great for building your business. If you’d like a demo of our data validation service or a free trial, please give us a call!