Banks still get robbed. Despite all of the security developed and all that will be developed there will always be a need to screen for fraudulent orders online. This guide is our top tips to protecting your business from online fraud.
Your payment gateway has various security features. It is possible for these to be turned on, or off, and made more or less strict. Review these to ensure they are providing the highest possible protection.
Login to your Payment gateway merchant dashboard (Sagepay, for example) and adjust security settings for fraud prevention :
AVS Match: Reject a credit card if the order billing address is different from the card billing address. This can include the address and postal code. ⚠️ Irish banks Irish banks do not provide this capability so if the billing address is in Ireland this will not be available.
CV2 Match: This checks the three digit code provided against the real one to see if it matches. This can be off so make sure it's enforced.
Gateway Fraud Scoring: Many payment gateways will provide additional transaction scoring to help you evaluate a potentially fraudulent purchase. This is on a per transaction basis.
Identify Orders for Manual Review before Dispatch
Some orders justify additional scrutiny and cancellation if fraud is suspected. Here are our recommendations for identifying which orders deserver more scrutiny or cancelation.
If two or three of the following criteria are met you should hold dispatch and either cancel or further qualify these orders:
order value is over 50 pounds/euros/dollars
popular electronics are ordered (Apple products, for example)
a guest order or new account with no purchase history is used to place the order
a free and public email address is used (including Gmail, Hotmail, Yahoo, AOL, etc) rather than a business domain
the billing address is different from the shipping address (and likely doesn't match the credit card billing address)
a mobile phone number is used on the order (try calling it and talking to the buyer!)
If several of the above are true there is a higher degree of confidence that the order may be fraudulent.
Ensure The Authenticity of Customers Registering
See our our article on Email Verification for more information. If you have self registration activated and credit card payment options activated they will have access to your checkout and can be on your site with bad intent. This feature can assist in validating their authenticity. It is in bad practice to allow users to place orders on your store with fake email addresses, it can also harm your email reputation. When registering with a fake email address you will get an email bounce notification alert when the Welcome email is sent and bounces to the fake email address. You should investigate and validate the authenticity of every one of these should it occur. Bad actors like this may try to use your store to test stolen credit card information.