Types of online fraud, how to detect them and tips on what you need to be doing.
Types of Fraudulent Transactions
will take about 7 minutes to read…..
Different fraudulent transactions may occur in your online store or even brick-and-mortar store. Knowing the types of fraudsters out there, understanding them and recognising them is beneficial and will help you minimise them.
Friendly Fraud
As mentioned above, some customers know how to work the system. Knowing that they are fully protected by the chargeback/dispute process, they will look to manipulate that very process. They buy the goods, have them delivered, and some weeks later (remember they have six months), they raise a dispute for “goods not received” or “goods not as described or defective”. Of course, as always, the onus is on you as the business owner to prove otherwise.
It’s essential to keep records of all correspondence and tracking information to be able to support your claim when the time comes. It would be entirely up to you to try and refute this sort of chargeback as it can take up much of your time, cost money, and, more importantly, become extremely frustrating. It comes back to what I have said throughout my site – it is the difference between doing the smart or right thing.
In cases where I have had to deal with this sort of fraud, one thing I have never done is call and confront the customer. I believe this sort of behaviour should be avoided at all costs. One, because you don’t know who you are dealing with and things could escalate, and you could put yourself at risk, and two, because they have taken your product and your money, you don’t want to end up with a bad review over it as well.
The best way to proceed is to send a professional response to the bank or your financial provider addressing the issue without emotion – just facts. If it goes against you, then move on – you have a business to run and other customers who need your attention.
Card Testing / Card Checking / Carding
All these names mean one thing. Your site could become a facility for criminals to test stolen credit card information to either validate the card and sell them or make purchases. They sometimes try with small amounts to go undetected as the cardholder won’t generally be suspicious if they see a transaction of $2. However, they also test with large quantities, as they are not after the product as such, but rather the validity the card has and what credit limit the card has.
Your experience and statistics should be able to guide you here in identifying fraud. Here are some examples of mine:
Example 1 – Large Purchase (generally uses 1 or 2 credit cards but attempts multiple times to ascertain credit limit on stolen cards)
Scammer enters online store and goes immediately to the first available product.
- Selects the first size available
- Selects the first colour available
- Selects the maximum items your site permits them to purchase
- Selects the most expensive form of postage (in this instance express)
- Selects the most expensive shipping zone
The names, emails, and phone numbers are all fake, and it is more than likely that if you post these items, they will be returned to you marked “unknown person or unknown address.”
Example 2 – Small Purchase (generally uses a lot of credit cards number attempts – they are trying to validate a credit card number by punching in different variables. They are not concerned at this point about the credit limit)
Scammer enters online store and goes immediately to the first available cheap product.
- Selects 1 item only and is not interested in postage method or shipping zone.
- Names, emails, phone numbers are all fake and could even be incoherent.
You should really try and protect yourself from this type of activity as you will have a very high decline rate on your transactions, and this will raise a red flag with your financial provider. This can ruin your reputation as a business to card networks and it will cost you an absolute fortune in disputes if some of the transactions get through.
We worked through this to block the IP addresses after a 3rd attempt. Remember that these scammers need an accessible platform, so you need to make it as difficult as possible. But you should be mindful not to disrupt your business. For example, we have all heard of and seen the CAPTCHA verification. Rather than put this as a default on your site, which is arguably one of the most annoying things I have ever seen, perhaps you would consider applying this to specific geo locations or IP addresses for a few days so that the particular fraud can stop.
Work with your third-party gateway or financial provider to find solutions for these problems. You can set parameters, rules that you can build, and filters that can be implemented. Each business will be different in its approach to have minimal effect on its sales.
Freight Forwarding Fraud
Most of the fraud coming through our online store was outside of Australia. This created an automatic response from our end to flag international orders and run checks on them based on basic rules (which I mentioned above). International orders were, in our view, at a higher risk of fraud than domestic orders.
Fraudsters, however, found a way around this and started to use a freight forwarding service. Let me give you an idea of how this works:
Scammers buy products from your online store and pay for them with a stolen credit card. The address they provide is inside Australia and seems legitimate. This way, they go undetected and unsuspected that it is an international order, where they would undergo verification checks. Every time, they also have a different address, so they won’t be blocked by companies and have their orders cancelled. They are simply re-routing the merchandise to make their order look legitimate.
Scammers then scam the freight forwarder with payment from stolen credit cards to have the merchandise shipped overseas. The products successfully land at the scammer’s addresses, and both the merchant and freight forwarder have been left with disputes and chargebacks. The scammers work at a rate that is way too quick for authorities to catch them.
If you are receiving many orders going to the same address under the same or a different name, make a simple search engine search of the address. If it is a freight forwarder, this should raise alarm bells.
Overpayment Fraud / Scam
This is what happened to a brick-and-mortar store that was supplying our product.
A customer in person made a purchase using a stolen credit card, and when asked to enter their PIN to complete the transaction on the EFTPOS terminal, the scammer added “0” to the amount, and from $40, the payment got to $400. The customer then blamed the store owner for overcharging them!
To resolve the situation at hand the customer told the owner to keep the credit card transaction of $400 and simply refund them in cash $360. The store owner complies because they feel terrible for the error that they supposedly made.
They walked out with the product + $360 in cash. The poor store owner also had to cover the $400 dispute on the credit card!
I had a strict and clear policy on our online store that the only way refunds are processed are through the same way they were paid. If the customer claimed, they cancelled their credit card, or it had expired – I would encourage them to raise a dispute. I would much rather pay $25 for the chargeback than lose hundreds of dollars in a scam.
Auction Fraud
My advice above as to why you should never confront the customer or recipient comes into direct play here. This is one of the most annoying types of fraud, as there are no signs or suspicions.
Let’s say you sell golf clubs.
Mark is a scammer. Mark creates a listing on a marketplace or an auction site selling your golf clubs.
Mark sells a set of golf clubs valued at $800 to Peter through a marketplace.
Peter pays Mark $800 and is now waiting for his merchandise.
Mark comes to your online store with a stolen credit card and places an order for Peters golf clubs. He has peters information, so he inputs that on the billing and shipping information. It all looks legitimate, and you dispatch that order.
You then receive a dispute for an unauthorised transaction, and the funds are taken away from you. But it all seems legitimate, and you don’t understand what you missed.
Peter, the customer, legitimately ordered and received what he paid for. So, you can’t go knocking on Peters’s door!
Mark is the scammer who has made $800 by ripping off two people. The credit card owner and You.
- Unfortunately, you will pay for everything.
- The credit card owner is protected by the credit card facility.
- The credit card facility will get its money from the bank.
- The bank will get its money from you and charge you an additional fee for the privilege.
You lost the product and the sale amount and now have one dispute against your business name.
Can you see that Cranky Boss moment set in right about now?
General Fraud / Theft
There is nothing complicated about this sort of fraud. These are your everyday people who are just thieves. The ones that also get caught stealing in department stores.
They generally have a stolen credit card available and purchase products that they genuinely want. They have them posted express to an address, track them, await the delivery, and take receipt of them. So as not to be traced, they may generally place a fake name on the parcel and instruct the postal service that it may be “left without a signature” or “in a safe place”, and that way, they can retrieve the parcel without raising suspicion. Sometimes, they may target a vacant property, have the parcel sent there, and collect it while no one is around. They find creative ways of retrieving their packages.
Conclusion
It would help if you took responsible measures to reduce the risk of fraud to your business. There may be times you will be able to avoid quite a few, and other times miss some. Don’t be disheartened – most companies go through this. You need to find a way to minimise it so that you are not penalised and blacklisted by financial services and providers, and then there are some you need to put down as bad debt. However, be sure to respond to ALL disputes raised and sent to you from your financial institution or provider.
Unfortunately, businesses tend to cop the brunt of everything; fraud is generally just another one of those things. Don’t lose focus on the bigger picture of why you are in business and the rewards that can come with it. Move on and put your focus where it belongs.
Tips on Detecting Fraud
If for any reason a transaction doesn’t look right, these tips will assist in determining if they are legitimate or not.
Tip 1. Credit Card
- Check the country of issue.
If you are based in Australia, and someone places an order through your online store using a credit card from a different country that does not match the shipping or billing address, this is a sign that something could be suspicious. Action 1 is needed here.
- Multiple Attempts with different credit cards
Fraudsters will often use different credit cards to purchase if one after the other fails to go through. If you see an order trying to go through and someone has attempted five times with five different credit cards, this is a sign that the transaction is fraudulent. Action 3 is needed here.
- Multiple Attempts with SAME credit card
This does not necessarily suggest fraud. It may simply be a case of someone not having sufficient funds in their account, and they keep trying because they are “certain” they have enough money to cover the transaction. Action 2 is needed here – a simple phone call to get a feel of what’s happened. In most cases where this happened to me, the transaction was legitimate.
Tip 2. Information on the order
- Check the name. Does it make sense? Or is it some mumbo jumbo names put together?
- Check the email address. You will generally find issues with the free email addresses, such as Hotmail and Gmail accounts. Often fraudsters may use complete made-up email addresses that bounce. Check your logs to see if this is the case.
- Check the phone number. Call it and see if anyone picks up or if it’s a dead end. If someone does answer, be spontaneous and immediately say, “good morning, this is Jane from XYZ company; who am I speaking to?” In most cases, you will find that a legit person will respond with “Hi Jane, this is Peter”. Fraudsters will generally either hang up or um, and err, trying to think of what name they gave because you are probably not the only one they are ripping off. You can generally get a feeling once you talk to someone if they are legitimate or not.
- Shipping Method. I can confidently tell you that ALL our fraudulent transactions used express as their shipping method. This was mind-blowing. Then again, why wouldn’t they? Someone else is paying for it! However, this does not mean that all online orders that select express as their shipping method is fraud. It just means that if the name doesn’t make sense, and the email doesn’t make sense, and the phone number is a dead-end, AND they have chosen express – then it’s most likely going to be fraud.
- Shipping Address. Google Maps is a great tool to gain information on shipping addresses – or even a google search can be beneficial. Look for things that simply dont make sense, such as vacant land, or storage facilities, etc. Freight forwarding companies are a major red flag. I cancelled all orders going to freight forwarding companies. I had cancelled $15,000 worth of orders in one week alone, and I was right. They were fraud.
- Products. Look at the products ordered and see if they make sense. Did they pick the first product on your site and order ten pieces of it? Did they go to your most expensive product only? See if you can see a pattern here or get into the mindset of what they are trying to achieve.
So why don’t we just perform these actions all the time?
a) it is time consuming, and time is money
b) you may delay sending out an order because it is under review. If the order is legitimate, it may deter the customer from coming back again
c) some customers may feel uncomfortable and feel they are being accused of something they did not do. It’s important to know when to act.
d) Actions should only be performed if there is genuine suspicion or several things don’t add up. It’s unlikely that your business only has fraudulent orders or that they form most of your orders.
You are simply trying to minimise the fraud, not create a full-time job checking all your orders.
For example, you would not suspect an order simply because the user has a Hotmail account, nor would you cancel an order if a name is unfamiliar to you.
We used to get reports from SecurePay that allowed us to check information daily. They specifically custom made this for us, which was a great tool I used in fraud prevention. Our Web developers also created a custom-made feature on our CMS that would flag all orders with three or more credit card attempts. We would then manually intervene and look at all the features, as mentioned above, on the online order.
You can also implement actions on your platform whereby you can automatically decline a transaction after three attempts. You can also look at blocking certain countries or geo-locations from entering your site.
For example, you can block all traffic if you see a lot of fraud coming from a specific country you typically don’t sell or send your product to. It is an extreme measure and one I would only use if necessary. Remember to keep perspective and use accurate data, not emotions or what can “feel like” a significant amount.
You can also manually configure the attempts made per credit card, or if someone is using multiple credit cards, you could look at blocking the user. A good web developer could assist you with these sorts of issues, and this is a crucial difference, as mentioned above, between having a great team working with you to build and develop your site rather than stock standard platforms. Indicators that standard platforms use could be extreme and have an enormous negative impact on your sales.
Put simple steps in place, as mentioned above, where you can manually skim through any orders your parameters and system have detected and move on.
Actions to take when detecting online fraud
Action 1
I would refund a specific amount only known to me back to their credit card, and I would ask them to tell me what this amount is. It was as little as 0.23 cents or 0.12 cents. Something minimal but specific that they could not guess. I would do this via email to have the proof available to me should a dispute be raised.
If they could tell me the exact amount, it meant that they had access to their bank account and not just the details of the credit card. This verification process was enough to convince me the transaction was legitimate. I can tell you that this method never failed.
Action 2
📞 Call the phone number and get a feel of the person on the other end. Be friendly and polite, and ensure they don’t feel you are checking upon them. Use reasons, such as dispatch delays or out of stock products and see how they react. Get a feel of how legitimate they are.
☑️ Check their name against social media. See if their name comes up, and have a look at their location. See if it matches their address. If they have ordered products in different sizes and colours, and their social media shows they are a family with children, this could be a sign of legitimacy.
📧 Check their email address. If they have provided an email address that may look like a company, look it up and see if they work there.
See if their information makes sense and if things add up. Use your gut and instinct. If you are still unsure, then move to Action 1.
Action 3
Cancel the order and immediately refund the transaction. When you have no doubt the transaction is a fraud, refund it and keep a record so you can show your bank once the dispute has come through. This will show your bank you are serious about fraud and on top of things.
There will be times that the customer will attempt to contact you to ask where their order is. You can either choose to ignore them or politely respond that your financial provider could not process their transaction. Just remember, you don’t know who is on the other side. You are dealing with a criminal, and it’s always wise to steer clear.
That is a general overview on what online fraud looks like and some tips on how to detect it. More often than not, online fraud will results in a dispute from the cardholders bank. I give more information here about disputes and chargebacks, what they are, how they occur and how to handle them. You want to know this information as it forms part of your risk management in business.
Understanding your risks in business is crucial because you can make informed decisions. Once you identify a risk, you assess it as you see fit and decide how you intend to deal with it.
Risk management forms part of your strategic management in business. Not having strategies in place when running your own business could quickly spell disaster. In fact, it is the number 2 out of 4 reasons why businesses fail.
This simple 5 step guide is what I can attribute my success to. These are easy to follow and understand, practical guidelines that every business owner should know.
It is not one thing alone that makes a business successful – in fact, it’s a number of things that just work well together – and a good share of Cranky Boss moments along the way!