According to recent figures from Kaspersky, online fraud is costing the global economy 'many times more' than initial estimates of losses of $100bn (£62bn) a year. And it's only getting worse as commerce becomes 'mobile first'. With that in mind, here are some steps to help your business maintain non-fraudulent activity, and stop potential fraudulent activity before it gets a chance to wreak havoc on your business:
Ask yourself if it's too good to be true
If you typically sell one widget per customer and someone orders 100 in one order, pump the brakes. Does this customer have a record of ordering wholesale quantities? Don’t let the excitement of a big sale blind you. The chargeback fees, lost product and additional fraud attempts will be painful.
Validate the order
If an order seems suspicious, validate it. First, verify the shopper’s address and phone numbers with WhitePages.com or Spokeo.com. Search the email address in Google or even Facebook, and if nothing turns up, call the shopper.
Ask if he or she can verify the billing address associated with the credit card, and then follow up by asking for the names of the cross streets nearest their address (have GoogleMaps open and listen for a delayed response or typing in the background).
You’ve probably heard the expression, 'If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck.' The so-called ‘duck test' suggests that you can determine what something is by its habits, and this applies to online shoppers. If XYZ Corp. orders $10,000 worth of business software from a residential address, it failed the duck test.
Likewise, if Jane Smith uses the email address DaveD@whatever.com, that’s a red flag. Why did this person attempt to use six different credit cards before getting an order through? Why is the customer, who supposedly lives in Chicago, shipping to an unaffiliated address in Jakarta, Indonesia? Legitimate customers act like legitimate customers.
Create a blacklist
Record a blacklist of fraudulent credit cards, email addresses and shipping address so you automatically decline them in the future. Be sure to review questionable transactions closely so you don’t accidentally put a good customer on your blacklist.
Track the performance of fraud rules
Whether your use a fraud tool or monitor transactions manually, create rules for preventing fraud. Good rules flag or stop suspicious orders without stopping legitimate purchases. So for example, if 95% of your orders contain less than 20 units, requiring a manual review of all orders over 20 units is a reasonable rule.
To see if the rule is working, you can compare the percentages of fraudulent transactions and non-fraudulent transactions that triggered the rule.
Update your rules
Review declined transactions frequently so you understand what forms of fraud are most prevalent and adapt your rules. For example, if you have multiple fraudulent orders with @aol.com emails (yes, people still have them!) shipping to Houston, Texas, create a rule or monitor all transactions with @aol.com email domains shipping to Texas. Over time, smart fraudsters will identify your rules and find ways to get around them, so keep evolving.
Identify your targets
Fraudsters often target products that will be easiest to resell. If you sell bicycling gear, for instance, criminals might have an easier time selling bike lights and locks than a whole stolen bicycle.
Repeat offenders also know that high dollar purchases trigger fraud prevention systems, so they will focus on low dollar orders and maybe spread them across multiple credit cards.
Sourced from Ralph Dangelmaier, CEO, BlueSnap