Credit card fraud is ridiculously simple and easy to execute. This explains why there are so many young and dumb people involved in it. Fortunately, it's nearly as easy to eliminate almost all of it in your online shop.
After I wrote a point of sale and inventory management system in 2001 for the skateboarding business I worked at, I spent the next 12 years running the online portion of it. One of the things that remained relatively consistent was how to catch people using stolen credit cards on the site.
If someone gets an order through on your site with a stolen credit card, the charge appears on the statement of the person that had their card stolen. They will report the card stolen and dispute the charge. Your business will then get an automatic deduction of the charge amount from your bank account. This is referred to as a chargeback. It is now your company's obligation to prove your case so you can get the chargeback reversed and have your money returned to your bank account.
Chargebacks seem to surprise many new stores and sellers going online. They're particularly damaging since not only do you lose the value of the sale, the items on the sale are lost, too.
I'm going to go over the basics of what we looked for to keep our chargebacks to a minimum and what I learned over the last 12 years of managing an online store with volume of around 1,500 to 2,000 orders per month.
Learn your credit card company's rules for all the security requirements you need to meet to fulfill your obligation to accept and charge a credit card. Generally in the US, you're only truly safe if you get a valid Address Verification Service confirmation AND you ship to that address. I've found that in almost every other case, if the customer challenges the charge, the business will lose.
Credit card processors allow you great flexibility to set the rules for what charge attempts to let through. At the strict end of the scale would be to accept only US cards where both the address and zip code match, a valid Address Verification Service confirmation is received, and then only shipping to a customer's billing address. Industries and sites with a fairly high fraud rate will go this route. If you're at the strict end of the scale like this, you don't really need any other tips. Of course, to maximize your sales and customer service, you're going to have to let your guard down a little.
If you got past tip two, this means you're loosening up your credit card charge controls. All good, but now you've got a defense job to do. Your shipper is your last line of defense against fraudulent orders. Make sure the information is in their hands to allow them to make the best judgment call on each order they handle. When your system records and order, it should capture all the authorization details provided by the credit card company. This includes data regarding whether or not a valid Address Verification confirmation was received, the billing address used for that confirmation, whether the card is a US issued card or not, etc. All of this information should be shown to your shipper on the order processing screens. They will use this information to make the call on what to do with an order that raises the flags in the remaining tips in this list.
Sure, firstname.lastname@example.org and email@example.com could be legitimate people, but there's a lot you can learn by looking at someone's email address. Is the order under John Doe but the email something completely different? Is the email from a free email service like Gmail, Hotmail, or Yahoo that easily allows you to hide your identity? If the email is a company, go to the domain and check it out. All of these things factor into your determination of this being a sketchy order or not.
Sometimes grandma in Washington state orders three pairs of shoes for her little tyke in Miami, Florida, but generally, we found it a fairly rare case. When it is the case and grandma is legit, we've found that other tips in this list, particularly #6, #7, and #8 help in making the right decision on whether to ship or not.
Thieves want their stuff quick and they're not paying for it, so many times, you'll find them ordering Next Day Air or Second Day Air. It seems in recent years, however, many have realized that fast shipping is a flag and have tried to remain more low key using regular Ground shipping.
Did this person order three pairs of Matix pants and a Shake Junt shirt? If you know your customer, you will know that those two brands generally don't mix. Same goes for someone who orders longboard wheels with a Baker deck, etc. We've also found that what thieves want most is shoes. If someone is ordering three pairs of shoes, if all the shoes are different sizes and a wacky combination of styles/brands, that's a flag alerting you to take into consideration the other tips on this list.
If enough other tips in the list cause you concern, call the number the customer left when they placed an order. We've found that most thieves, being young and dumb, don't want to talk on the phone and give themselves away by leaving a disconnected number. When we called on a suspect order and got a disconnected number, we immediately voided the order, put the stuff back in inventory, and flagged that customer's account as fraud. We generally were 100% correct doing that. If the customer does answer, simply explain that you're doing a routine verification of shipping address and items on the order. You'll be able to easily tell if it's some frightened sketchy idiot trying to rip your business off.
This was our policy and was coded into the checkout process. Thieves would generally put just a one word entry like, gift or some weird broken English in there like, my cousin need now. This process helped tremendously with preventing so many fraudulent orders from shipping.
We had a global brand at that skateboard business I worked at and all over the world when we traveled, visitors to our site recognized us from approach I always took towards marketing our site. That today is referred to as content marketing. I had done that since day one when I started the site in 1997. Anyway, that content marketing combined with the business doing skateboarding events all around the world led to a global audience. We knew we needed to sell to them, but the shipping rules, taxes, and high fraud rates with no Address Verification confirmations to fall back on were complicated and intimidating.
Well, that's a start for now. I hope that helped. Email me or leave comments below with any questions. I can be reached at firstname.lastname@example.org.
There are no related contest results for this article.