Online Fraud - Tackling fraud on your website

I have Laila - at Mary and Marie to thank for this post. ​Both of our online stores have been targeted by fraudulent customers of late. This means we have had customers who shopped at our online stores and used fraudulent/stolen credit cards to make purchases. These orders have been processed through our payment gateway providers Eway and SecurePay respectively. It is worth noting that in my years of experience I have not had a fraudulent order on Paypal.

This post will look at some of the ways to spot fraudulent orders and what you can do about them. ​

How do you know that an order is fraudulent?

It can be difficult to tell if an order is fraudulent. If you use Shopify, then Shopify has some built in techniques ​they try to spot and flag a fraudulent order.

  1. If the billing address is different to the IP address of the customer. Shopify will flag when this occurs. It assumes that the country where the customer lives (ie billing country) will be the same as where they are sitting on their computer. Of course people travel - so this is only one flag. ​
  2. If the order is from overseas - ie outside Australia then it is worth logging into ​your gateway provider and checking that the country where the card is issued is the same as the billing country or the country of the IP address. If any of these don't match its likely to be a suspect transaction. For example the other day we received an order from Ireland. The billing and shipping address was Ireland but the credit card was issued in Canada. This should raise a red flag.

Once you have performed these checks it is up to you to make a decision.

What can I do about the fraudulent order?

  1. You can cancel the order and refund the credit card straight away with no further investigation. ​
  2. Alternatively if you are not sure if the credit card is fraudulent you can contact the customer. The best way to verify it their credit card is to follow a process suggested to Laila when she spoke to the head of SecurePay. ​
  • ​Log into your payment gateway and refund 10cents. Email the customer and say you are concerned about the transaction and your bank has flagged the order as fraudulent. Ask them to confirm the amount of the refund. Only the legitimate card holder can log into their bank account and confirm the refund amount. If they can't do this or don't reply then cancel the order and refund the card.
  • You could also ask for a scanned copy of the card but this is not as fool proof as the suggestion above. ​
  • Often times the person committing the fraud will not email you back when you contact them.  This is not always the case though, as we have had fraudulent people email us back at both cornflowerblue and Mary and Marie.
  • There are extra fraud safe guards that you can pay for with payment gateways like Eway. However they are pricey. You need to decide how costly fraud will be on your site and decide if the ongoing expense is worth it.​

If the order is in Australia - you can call your credit card merchant if you are concerned that there is fraud on an Australia card. There is no one you can call for an overseas card which is why you need to follow these processes. ​

If in doubt don't send the goods. The store owner is the one who loses out when there is a fraudulent order. If you send the goods the bank will take the money back and you are left out of pocket. ​

If you need any help with fraudulent orders then please contact us. ​