An Efficient Checklist To Prevent Fraudulent Transactions

If you’re an online business, then probably you’ve been introduced to the underground of the e-commerce: Online Fraud. This article lists the best ways to prevent fraudulent transactions.

You have this great product, you advertised it well, and you revamped parts of your website just to accommodate this particular product. Transactions begin to fly in and you’re quite thrilled. Few weeks later, you suddenly start dealing with a major waste of time and money: chargebacks and/or returned checks. You discovered that the reason for chargebacks/returned checks was that the credit card/bank account was compromised. The only solution that you have is to return the money, and to forget about the product that you probably shipped (in the case of a physical product). You ignored online fraud, you learned your lesson, but now what

Worry no more, here is a small checklist that you can implement to prevent fraudulent transactions:

1. Never allow direct debit transactions on your site: Direct debit, a simple technique where you can just debit any account (mainly in the US & Canada) by simply knowing the account # and the routing # is more susceptible to fraud than any other type of online transaction. Think about it, you just have to know the account # and the routing # of a person just to debit his account, you don’t even have to know his name, his address, or anything else for that matter, just his account # and routing #. Payment gateways only check for these 2 and ignore all the other information they receive about this account (including the name and the address).

2. Don’t use AVS, use CVV: AVS is extremely unreliable and at many times there’s no verification against it. On the other hand, CVV is very reliable, as usually the purchasing person has to have the credit card in hand in order to make the purchase. However, always ask for the full address of the person, you might need it in case you are suspected of fraud.

3. Monitor the IP of your transactions: If you have IPs originating overseas, yet the address mentioned either in the billing or shipping address is local, then it is highly likely that this is a fraudulent transaction. Have a small script to raise an alarm and halt the transaction in case the country where the transaction is originating from is different than the country where the client is claiming to be in. Your script also has to blacklist that IP so that your system won’t process further transactions originating from this IP anymore. Keep in mind, however, that forging an IP is always possible.

4. Monitor the shipping and the billing address: As mentioned above, forging the IP is not very complicated, and there are tools to do it, so in some cases, the above method won’t work. However, if you have someone whose shipping address is overseas but his billing address is local, then this is another sign of fraud. Another sign of fraud (although sometimes it might be a legitimate transaction) is to have a name on the card that is different from the name of the person to ship the product to. Have another script to check for both cases. However, don’t stop the transaction but only allow for manual processing after you contact the owner of the card.

5. Do not reveal your security measures: Revealing your security measures is not beneficial at all to your clients; on the contrary, it is very intimidating. On the other hand, the person committing the fraud might really appreciate your gentle gesture in disclosing such information, as he/she will be able to figure out how to circumvent your security measures.

Although there are no guarantees whatsoever that you will totally stop fraud once you implement this list, you will for sure reduce it considerably. Implementing the above in our company reduced fraud to almost 0 transactions/month (the last fraudulent transaction we had was about 4 months ago). Note that we had about 30/month before implementing this list (roughly about 0.25%).

You may also like

Leave a Reply

Your email address will not be published. Required fields are marked *