homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

Red Flags For Suspect Fraud Orders

 4:46 pm on Sep 21, 2006 (gmt 0)

Aside from

Caps Lock letter
Different country IP,

can someone add more to this list

thank you



 5:08 pm on Sep 21, 2006 (gmt 0)

A couple years back we had the great thread where we assembled an extensive list. It was fantastic. I made a hard copy and incorporated it into an in-house memo.

I did a site search and can not find it for you.

Does anybody have that thread flagged or saved?


 5:10 pm on Sep 21, 2006 (gmt 0)

I think this is it....


There was another one too...

[edited by: Rugles at 5:10 pm (utc) on Sep. 21, 2006]


 5:13 pm on Sep 21, 2006 (gmt 0)

This is a nice list.

Types of Suspicious Behavior
·Customer doesn't know the Cardmember ID (CID) found on the back of the Card, indicating that they don't have the actual Card
·Customer asks that you try lower dollar amounts when a decline message is received
·Customer instructs you to try different expiration dates when initial attempts fail
·Customer hesitates, or has a long pause, when asked for personal information
·Customer repeatedly sends e-mail messages requesting confirmation of shipment
·New customer attempts to make a very large credit card transaction
·Customer attempts to place a large order using several credit cards to obtain the total authorization amount
·Customer requests that sales be split up to avoid paying "import taxes" and/or "duty fees"
·Customer attempts to purchase large quantities of a single item
·Customer seems overly concerned about delivery time frames to overseas destinations
·Customer offers the phone number to an authorization center to speed up the credit card approval process
·Customer has little regard for price
·Customer purchases several large-ticket items, which do not go together, e.g., appear random
·Customer calls a few minutes before closing and wants several large-ticket items
·Customer shows little or no concern for return policies, manufacturer warranties and/or rebates when purchasing in large quantities


 5:21 pm on Sep 21, 2006 (gmt 0)

One lesson I always try to teach my people: always evaluate an order impassionately - don't let your greed for a big order cause you to overlook suspicious activity.

The con is in the details - everything can be "right" with an order, and it can still be wrong.


 8:18 pm on Sep 21, 2006 (gmt 0)

thanks for the input, is there any more?



 10:35 pm on Sep 21, 2006 (gmt 0)

Anything that asks for next day or 2nd day shipping automatically trips our alarms.


 3:56 am on Sep 23, 2006 (gmt 0)

Humm .. lets see

-Customer calls same day of order wanting status or repeated calls within 24-48 hours.

-Customer wants to use their own shipping account number.

-Customer is in indonesia (although since the tsunami we have had no requests)

-IP address shows different general location

-Customer sends a postal money orders (there has been a rash of fake ones and you can call the post office to verify the number)

-Credit card checks (these are often stolen)

-Discover Cards.. did you know if you do not CALL Discover and verify verbally that the billing address is valid that you are not covered for any potential charge back... no matter what your billing address confirmation shows.

We do ship internationally and to be frank .. the most frauds outside the US have been from Canada and England (no offense guys). Indonesia and Nigeria are a give-in.

Oh and if you do ship out of the US do not use Fedex.. they do not collect the duty fees and you can get a bill for their taxes if they dont pay (after the delivery they send the customer a bill.. they usually do not pay).

Also with Fedex make sure your fedex account states that the customer CANNOT change the shipping desitination. Some frauders are actually shipping to the confirmed billing address then calling fedex and having it re-routed. Not only will you get ripped off, but you will have a destination change fee on top of it.


 4:02 am on Sep 23, 2006 (gmt 0)

Customer requests tracking number so they can reroute using FedEx.


 5:13 am on Sep 23, 2006 (gmt 0)

Is it a red flag when someone's very first WebmasterWorld post asks about security?

I remember getting really freaked years ago when a brand new employee started asking questions about our firm's burglar alarm system. We were burglarized right after she quit.

fraud master

 4:57 pm on Sep 23, 2006 (gmt 0)

^^haha that does make you think!

most of the standard red flags have been listed above. watch out for weird ordering patterns. For example, someone who places multiple orders in one day or even one order each day. This stands out because usually by doing this they have to pay more in shipping which is a red flag. CAPS and lowercase are definitely a red flag, this usually indicates someone is entering multiple orders repeatedly on various sites. Fraud is a numbers game. They expect a certain amount of orders to be cancelled so the more they place the more chance they have of some shipping.

Geo location with the ip addy is of course helpful. I think everyone knows by now whatt he bad countries are. I've noticed A LOT of fraud orders with satellite ip addresses. Be very leery of those. If their using a proxy/anonymizer that is also a red flag. There are some firewalls that incorporate anonymizers and also just paranoid people who use them but its kind of like someone going into a store with a mask on. They are hiding their identity/location for some reason. Could be paranoia and security but its more likely for other reasons.

As stated above, the merchandise definitely plays a big part. Books or DVDs are very low risk. Freight shipped items like treadmills or basketball goals are low risk due to the hassle of delivery. Hard to stay udner the radar having a freight truck unload a huge item. Billing phone #'s not associated with the billing state are a red flag. Odd domain names that do not have a site up or just an udnercontruction splage. Orders with ip addresses to earthlink or AOL but the customer uses a freemail like gmail or another freemail service.

List of suspicious e-mail domains seen on a lot of fraud orders:


And I see a lot of fraud w/ gmail. I've been doing this for a while now, and I work for a very large company, only second to Amazon so if you all ahve any Q's, let me know!


 6:18 pm on Sep 23, 2006 (gmt 0)

Many of our scam attempts are for 30 of one product, a ridiculously large amount that we reject almost instantly.

Why 30?

Is 30 a lucky number in W. Africa perhaps? (never had one for 13, btw) Anyone else notice this?


 5:08 pm on Sep 25, 2006 (gmt 0)

>> the most frauds outside the US have been from Canada and England (no offense guys)

None taken.

Keep in mind it can happen anywhere. There are oganized crime groups involved with most of the fraud going on. They will set up a "temporary" apartment to receive goods, then abandon the place after they have stolen enough to make it worth while. Then move on to the next location. <this is the method the use in the USA and Canada it seems>

Unfortunately, Nigeria and Indonesia are "no ship" places for us too.


 5:10 pm on Sep 25, 2006 (gmt 0)

>>Why 30?

The only thing I can think of is that they are trying to reach a certain dollar value.

Most of our fraud attempts are for between $1000 and $2000.


 5:30 pm on Sep 25, 2006 (gmt 0)

yes, it can be a red flag if someone make their first post asking about red flags :).

However, I am worry about the tremendous amount of fraud that has occurred and would like to know more input and information so I can prevent this from happening to my company.

Thanks to all the information that everyone has provided, additional information is always appreciated.



 9:00 pm on Sep 25, 2006 (gmt 0)

>> the most frauds outside the US have been from Canada and England (no offense guys)

Not at all.
Our fraud attempt breakdown is about 85% West Africa , 5% West African names in other places, 5% Indonesia. 2% Nigerian wannabees. 3% others, including USA transshipping scam attempts.

I can't recall a single scam attempt from Canada.

BTW, we haven't lost a penny to online fraud in years. It's really a minor, but interesting, issue.


 1:32 pm on Sep 26, 2006 (gmt 0)

>>>I can't recall a single scam attempt from Canada.

I can however it was encouraged by me. I was playing along with a Nigerian scam to waste their time during our slow season. They actually Fed Ex'd a bogus $65 000 cheque which came from a Canadian address. I think the scammers in Nigeria simply have "franchisee's" here in North America to do their bidding.
Good Times :-)


 2:14 pm on Sep 26, 2006 (gmt 0)

>> the most frauds outside the US have been from Canada and England (no offense guys)

Again, none taken.

My experience (UK ecommerce site) the breakdown is 90% of fraud attempts are shipping to London, 10% to Amsterdam (though it's actually been a while since we had one from Amsterdam).

I've never had a fraudulent attempt from a UK location outside London (yet).

Then again, I work for a small company, so others in the UK may have a different take on things.


 3:31 am on Sep 27, 2006 (gmt 0)

1) This technique is sort of like a bot trap. List a high ticket item with a high street value at a price much higher than market value. When the order comes in, ban the IP. The thought is that any human shopping for this item would never buy from you - only criminals that have stolen credit cards.

2) Reject any transaction where AVS = N. Has virtually eliminated fraud.

3) Provide your int'l customer a tracking number and hold your outgoing package a few days. If the int'l customer immediately places another order, most likely fraud.


 4:18 am on Sep 27, 2006 (gmt 0)

Don't provide tracking number with FedEx, customer can reroute package without your permision.

wired in asia

 9:37 am on Sep 27, 2006 (gmt 0)

For online orders:

Monitor the IP address, but ask for country of residence and nationality.

Also get the card holders address (same as card registration).

The check on the email address (unique mail, other then hotmail etc.)

If all matches order can be valid.

As I mentioned in other threads, all customers CAN dispute sig. not present payments, regardless of amount.

This means that potentially ALL online purchases pose a liability (where no sig. has been received).

Even payments where the order has been shipped to the customers doorstep, can be disputed.

Travel: Airlines are hard hit. The booker utilizes the ticket, he/she can dispute and will win!


 9:18 pm on Sep 27, 2006 (gmt 0)

>>>>1) This technique is sort of like a bot trap. List a high ticket item with a high street value at a price much higher than market value. When the order comes in, ban the IP.\

That is fantastic. Good work.


 9:32 pm on Sep 27, 2006 (gmt 0)

Hi sun818,

What is "much" higher out of interest? 10%, 50% 2x, 3x, 10x?

Highly resellable consumer goods I assume, eg TVs?



fraud master

 9:38 pm on Sep 27, 2006 (gmt 0)

2) Reject any transaction where AVS = N. Has virtually eliminated fraud.

^^you will lose a lot of legit business by doing that. AVS should always be considered but there are many circumstances that an order could fail AVS and still be good. The customer may have moved and their issuing bank did not update with visa/mc or maybe they updated but there was a data entry error.


 9:55 pm on Oct 2, 2006 (gmt 0)

They have gotten allot smarter now,

Last month we got hit for 2 fraud orders both had the correct information for billing both were around 125 both had them sending the order to another address.

Differeent weeks both American expresss cards.

We have now begun checking the phone numbers as well as they were incorrect on them so they had all the billing but no phone number.

Crooks are going after smaller orders but I would bet more of them shippping at the same time so in effect they slip under the radar but get just as much but dont get caught as often so in effect really get more.


 4:36 am on Oct 4, 2006 (gmt 0)

My tip: remember to continue to treat any customer you suspect of fraud with respect. If you are mistaken, you won't loose the sale. If you are right, you will keep from arousing suspicion that you are on to the scammer, which may help with the investigation or prosecution.

Also, consider using a Web Service that evaluates fraud risk for you. Try a Web search for "Credit Card Fraud Detection Web Service" to find one.


 5:59 am on Oct 4, 2006 (gmt 0)

> ^^you will lose a lot of legit business by doing that.

You may be right. We do have a phone number so some customers do call us when they run into this issue.

When I did not have AVS = N, criminals would use my shopping cart to test out credit card validity. While its not a big cost for my payment gateway service, it was laborious to void fraudulent transactions.

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved