homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

Fraud detection!
What systems can we create that will help us to combat potential fraud

 11:17 am on May 18, 2004 (gmt 0)

I was thinking about introducing triggers into to my software which will be created in PHP that would show up as red flags after an order has been placed if the order meets any of the criteria. So I wanted to open it up in a discussion so that we can all share the practices and hopefully it helps all of us to build in better filters to minimise fraud as much as possible.

Here are mine!

Trigger a warning if

(1)The shipping address is different to the credit card address
(2)Is it an international order
(3)International shipping address
(4)If the order is from X country (Have a table to which it references against a country with a severity
1 = relatively safe
2 = cautious Need to verify name and address before shipping
3 Verify user by phone and also ensure money is in the account using other methods
apart from cheque and CC)
4= Nigeria (Just do not ship!)

What other triggers can people think of?

Obviously the more triggers that an order produces the more careful one would have to be



 3:37 pm on May 18, 2004 (gmt 0)

Funny...and SO correct:
4= Nigeria (Just do not ship!)

1)large dollar amount
2)want express shipping
3)Purchase of certain high risk, easily re-saleable products
4)ship to certain high risk cities (in U.S.): Miami
5)ship to address of freight forwarders (get a file of them)

By the way, I certainly wouldn't reject all orders with different ship and bill addresses. My main cc is billed to my business but stuff is often shipped to my home. (or visa versa in some cases)


 3:49 pm on May 18, 2004 (gmt 0)

Different shipping and billing addresses may raise a red flag with large order amounts for unprotected merchants.


 4:16 pm on May 18, 2004 (gmt 0)

You should track the IP address that the order was placed from.

Multiple orders from the same IP with different information should raise a flag. Multiple orders with the same ship to but different bill-to and/or credit cards should raise a flag.

Watch for order "velocity" also -- repeated attempts to place an order from a given IP address within "x" minutes should raise a flag.

Orders placed from an IP address not in the same country as the bill-to or ship-to should raise a flag (you'll need the ability to determine country from IP address - search the web and you'll find ways to do that).

Note that with IP address flagging, you'll have problems with AOL customers - every page hit from AOL can come from a different address even though it's the same customer.

An e-mail address with a free provider (yahoo, msn, etc.) should raise a flag.

Require a phone number with all orders. An order where the area code doesn't match the same area as the bill-to should raise a flag.

Require CVV for all orders. That eliminates a lot of fraud right there.

Require AVS match for all orders. Easier to fake than CVV but still will filter a good deal of fraud.


 4:41 pm on May 18, 2004 (gmt 0)

Many customers don't know that they can set up an alternate shipping address with their bank/card carrier for convenience, gifts, etc. Merchants can then verify the alternate address with the bank when customer wants it shipped to other than the billing address.

Dont' know if this can be done automatically though as I call the issuing bank on every order over $250 and, so far (7 years), haven't shipped a fraudulent order.

Goes without saying, just dump all those Nigerian orders that just love your stuff and can't "wait" to get it ASAP.


 4:57 pm on May 18, 2004 (gmt 0)

i did something similiar to the triggers, but instead of having a warning for each individual item, I assigned a point value to certain indicators, which is very simliar to the point system you assigned to the triggers. All the point values are added up and a fraud score is assigned to the order and rating of low medium or high is given to the fraud score. I've only been using it a short time, so I can't say how effective it has been. Although it has flagged a few orders and caused me to look closer at some that I never would have thought to be suspect before.

two triggers I use is to search the previous orders to see if email address was used before but with a different name. I also search previous orders to see if cc number was used before with a different name.


 6:05 pm on May 23, 2004 (gmt 0)

guys, we do sell downloadable software, how should we protect ourself?
Problem with IP is that mostly they are using dial up AOL, so it doesn't show real destination and we can block the IP, because it will be different next time.


 8:19 pm on May 26, 2004 (gmt 0)

We have just received a US order with matching billing and shipping, AVS all match up, requesting overnight shipping to a freight forwarder address.

Should I ship?



 9:07 pm on May 26, 2004 (gmt 0)

If its a Visa and you have VbV....


 9:31 pm on May 26, 2004 (gmt 0)

it is a discover, avs, cvv, billing, shipping... all match..


 7:08 am on May 27, 2004 (gmt 0)

where can i obtain the file with a list of freight forwarder in US?


 7:27 am on May 27, 2004 (gmt 0)

I don't know of any single source. They tend to be in port cities such as Miami. You'd need to make your own list. Most forwarders have websites. If you get a questionable order, look up the ship-to address on the web to see if it is a forwarder.


 4:33 pm on May 27, 2004 (gmt 0)

Are there sites that allow you to get credit card addresses, if you have the cc and exp date?

That way you can compare against bill/ship to addresses.


 4:47 pm on May 27, 2004 (gmt 0)

> Are there sites that allow you to get credit card addresses, if you have the cc and exp date?

No. AVS is the best matching system available at the moment for this purpose.


 11:25 pm on May 27, 2004 (gmt 0)

For suspicious orders, we usually get the issuing bank's number and call to check the name and address with them. We've found that to be much more accurate than a basic AVS check.

For Discover cards, we call their authorization and verification line.

wifi on the fly

 11:53 pm on May 27, 2004 (gmt 0)

I make my guys follow these rules.

The billing address fails, decline the order. Cheaper than a chargeback.

If it is overseas - decline it, no way to go after people just doing a chargeback because.

Those are the basic rules. The only time I ever got burnt was for a $1300 item. Everything checked out. I even called the credit card company and verified it wasn't a hot card. Shipped the item and then got a chargeback months later. It turns out a fella from FL stole an old timers credit card statement from TN and had everything changed including the billing. From there he went nuts.

Other than that we have been extremely lucky with chargebacks. And on the chargebacks we do get that are from legit people and we have indeed shipped the items, we send them right to collections with chargeback fees. I got so sick of taking the chargebacks and losing the fees, collections was the only way to go.


 12:23 am on May 28, 2004 (gmt 0)

Interesting. I ship to addresses different than billing addresses all the time. Probably a good 10-15% of my orders come that way. Women order clothing and want it shipped to work instead of home. Or, men buy clothing for their significant others.

I've never really had a fraud problem through that route. A lot has to do with the nature of your products.

If it isn't something that has a ready resale market, you should see less fraud. I would say that jewelry, electronics and that sort of easily fencable item are a whole different animal.


Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved