incrediBILL - 7:27 pm on Nov 2, 2007 (gmt 0)

Those that say leave the customer alone have obviously never lost a 2K order to fraud.

CALL - did it for years on large orders and tell them your doing it "for security purposes" to make sure it wasn't an unauthorized charge. Most people were thrilled about the extra level of customer support because you can also inform them WHEN it will ship and WHEN it will arrive!

HOWEVER, make sure the whole order smells right as just calling to check that the phone # is valid isn't enought because it could be a stolen or throw away cell phone.

More thorough validation for larger orders is easily done starting with the following:

1. Use GeoIP to confirm the IP address that placed the order is near where they live

2. Look at the email address too, as many fraudsters use out of country email accounts to avoid that nasty subpoena, so checking the location of the email service provider is another clue.

For instance, I've seen an IP from Singapore with an email account in France ordering something for Los Angeles - my alarms went off right away.

3. Look in Google for the name + city and see if they show up with the same name, address and phone #

4. Call information at (AREA CODE)+555-1212 and ask to confirm the name, address and phone # match because Google could be out of date ;)

Doing both #3 and #4 might sound redundant but it confirms some history as I've seen a stolen VISA DEBIT card work where the thief looked up the customers 6 month old PRIOR address in Google and the AVS system still accepted the charge although the customer hadn't lived in that address for 6 months.

5. If everything looks good, call the customer to confirm the order is valid and give them a shipping date and thank them for ordering.

3-5 minutes doing those simple checks could save you thousands in losses.

YMMV.