How to write my E-Commerce and Fraud Protection Tips document
E-Commerce Tips for Client
Use designated account for Internet orders (check with clients bank for restrictions). 90% of fraudulent orders come from free e-mail addresses. You may want to consider refusing credit card orders from customers using free e-mail or manually verify orders. There is a higher risk for non-tangibles (software, etc).
Subscription services are high risk. Verify manually if "bill to" and "ship to" are different. Use a traceable shipping method. Use manual credit card processing with AVS verification for least risk.
Inform customer who the charge on their credit card will come from when they look at their monthly statement in the HTML and e-mailed receipts. International orders are high risk. Request phone # on back of card and manually verify. Once the product is out of the country, it’s gone.
Phone the customer back on large orders, especially on 2nd day or overnight shipping. Manually verify orders and consider getting a signed slip even by postal mail for large orders, high dollar orders and orders that fall out side the normal pattern of clients customers. Most fraud will fit a pattern that deviates from that of the average legitimate customer.
If you take Internet checks, consider using the iCheck service. Be wary of breaking policies for customers on payment issues, it can be a fraudulent order (i.e. shipping to a 3rd party address that doesn’t match the credit card billing address because it is a gift) or sending a product before payment clears because it is "very urgent". The merchant is most at risk for Internet fraud and charge backs since there is no signature. Try to get backup information.
Only give free offers and bonuses upon receipt of a completed warranty card or get customer receipt confirmation another way. Resolve problems when possible in favor of your customer, it reduces the chances of negative word of mouth advertising. Block on-line orders from high fraud domains for digitally delivered products and services.
For example, do not allow orders for a download product sent to hotmail.com, yahoo.com addresses. Keep a block list of high fraud domains. Block on-line orders from high fraud IP address blocks.
Most fraudulent orders come from foreign web servers. Consider blocking all orders from known high fraud IP address blocks such as those assigned to Asian web servers in Malaysia and Indonesia, Nigeria, etc. The fraud may not originate from those servers, they are frequently hijacked from other locations.
Use a credit card processor that allows verification of the CVV2 credit card security id code which is printed in the back of most credit cards. This will not always guarantee the order is legitimate, however it will add an extra layer of protection. Beware using shopping cart systems which do not have good security systems built in.
For example, one of our partners setup a Yahoo! Shopping cart and immediately after going on-line and the store was announced, their fraud rate for digitally delivered products was 50%. Design your e-commerce system with fraud attempts in mind. You will be hit with a considerable amount of fraudulent order attempts for certain types of products, especially digitally delivered products and services.
Design your shopping cart to track orders real time with a multi-page order form and gather IP Addresses. Used in conjunction with free e-mail and IP address blocking you can spot and stop many fraud attempts real-time as they are occurring by analyzing the order information as it comes in before the payment page is submitted. If you are performing services for clients who are paying by credit card, have them sign off on the acceptance of the project in writing and include their partial credit card number on the acceptance form. This can prevent a customer from trying to chargeback services.
The credit card company will almost always side with the customer if you do not have a signature.