How to identify and reduce fraud in eCommerce environment

Kelly Cullum Updated by Kelly Cullum

Suggestions to reduce eCommerce fraud

First, know how to identify it.

It is up to the business to validate each transaction but in an eCommerce environment that can be very challenging. Here are ways to identify fraud:

  • If more than two transaction declines where card number, expiration date, and card security code are not correct decline all additional attempts.
  • More than one order from a new country should be reviewed.
  • Multiple orders in a short time span (if a criminal realizes you accepted a fraudulent card they may place several orders at once or order daily for weeks before the consumer catches it).
  • Multiple orders with the same billing address but multiple shipping addresses.
  • Purchase is made from an unusual IP address.
  • Larger than normal order (if the average ticket size for the merchant is $100 and a $1000 order comes in someone should look it).
  • Inconsistent order data (zip code and city don't match or IP and email address don't match)

So, what can be done to prevent this type of activity?

  • Keep everything and anything involving your website up-to-date and tidy
    • Keep plugins up-to-date and deleted when inactive
    • Strong, hulk-like passwords
    • Scanning for malware
    • SSL is current and working this gives you the more secure HTTPS encrypting sensitive data
    • Encrypt ALL communication
  • Be PCI Compliant
  • Monitor your transactions for the activity listed above
  • Require AVS (Address Verification Service) on ALL transactions
  • Require CVV (Card Verification Value) on ALL transactions
  • Set limits on purchases
  • Be cautious with P.O. Box shipping addresses

How did we do?

Cardholder vs. Merchant Initiated