In Part 1 of this series we talked about setting a ‘pain point’ or threshold on our sales graph, a point above which we were willing to invest time to put suspicious sales through a manual inspection process. Then the suggestion was made to assign responsibility for the system to at least two people in the organization. This chapter discusses establishing an Exceptions List, controlling shipping options, and the high level criteria that set off fraud warning bells.
If there is one quick metric that can be applied to a sales order it is customer longevity. Simply put, if the suspect sale has been placed by a client with a long enough history of purchases it’s likely that the sale is valid. Again, examine your sales and determine how to define an acceptable number of sales within a specified window of time that qualifies clients for the Exceptions List.
For example, one business we worked with considered clients with multiple purchases in a window of between six and eighteen months before the current date to be safe.
For other e-merchants, there may be broad types of organizations that are excluded from the fraud prevention process. Maybe these exclusions are for purchases from public schools or top-level charity organizations. The key here is to create an exception list that removes targeted clients from the fraud prevention process with the goal of providing a smoother purchase experience for trusted accounts.
As a tip, it can be very helpful to have restrictions built into the company shipping policy. For example, don’t permit fast delivery of online orders. By restricting overnight or second-day delivery we increase our chances of recalling a shipment if it is later discovered as fraudulent.
One company offers only UPS Standard and 3-Day Select as its delivery choices for online orders, this eliminates PO Boxes or mail drops as a delivery point. Text on the site points out that other delivery methods are available on orders placed by phone.
Fraud purchases will usually select the fastest delivery permitted to increase the chances of receiving the products before the theft is noticed. PO Boxes, Pack and Ship mail drops, and overseas re-shippers are favorite delivery locations for fraudsters.
Require that all purchases over X dollars get a signature on delivery. UPS drivers can be instructed to not leave a package without a signature. They will not ask to see ID, that's not their job, but requiring a signature means your $1,000 product isn't sitting on some front step or in an apartment hallway.
The #1 all-time best suggestion for shipping rules: Fraudsters will often have the package sent to the stolen card's actual billing address to avoid suspicion. Then while the package is en-route they will contact UPS to change the ship-to address "Because I won't be home to sign for the package that day..." It is possible to disallow package redirects on goods in transit from your shipper number. This means you can't redirect packages either, but it is a strong deterrent to the very common theft by redirection.
Top Level Order Review
When examining orders that are at or above the determined order value, there are several red flags that can quickly identify problem orders:
- First-time buyers whose purchase exceeds the fraud detection minimum
- Orders where the “ship to” address is different than the “bill to” address
- Multiple attempts to purchase with several declined credit card numbers.
- Purchases to be delivered to PO Boxes or Mail Drawers
- Fast delivery is requested (Next Day Air, 2nd Day Air)
- Orders with mismatched products that can’t be used together (ex: an Apple battery for a Dell computer)
- Misspellings in state, city, street names
- Orders to be shipped overseas
- The order form has information placed in the wrong fields
These are some of the indications that a purchase should be examined for fraudulent intent. Not all instances will be fraud, for example, a bill/ship mismatch can be a gift purchase.
When the warning bells go off the first thing a merchant should do is send an email to the purchaser explaining that their order ‘has been selected for quality assurance audit’ and that ‘an agent may attempt to contact the purchaser before the package can be shipped’. Create your own email content that gets this message across, but remembers that at this stage every order must be treated as genuine and we do not want to offend the buyer.
Chapter 2 Conclusion
The points covered in this installment: Create an Exceptions List to speed known clients through the sales process. Apply controls to the shipping methods permitted on the website. And finally, a look at nine high-level indications of fraud on orders that exceed the established sales threshold.
In the next chapter of the Fraud Prevention series we will review some free tools available online to help verify sales order information.