Skip to main content

Chargebacks: Assessing Fraud Risk

Jeffrey Conway
Updated

Chargebacks can occur for a number of reasons, one of which is fraud. It is your responsibility to train your staff on how to prevent fulfillment of a fraudulent order. It’s also important to remember that some orders that raise one or more “fraud caution flags” aren’t actually fraudulent, so be careful not to turn away good orders and customers!  

 

 

 

Fraud Caution Flags  

  • Card Verification Value (CVV) mismatch 
  • Address Verification System (AVS) mismatch: Address Line One; Zip Code; Billing Address  
  • High Average Ticket  
  • No Card Message or no signature  
  • Same Day Order  
  • Late night order (fraudulent orders increase at night)  
  • No coupon - those placing fraudulent orders don't care about saving money for the cardholder.  
  • Free Email Address (Gmail, Yahoo, AOL, MSN, Comcast): Look for an email address that has no apparent connection to the customer’s name 

 

Know your area and keep a list of your surrounding areas where you receive the most chargebacks from. Is this order being sent to a zip code with a history of fraudulent claims?  

 

What to Do if you Suspect Fraud 

No single factor by itself is indicative of risk; however, when a combination of factors is present during a transaction, additional scrutiny is warranted. Orders with high risk levels should be further investigated.  

 

Investigating an order with a high-risk level:  

 

  • Try calling the customer to ask a question on the order (i.e., if no card message; ask them what they want to say.)  
  • Is the phone number invalid?  
  • Did you speak to the person that is listed on the billing information? 
  • Do a reverse phone look up on a site like whitepages.com. See if the phone number is associated with another address other than the billing address listed on the order.  

If after reviewing an order and further investigating as described above you still suspect fraud, you have to make a business decision to either fulfill or cancel the order. 

 

Chargeback Dispute Process  

 

Starting in May of 2020, Edible has added another layer of protection for web orders fraud review, and Edible will require some data from the store in order to accurately identify fraud.   

 

Data: What We Ask for and Why  

Edible’s fraud detection system is based on a unique combination of machine learning and human research and input. The machine constantly searches for patterns and matches, and Edible’s team of domain experts engage in constant research into transaction data, consumer buying patterns, technological possibilities and the fraudster ecosystem, feeding that information into the system to improve it and ensure it is adapted to meet the latest fraudster techniques.  

This fraud detection system manages to achieve such a high level of accuracy in decision-making because of all the work that is carried out on the data.  There’s a huge amount of information embedded in your customers’ behavior, order details, account interactions and so on, and Edible is able to extract it and leverage it to protect your site, enabling you to trust the right customers unhesitatingly, while blocking the bad ones.  

None of this can happen without a rich, accurate data set to work on and from. Be aware that fraudsters are constantly trying out new ways to conceal their identity and act in ways associated with legitimate customers.  

 
 

 

Validation API  

This is the API which receives transaction information and sends back an “approve” or a “decline” decision. The data that the customer enters or displays at the time of transaction are extremely important in deciding whether fraud is present or not. At the point of transaction, Edible will need:  

 

  • Payment data - Edible is PCI compliant and does not collect the full PAN number. Data sent includes the card BIN (first 6 digits), last 4 digits, expiration month and year, issuing country, etc.  
  • Billing Address if it is collected as part of the checkout flow 
  • Processor Response Details such as the CVV and AVS results  
  • Order Amount  
  • Connection Information such as the user’s IP address, the browser user agent, the Forter JavaScript token cookie which is passed from the website, UserAgent, etc.  
  • Recipient information such as the recipient name, delivery address, email, and phone number  
  • Products Purchased (aka: cart items)  
  • Delivery method  
  • Discount Details  
  • Account Information  

Comments

0 comments

Article is closed for comments.