Facing eCommerce Fraud Head On (and Three Tips to Manage It!)
Fraudulent orders are an unfortunate reality when it comes to eCommerce. As the industry has grown and as transactions over mobile and digital have increased, so has the complicated nature of protecting against fraudulent transactions. Since no system is perfect, we must find ways to deal with eCommerce fraud.
Recently, one of our clients found themselves dealing with fraudulent orders on a regular basis. While in the process of managing this problem, they discovered certain patterns that the fraudulent orders were exhibiting. Once they noticed these patterns, they consulted with us about the issue. We decided to create a simple custom solution for the client from the ground up.
We started with just a couple of rules that checked some of the order details to see if it matched the known patterns of fraudulent orders. If these rules were met, we simply put the order on a new custom ‘Fraud Hold’ order status. This prevented the orders from going to the warehouse for fulfillment, which had been an automated process within their implementation. They could then filter the orders by this new status, and work their way through the orders to determine if they were actually fraud or not.
Having worked well, the new Fraud Prevention module allowed them to continue to see other patterns. Not long after the initial implementation of the module, they had us add a couple additional rules, and add on the ability to ban specified IP addresses and email addresses with which they had issues. With a more robust Fraud Prevention module now in place, they had a system tailored to their specific needs that has a simple, yet extremely effective premise for their business.
Sometimes it’s a real balancing act when it comes to managing fraud solutions. You want to have your detection systems tight enough to prevent fraud, yet not too restrictive that you negatively affect your customers’ experience. Here are a few things to consider when evaluating your approach to fraud management.
- Be Aware. Look at suspicious characteristics of orders such as suspect addresses or email accounts, multiple declined transactions, or very large and unusual order values. Make sure information matches and take steps like requiring a card’s security code or requiring signatures to deter fraud.
- Use Automated Tools. Manually screening every transaction can be a huge hassle and really slow down your process. Using a tool like the one we implemented for our client will give you fast and accurate information for immediate results. Also, you may want to think about a layered approach to better address the protection you need.
- Maintain PCI Compliance. As mentioned in a previous LYONSCG post, it is your obligation to maintain a secure environment for processing, storing, or transmitting your customers’ credit card data. The requirements to do so are outlined by the Payment Card Industry Data Security Standard, or PCI DSS. By following these requirements, your customers can have confidence that they’re protected against the risks of data breaches.
If you want to learn more about how LYONSCG can help you with fraud management, please contact us.
Josh Pratt is a Senior Applications Engineer at LYONSCG. Josh has been in the eCommerce industry for seven years, and has been working with Magento full-time since 2008. In his free time, Josh enjoys disc golf and reading.