Preventing Fraudulent Orders From Bots and Stolen Payment Details

Preventing Fraudulent Orders From Bots and Stolen Payment Details

It’s the one thing that eCommerce companies can’t escape … chargebacks! Fraudulent orders are the leading nuisance for any online brand, but there are measures that can be taken to mitigate payment fraud and automatically identify risky orders.

Fraud prevention experts typically recommend keeping chargeback rates below 3%, so if your current dispute rate is higher than 3%, we would encourage an overhaul of your order review process. Let’s look at some of the best ways to understand payment risk.

1. Check The IP Address

All orders have an IP address so it’s the best place to start analyzing an order. There are a handful of nopCommerce extensions and online tools which can enrich the IP address with the user’s location as well as the type of IP address.

If the IP’s location does not match the billing country or city, then it could be a sign that the order may have been submitted with stolen user details. Similarly, if the location is a match but the IP address looks like a hosting provider IP address, then it is likely a VPN - which could be used to mask the user’s true location.

Be aware that sophisticated fraudsters may even use very clean residential or mobile IP addresses to mask the location.

2. Lets Analyze the Email Address

The order’s email address is another great indicator of payment quality. Ideally, we are looking for a valid email at a free mail service like gmail.com, hotmail.com, yahoo.com, etc. Emails that are part of temporary and disposable email services are certainly a red flag and should always have their orders placed on hold for further verification.

As fraudsters continue to innovate and use more advanced tactics, we have seen an increase in fraudulent orders with valid gmail.com emails and similar free mail provider addresses. Using a third-party email reputation service is recommended for additional insight into the email’s quality, such as how long the email has existed and if any abuse has previously been reported.

3. Location Matching

The billing and shipping details can provide good quality signals as well, especially if the name and address match both values. It’s probably no surprise that most fraudulent orders will have a different shipping address and possibly a different name than the billing details.

There are some exceptions though as it can get fairly tricky though when a parent is ordering an item for a child away at college, or a grandparent may be sending their grandchildren a holiday present in another part of the world. Depending on your store’s level of fraud, you may want to perform additional verification on the user if there is a significant location difference between the billing and shipping details.

Putting It All Together

The IPQualityScore fraud prevention extension for nopCommerce makes it easy to enable fraud prevention with just a few clicks. Simply add this plugin to your store and enter your API key to enable real-time protection and gain insight into IP address and email address quality.

  1. Enter your IPQualityScore API key into the extension settings or create a free account to get your API key.
  2. Enable order scoring on the IPQS nopCommerce extension settings and optionally enable IP reputation checks on any page of your site.
  3. Continue operations normal as high-risk orders are automatically canceled or set for review.
Leave your comment