The problem typically stems from an over-reliance on the basic fraud filters that are often part of e-commerce platforms or payment gateways. Because merchants may not feel they have the expertise to accurately identify fraudulent transactions, they turn on these fraud filters and let the filters do all the fraud detection heavy lifting.
Fraud filters work by analyzing incoming orders based on pre-determined “rules”. These rules assess the likelihood that a transaction is fraudulent. If any aspect of the transaction is suspicious, the fraud filter will raise a red flag and the transaction will be automatically declined.
Let’s dive into these possible reasons why orders might look like fraud.
1. A Large Order from a First-Time Visitor
First-time customers who place a large order typically set off alarm bells for fraud prevention systems. Why? Because once a carder has tested a stolen card number and verified that the information is good, that carder wants to move fast and steal as much as possible, as quickly as possible, before moving on to the next unsuspecting store.
2. A Large Order from a Suspect Country
Certain countries account for a high volume of fraudulent online purchases. Overly cautious merchants may set their fraud systems to automatically deny all orders coming from these high-risk countries, particularly large orders (see #1 above).
3. A Shopper Makes a Sudden Purchase
As we’ve said, carders tend to make their purchases quickly: they get in, grab the goods, and get out. Legitimate customers, meanwhile, tend to spend time browsing on a website before making a purchase. For this reason, fraud filters don’t like impulsive shoppers.
4. Billing and Shipping Addresses Don’t Match
Carders will often make a purchase with a stolen credit card and have the order shipped to an address other than the billing address on the card. To catch you, most fraud filters will run a basic Address Verification Service (AVS) check to see if the billing and shipping addresses match. An AVS mismatch can cause an order to be flagged and declined.
5. IP Address Doesn’t Match the Billing Address
A carders will typically place an order from a location other than the billing address. Therefore, if the IP address of the computer that generated the order does not match the billing address of the credit card used, this can be an indicator of fraud.
6. Overzealous Payment Processors
Even once a merchant’s fraud system has approved an order, the transaction must still go through multiple steps in the payment chain as it is processed—including a payment gateway, payment processor, card network, and card issuing bank. Each player in this payment chain will have its own methods for detecting fraud. Until the money has been safely deposited into the merchant’s account, the transaction can still be declined at any point in this chain.
Notably, because of the well-known data breaches that have plagued the payments industry in recent years, many vendors in the industry are actively tightening their approach to fraud detection. Even the smallest issue could cause a transaction to be rejected outright. The merchant may receive a response code that indicates the reason for the decline, but these codes are often vague—which can be frustrating for everyone.
Yes, that’s right: fraud filters still play a role in detecting e-commerce fraud. But they are not the only tool in the seller’s toolbox. Most often, they use an automated approach to scan incoming orders in order to detect signs of possible fraud, so that these suspicious orders can be further examined to verify whether the order is actually fraudulent or legal