This documentation was modified on 11/12/2020.
Unfortunately, the Internet is not always a safe place, and fraudulent orders are becoming increasingly common. Here are some red flags to watch out for, as well as simple steps you can take to verify suspicious orders.
If you suspect an order is fraudulent, please also check the Fraud Report here: https://www.bookweb.org/fraud-report
Red Flags:
-
Suspicious IP Address - See below for more information on this new check.
-
Ship-to and Bill-to addresses do not match. Pay attention to different ship to/bill to addresses, in particular those that are the same except for zip code.
-
Order is from a customer you do not recognize, who is not in your area
-
Ship-to address appears to be fake (use an address verification tool to confirm)
-
Store pickup order with an out-of-state billing address (check the customer’s ID when they come to pick up the order)
-
The customer requests expedited shipping (they're worried the stolen credit card will be discovered before their order ships)
-
The email address does not match either name on the Ship-to or Bill-to addresses.
-
Unusual and nonsensical email addresses, not in a creative sort of way, more like computer generated; in particular, pay attention to email addresses that have no connection to any of the billing or shipping data in the order. Examples: [email protected], [email protected], [email protected]
-
The phone number has an area code which does not match the billing address
-
Customer's IP address is not in your area
-
Customer's IP address does not match Ship-to or Bill-to location
-
Order was placed by a new customer on your site (click the customer number to see how old their account is)
-
The order is for one or more very expensive items. The "customer " will often attempt to place the order via email or phone which bypasses your website's fraud security measures. Be extra cautious when it's a textbook puchase from an out of state customer or a customer who has not placed an order with your store before.
-
The order is for popular ‘boxed sets’, books in a series, popular titles etc.
-
The order has several failed credit card authorizations before one finally approves
Suspicious IP Address
This new check analyzes the IP address that placed an order to determine what type of company it belongs to and how it is used. Our team has been studying patterns of fraud across the IndieCommerce/IndieLite network, and one of the most reliable red flags has turned out to be the nature of the IP address that placed the order.
If the system thinks the IP address is suspicious based on this check, the following steps will be taken:
-
A red message will be added to the top of the screen.
-
This message will identify the company that owns the IP address as well as the type of address, which provides more information about why we think it is suspicious.
-
Suspicious orders cannot be processed via bulk processing.
If you determine that a suspicious order is legitimate, you can still process it through the order page; however, use a very high degree of caution with these orders
Types of Suspicious IP addresses
-
Proxy - Proxy services are used to cloak a user's true IP address. Because it is not possible to know where the traffic actually originates from, they are often used to commit fraud.
-
VPN - Virtual Private Networks are used to conceal one's IP address and activity online. In addition to concealing one's true IP, they also encrypt all traffic. While they may be used by legitimate, privacy-conscious customers, they are also abused to commit fraud.
-
Tor - Tor also conceals a user's IP address and encrypts their traffic, but while VPNs are run by companies who provide a paid service, Tor is a distributed technology that is not owned by anyone.
-
Hosting - Hosting services are generally run by reputable companies, but fraudsters take advantage of these companies' good reputations by using their service to create a proxy. These IP addresses are meant to host websites, not provide internet access, so orders placed from hosting IPs are inherently suspicious.
If one or more of these red flags appear on an order, we recommend that you take the following steps:
-
Check the Fraud Report here: https://www.bookweb.org/fraud-report. Read this report ASAP! Please note that data is not available for analysis by our team until the morning after the order date.
-
Check the order to see if the ABA staff has added an Admin Comment warning of fraud. In some (but not) all cases, we have been able to add these warnings before an order has been completed.
-
Attempt to contact the customer by phone. You should use the phone number reported with the Bill-to address. A legitimate customer will appreciate the phone call to verify the order. Fraudulent orders will likely use out-of-service or continually busy phone numbers.
-
Attempt to contact the recipient by phone. The recipient might not be aware of any fraud and may help confirm if the order is indeed fraudulent.
-
Get a phone number for the customer on all orders. If this customer is not known to you, check to see how long they have been a customer as well as their order history by clicking on the customer number link in the customer info box.
-
If you have not already made 'Phone Number' a required field we highly recommend you do so. Visit: Store > Configuration > Countries & Addresses > Address Fields, then select 'Required' for 'Phone Number" and 'Save Configuration'.
-
If you suspect an order is fraudulent, simply mark it as Payment Received and wait a few days to hear from the legitimate owner of the card before shipping the order. Payment Received orders can always be canceled/refunded, and you will not yet have shipped the book if the order turns out to be fraudulent.
-
Each staff member should have their own login to your website, that way, if a fraudulent order does get processed you can make sure they are aware of what to look for. Not sure how to assign them their own login? Review 'Adding New Administrators'
-
Utilize the Booksellers Forum to connect with your peers and see how they handle fraud orders.
-
Check the IP address used to place the order for risk assessment at these websites: https://scamalytics.com/ip; and https://www.ipqualityscore.com/free-ip-lookup-proxy-vpn-test. Please do this particularly if the IP address shows a different geographical location from the billing or shipping locations, or shows no location.
-
Check the order to see if the credit card authorization had address mismatches or declines before being approved.
-
Report all suspicious activity to the IndieCommerce team so we can track fraudulent activity.
-
If you cancel an order because of fraud, use the "Canceled - Fraud" order status to mark it. This will help you, and us, track incidences of fraud. It also creates a paper trail for you to refer to in the event a customer or financial institution contacts you about a charge or an unfulfilled order. As before, we also recommend adding notes to the Admin Comments section so that store staff know more details about the order in question.
If you suspect an order is fraudulent please Immediately email [email protected] with the order information and we will investigate further. Each fraudulent order that is reported allows us to possibly stop fraud on your website as well as throughout the entire IndieCommerce network.