We’re a B2B and B2C company, and are constantly playing a cat and mouse game to stop fraudulent card orders. If anyone is willing to share best practices, I’d love to learn.
There are more instances of ‘duplicate’ website-created customer accounts with the same name / email / phone / address, but with different fraudulent credit cards.
We’ve added a Customer.DNS_c (Do Not Sell) boolean UD code, and I’m seeing if we can leverage this to flag new attempts with similar emails, phones, or addresses. We’ll have to integrate that with our web orders as well, and possibly credit card processor.
We’re also now flagging credit card orders where BillTo and ShipTo don’t match for manual review by the credit department.
Epicor has the native duplicate finder on new contacts, but we’d like to do more.
Please share, I hope to learn some good best practices!
I have been out of the ecommerce game for ~4 years but I do have experience with this.
The companies I had worked for in the past had their own branded website alongside merchant accounts on the major marketplaces like Amazon, eBay, WalMart etc. Most online marketplaces take the responsibility of fraud protection off of the merchant and handle it themselves. Company branded websites usually do not come with the same protections.
Normally, the orders from the branded site were a fraction of those from the big marketplaces. This contributed to the decision to simply not process CC orders on our own site that did not meet strict criteria (bill to / ship to matching being one of them) and send a message asking them to resubmit the order with a different method of payment like PayPal or something else that offered inherent protection against these kinds of things.
This of course resulted in us missing out on a non-zero amount of legitimate orders, but I suppose this is a risk/reward situation that needs to be evaluated on an individual basis. For us we decided it wasn’t worth it to even entertain the idea of filling an order that on paper seemed the slightest bit suspicious and posed any risk.
We do business on Amazon, and that’s been clean. Unfortunately, the online marketplaces have pretty high additional costs as well. Our own e-commerce site is where the bulk of fraud attempts arrive. We do accept Paypal, but that’s a very small % of orders.
Anyone running Epicor Commerce Connect (ECC) on Magento2? We’re also on Magento2. I wonder what improvements we can make there…