I’ve started running my own ecommerce store using wordpress and woocommerce. The site was initially accepting payments using paypal only, but after reading some good reviews about using stripe to receive credit card*, I’ve decided to add it to my ecommerce store.
All was good for a while, and sales were coming in from both paypal and stripe. However, the bad news is, I found out too late later that one of the order was actually made using a credit card that was stolen to purchase goods on my store, and was disputed as a chargeback. Not only did I lost money on the order (goods were delivered), there’s also a chargeback processing fee which kinda feels like adding salt to the wound.
There were a few things which I’ve learnt from this experience, and I’m sharing it just so that any ecommerce store owner know how they could minimise their risk dealing with fraud charges.
Unusual Order Size
The first red light was the fraudster orders 4 items in 1 order. Based on previous sales history, the usual order size is 1-2 items per order. If someone suddenly order unordinary volume of items/products, don’t be too happy too fast as it could be ordered using a fraud card. You have to do your due diligence first, which brings me to my next point.
Call the Customer
Ring the customer and see if they are aware of what they’ve ordered. If the phone number doesn’t connect, that smells fishy already! Fraudsters usually use invalid phone numbers where there’s no owner actually using that number. If you think about it, the fraudster wouldn’t want put in a random working phone number as that will lead to a real person picking up the phone and saying that they didn’t put in the order.
Don’t just count on email
Why don’t you just email them, you may ask? Emailing the customer and getting a reply doesn’t mean much except proving that the email address is valid and works. However, it doesn’t prove that the real card owner has anything to do with that email address. The fraudster will obviously still use (or should i say, hide behind) a working email address so they appear legit and reachable in case you decided to email them.
Enable Stripe’s CVC and Zip Code Verification Check
Stripe has the option of doing a check on the credit card being used to see if the card’s CVC and billing address matches those of the real owner’s. CVC is pretty easy to cheat (as it’s printed on the physical card) but not so for the address. Fraudsters will usually ship to a different address rather than the real owner’s address and that’s when a charge should be blocked.
* paypal actually accepts credit card too. I’ve decided to add stripe because unlike paypal, it allows users to enter their credit card details on my ecommerce site and finish the transaction there. Stripe’s fees is also lower (for low volume sellers) compared to paypal’s:
Stripe = 1.75%+$0.30
Paypal = 2.0~2.6%+$0.30 and down to 1.5%+$0.30 when monthly sales exceeds $15k.
If you have dealt with fraud and have more tips on fraud prevention, please share your comments below.