Announcement

Collapse
No announcement yet.

How good is Fraudwatch?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • How good is Fraudwatch?

    Or more specifically, does anyone know which pieces of order data it analyzes?

    I'm usually pretty good at sniffing out sketchy orders using a collection of tools that I've accumulated over the years and just plain old gut feel. I have an order that my instincts are telling me is a possible fraud, yet Fraudwatch scores it as a zero risk. The AVS is clean, but here are the things that are catching my attention:

    - Different billing & shipping address (separated by 60 mi)
    - IP address near shipping address
    - Both billing/shipping phone #'s are cell phones , neither located near billing address.
    - Name of recipient not found to be located at either address
    - No online activity found for email address - possibly new
    - No previous order history
    - No land line listed at the billing address for us to call and confirm with the card holder

    My understanding is that the zero risk score is there because another merchant shipped an order to this customer without a fraud incident. Based on this, here are the questions I would have:

    - Is there a grace period between when the "good" order was placed and the score was created? In other words, is there time allotted in between when the "good" order is placed and the score is updated in which a possible fraud could be identified?
    - Can I assume that both the billing and shipping addresses were the same on the previous (good) order as they are on mine? In other words, if a customer places a legitimate order (shipped to their billing address) and a fraudster obtains their info and places a new order shipped to a different address, would Fraudwatch identify this?
    - Does Fraudwatch check the email address of the "good" order and compare it to the new order before awarding a risk score?
    - Ditto for phone numbers? IP addresses, etc?

  • #2
    I think I can help on the FraudWatch questions, but first a couple counter points to and questions about your concerns.

    None of my peers have a home phone number, only cell phones. I don't think there is any room for phone number to have a role in identifying fraud. It just doesn't make sense in 2015.

    How were you able to determine "Name of recipient not found to be located at either address" and "No online activity found for email address - possibly new?"

    What are you referring to when you say "good order?" Do you mean an order placed on a different 3D Cart store?
    - Dean P. e-commerce and small business consulting

    Comment


    • #3
      Originally posted by DeanP View Post
      I think I can help on the FraudWatch questions, but first a couple counter points to and questions about your concerns.

      None of my peers have a home phone number, only cell phones. I don't think there is any room for phone number to have a role in identifying fraud. It just doesn't make sense in 2015.

      How were you able to determine "Name of recipient not found to be located at either address" and "No online activity found for email address - possibly new?"

      What are you referring to when you say "good order?" Do you mean an order placed on a different 3D Cart store?
      Thanks for your reply.

      I have to respectfully disagree with your first point though - The majority of our customers do have land lines and it is one of the easiest and most reliable ways for us to identify whether or not the person listed in the billing info actually placed the order. This info isn't always available, though. A fair number of customers only have mobile numbers while others may have an unlisted residential land line. Even if it is a mobile number, there are tools available that can (in some cases) identify the name of the person that the mobile account is listed under.

      As far as determining a customer's residential address history or the history of occupants for a given address, there are numerous tools available for this - same for the email address.

      By a "good order" I am referring to the Community Alert section of Fraudwatch. If another merchant has taken an order for this particular customer, it will show up here as being either good (green) or bad (red) depending on whether or not it was fraudulent.

      Since I had posted this originally, I have had the chance to do some more research. I found out that this is a home-grown 3DCart thing, not a third party service. The data you seen in the Community Alert section is only taken from other 3DCart merchants, so I would have to say that it's effectiveness is limited at best. Case in point - the vast majority of the orders we see have a yellow alert (no information available). I did contact 3DCart to get more information about how this service works, but support knew almost nothing about it, even having to put me on hold while they asked around the office about whether this was a service they created in house or whether it was a third party add-on.

      Comment


      • #4
        Right, the latter portion of your reply is what I was going to say - about it being a 3Dcart-only community tool.

        I can't imagine you would need to be concerned about any sort of grace period between orders. If you're worried about a customer placing a legitimate order someone out there on another 3D Cart store (generating the green community alert icon), and then a fraudster accessing that customer's account and placing a bogus order on your store (generating the FraudWatch score) - I don't believe that is a probable scenario. Stealing someone's account on a little 3D Cart store isn't the type of fraud that happens in the world today.

        IP addresses and phone numbers are not reliable indicators of someone's identity because neither are permanent. Instead, they might be used for geolocation - moreso with the IP and the phone number. Email is temporary too, but it's a better indicator of a unique / repeat customer than most any other tool, aside from cookies or payment data, and neither of those are likely to be recognized by 3DCart anyway.
        - Dean P. e-commerce and small business consulting

        Comment


        • #5
          I have said for years that the fraud check systems need to take into account the amount of the order. If it is a $100 or $200 order you do not need to be as cautious as a $5000 order. You also need to be more cautious with items which are more fraud prone.
          Many years ago I used a scoring system which rated the various variables - such as phone number, free email address, AVS check, product purchased, if they asked for express shipping and so on. At the time we were shipping worldwide and some items were in the $5,000-10,000 range. By being more cautious as the price tag went up we were able to keep fraud to a minimum.
          When using any fraud detection system you have to first set your limits - at what point do you need more than a regular automated system? At what point to you even need to worry about fraud?
          Rob

          Comment

          Working...
          X