Announcement

Collapse
No announcement yet.

FraudWatch may have cost us

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • FraudWatch may have cost us

    We received an order with a FraudWatch Score of 3, indicating heightened but low risk. Here is the FraudWatch message:

    This order is slightly risky, and we suggest that you review it manually, especially for B2B transactions. The order is slightly riskier because the e-mail domain, outlook.com, is a free e-mail provider

    Shortly after the order shipped, the same customer made another purchase but the FraudWatch score is 7, warning us :

    This order is very high risk, and we suggest you not accept it. This order is risky, as it might have come from an open proxy. This order is considered to be a little higher risk because the distance between the billing address and the user's actual location is larger than expected. The order is slightly riskier because the e-mail domain, hotmail.com, is a free e-mail provider

    We usually reject orders with a FraudWatch score this high, with the exception being they sometimes appear with seller protected PayPal or with Amazon Payments.

    The high score made us curious about the first order placed and so we refreshed the FraudWatch score. It changed from 3 to 7. We knew FraudWatch was having some problems from the response to a recent trouble ticket because on a number of orders the FraudWatch score stopped showing and would not show even after refreshing several times. Here is the 3dCart response:

    "I'm sorry that you have been experiencing this inconvenience.
    The Fraudwatch not producing results is an issue we are aware of and is currently being worked on by our team.
    We do not know an eta of when this issue will be resolved but you will be notified once we have come to a resolution.
    Again, we do apologize for this inconvenience and appreciate your patience. "


    We never received a message, as promised, indicating it was producing results but we received the first order with a FraudWatch Score of 3 on 5/10/2015, the day after 3dCart support responded. We have had one other order since then where upon refreshing the result led to a changed score from 3 to 7. It turns out the scores are suspect.

    As soon as 3dCart became aware, they should have contacted everyone using FraudWatch letting them know there was an issue. They should have disabled it until it is working properly. Instead, they have allowed it to produce results that are wrong and may have cost us more than $1700.

    Be careful if you are using this plugin. The results are suspect and 3dCart's handling of this is abysmal.

    Are you affected?
    Luxlife

  • #2
    Probably not what you want to hear, but I wouldn't rely on "FraudWatch" or any plugin to vet your orders.

    There's a lot of signs you can look for that might indicate a higher risk of fraud.

    For us, we look for:

    * higher dollar orders (anything abnormally high, say twice the average order value or something).

    * If billing and shipping addresses don't match (especially for first time customers).

    * If they chose an expedited shipping method (especially overnights and 2nd days, normal customers rarely need that delivery speed).

    * If the AVS is a 'N' meaning the card processor couldn't match the billing address/zip with the card on file.

    * If the CVV2 code match fails.

    * If the shipping country is on our "watch list". For example, we don't have a lot of orders going to Cambodia, but if we get one, we're going to scrutinize it.

    * Large amounts of precious and/or recyclable metals (don't know what you sell, but if we see an order of all gold pieces shipping somewhere, we scrutinize it).

    We have a level of automation, so our order processing pipeline looks for these things and then flags orders for human review. We get far more false positives than fraud, which is just fine with us. If you are a smaller store and doing things more-or-less by hand, you will have to weigh the cost of self-insuring against fraud vs. time spent vetting orders.

    Fraud doesn't look the same to every business. Something that sets off alarm bells over here might be "business as normal" to someone else.

    Things like FraudWatch that attempt to place blanket rules over all businesses are inherently going to miss things from time to time, especially if you simply rely on it without your own judgement/review-process.

    All that said, no system will catch all fraud. You will lose some, guaranteed. All you can do is minimize the risk and impact on your business.
    Last edited by Alupis; 05-19-2015, 02:08 PM.

    Comment


    • #3
      I am actually going to cancel the module. its 10 bucks a month and it has not even been working. nor is it accurate at all. We have setup our authorize.net to have fraud filters that far surpass the fraud watch system. to me its a poor set of filters that is way over priced.

      Comment


      • #4
        Originally posted by Alupis View Post
        Probably not what you want to hear, but I wouldn't rely on "FraudWatch" or any plugin to vet your orders.

        There's a lot of signs you can look for that might indicate a higher risk of fraud.

        For us, we look for:

        * higher dollar orders (anything abnormally high, say twice the average order value or something).

        * If billing and shipping addresses don't match (especially for first time customers).

        * If they chose an expedited shipping method (especially overnights and 2nd days, normal customers rarely need that delivery speed).

        * If the AVS is a 'N' meaning the card processor couldn't match the billing address/zip with the card on file.

        * If the CVV2 code match fails.

        * If the shipping country is on our "watch list". For example, we don't have a lot of orders going to Cambodia, but if we get one, we're going to scrutinize it.

        * Large amounts of precious and/or recyclable metals (don't know what you sell, but if we see an order of all gold pieces shipping somewhere, we scrutinize it).

        We have a level of automation, so our order processing pipeline looks for these things and then flags orders for human review. We get far more false positives than fraud, which is just fine with us. If you are a smaller store and doing things more-or-less by hand, you will have to weigh the cost of self-insuring against fraud vs. time spent vetting orders.

        Fraud doesn't look the same to every business. Something that sets off alarm bells over here might be "business as normal" to someone else.

        Things like FraudWatch that attempt to place blanket rules over all businesses are inherently going to miss things from time to time, especially if you simply rely on it without your own judgement/review-process.

        All that said, no system will catch all fraud. You will lose some, guaranteed. All you can do is minimize the risk and impact on your business.
        You are missing the point. When working, FraudWatch, adds a level sophistication to the checks you use. All of those are built into most credit card processors. For example, FraudWatch will flag orders from open proxies, something that has a high probability of fraud. In fact, had it been working, it would have indicated this on the orders in question. We use FraudWatch as additional layer scrutiny and protection that with a limited scope because it only reports fraud reported by other 3dCart Merchants.

        The issue is if that when 3dCart learned the plugin wa not working they should have sent a warning to merchants using it and disabled it.
        Luxlife

        Comment


        • #5
          Everyone gets caught by credit card fraud from time to time. We manually review each order if any fraud triggers are raised by PayPal. Before sending any merchandise, we ask the buyer to verify their shipping address by scanning and emailing us a copy of a utility bill which has the buyers name and address exactly as shown on their credit card. Some buyers react angrily to this "intrusion" and then we may send the merchandise on the basis that fraudsters would likely not even reply. Most honest buyers compy with our verification request.

          This is a very clunky but FREE system for high volume sales but may be worthwhile for high value sales.

          Comment


          • #6
            Originally posted by Shorne View Post
            Everyone gets caught by credit card fraud from time to time. We manually review each order if any fraud triggers are raised by PayPal. Before sending any merchandise, we ask the buyer to verify their shipping address by scanning and emailing us a copy of a utility bill which has the buyers name and address exactly as shown on their credit card. Some buyers react angrily to this "intrusion" and then we may send the merchandise on the basis that fraudsters would likely not even reply. Most honest buyers compy with our verification request.

            This is a very clunky but FREE system for high volume sales but may be worthwhile for high value sales.

            That is a good one!

            I call and ask for the last 4 of their social even though I had no idea what it is. Then all you have to do is listen to the way they answer. Legitimate customers will spit out the numbers right away. If someones takes too long or says hold on a minute just go ahead and hang up the phone and void the order.
            Rod
            www.Bead3.com

            Comment


            • #7
              The typical warnings signs of credit card fraud - although not foolproof are:-

              A. The value of the purchase is unusually high and wanting EXPRESS delivery
              B. Sales to Pakistan, Palestine, Vietnam or any country whose citizens are not likley to able to afford the product
              C. Emails addresses like [email protected], [email protected], [email protected] and hotmail addresses
              D. PO Boxes
              E. Requests to send iems to another address other than that the registered credit card address

              If the transaction feels wrong then asking for some kind of ID by calling the buyer or emailing them, will weed out most fraudulent purchases.

              This works quicker and cheaper than other methods - at least in our case..

              Comment

              Working...
              X