What is Fraud?
A fraud situation happens when credit card details are illegitimately used. It is usually caused by the theft of the card or a temporary use of the card details without notice from the owner’s attention.
The fraud comes out once the card owner makes a chargeback to his bank by stating he didn’t make a transaction appearing on his credit card statement.
When this situation occurs, the credit card company carries out some investigations and starts a process that will lead to the return of the funds to the the legitimate card holder.
Fraud is the consequence of human behavior. There is no technology that can change this type of intent. We strive to mitigate fraud risk. However, it is the merchant’s responsibility to engage and look after fraud issues. Therefore you have to go through some necessary steps to identify any potential fraudulent activity and mitigate the associated risk for your business.
PayPlug doesn’t provide an insurance against fraudulent behavior.
How PayPlug helps you to fight Fraud?
PayPlug holds the certification “PCI DSS Server - Level 2
”, which proves its compliance to the security standard. The “payment card industry data security standard
” (PCI DSS) is a security norm for the main credit card processing companies. The purpose is to protect cards data against infractions and criminal activity.
PCI DSS norm includes 12 clauses. They span many topics related to data protection. These topics noticeably include rules related to the security of the information system and the network, password management, cryptography, personal data protection, data confidentiality and data deletion after usage.
The website payplug.com makes use of the HTTPS protocol. This ensures our users that their connexions are processed with the highest level of security when processed by our servers. Our website identity can also be verified with a valid certificate.
We provide the 3D-Secure option. This feature is free of charge and can be modified from your PayPlug console.
The 3D-Secure ensures a solid protection for merchants and buyers against fraudulent usage of their credit card as it provides a second layer of security when your buyers complete a payment. This allows the credit card holder can be authentified with certainty and makes fraudsters’ life more complicated.
Identifying potential frauds?
There are several clues that can help a merchant to identify fraud attempts against his online shop. We will here introduce you to some of them.
Pay attention to your new customers:
A fraudster rarely comes back 2 times at the same place. Thus, a first purchase on your site is the right time to identify a suspicious behavior. You should be attentive to the information provided for any new customer registration on your website.
Any purchase occurring at night should raise your attention, especially if the shipping address is located in the same time gap as yours. Few people do their online shopping in the middle of the night. If you notice such a situation, this may be a fraudulent activity.
Fraudsters often tend to use fanciful email addresses without any meaning. They won’t use their daily regular email. If you notice this type of email within your customers, this should raise your attention. Make an investigation by checking the name of your customer, his address, phone number and the order’s amount.
Don’t hesitate to check here for the existence of an email address.
A fraudster wants to receive the goods he paid for, though he will avoid providing his true address and phone information. If you notice a weird phone number, this should make you suspicious.
If you have any doubt, please don’t hesitate to call your customer to verify their order and identity.
In order to hide his real identity, the fraudster will probably use a fake name and firstname. For instance, this may be a name completely different from the one used in the email address or a name for which the existence seems impossible.
Postal address different from billing address:
The postal address is usually similar to the billing address. If a banking card was fraudulently used, the person responsible will usually fill in the address of the legitimate owner in the billing field but his own personal address in the shipping fields. Indeed, his main purpose remains to receive the goods.
Postal boxes are often used by fraudsters. This is usually a convenient way to stay anonymous while safely receiving the goods. If some of your buyers want their order to be delivered to a postal box, this should be a warning and you may want to contact them for investigation.
Foreign shipping address:
If your customers are usually located in your own country and that you exceptionally receive an order for a foreign shipping address, this should raise your attention. You should check the consistency of the information.
A customer tries to modify the shipping address right after the payment:
This is a frequent approach from fraudsters. The order is processed with the correct shipping information from the card owner. However, a few hours after the payment, the merchant receives an email asking him to modify the delivery address. If you accept such a demand, you won’t have any proof that your order was shipped to the correct address. On the other side, the fraudster won’t have to fill in his own information on the payment page and bypass buyer’s protection at the bank level.
If you receive an order for an unusually high amount, this should trigger your attention as it might be the consequence of a fraudulent activity. The fraudster tries a one shot on your bank, thus buys as much as he can.
A small order followed by some orders of a bigger amount:
Fraudsters like to test the convenience of your shopping cart process. Therefore, before getting what he wants, he will start with a low amount order. If all seems fine to him, he will then try to go ahead with bigger amounts.
If a customer makes several purchases during a short time gap, this behavior should raise your attention. Some fraudsters like to buy successively on the same shop, especially if this allows them to go below the 3DS floor. For instance, if he wants to get a bunch of items that are worth 150€ while the 3DS floor is at 100€, then he will try to make 2 times 75€ in order to avoid the issue.
Moreover, some fraudsters often make multiple purchases while using each time a different card.
You receive a call asking you to temporarily remove or raise the 3DS level:
You should be vigilant if a customer calls you claiming he can’t make a purchase because of the 3DS and asking a way to bypass it. The 3DS is largely widespread and available to anyone or can be easily implemented if needed.
Fraudsters may try to make you feel guilty, claiming that the 3DS is the source of a nice sale failure. If you receive this type of call, try to keep vigilant and educate your customer about 3D-Secure. It is better to delay a transaction rather than being tricked by a fraudster.
A fraudulent purchase often includes your most pricey shipping option, for instance Express instead of regular. Indeed, the fraudster wants to receive his purchase as soon as possible and doesn’t care about the price as he is not using his own money.
What to do if I receive a fraud alert from PayPlug?
If you received a fraud alert from PayPlug, you should go on with the following steps:
Check all the information at your disposal about this purchase and try to contact your customer via phone or email.
- Verify if the customer’s name and email address match. Do they include the same names and first names as the ones appearing in the email?
- Verify the shipping address authenticity. Search on Google or the social networks. Does this information seem credible ? Is it a postal box ? Is the buyer located abroad ?
- Check if the shipping address is similar to the billing address.
- Look at the email and other contact details for this buyer in the whitepages, Google and social networks.
- Did your customer make several purchases within the same days or the last couple of days?
- Is the purchase amount significantly different from your average cart ?
If you didn’t ship the parcel yet, freeze the order until the alert is removed.
If you need any further details, please respond by email to this alert you received.
In any case, it is paramount to keep PayPlug updated by email about your next move and your communication with the customer by responding to the message you received.
In which case do you receive a Fraud alert?
PayPlug continuously implements new tools to track down and tackles fraudulent activity. Though our action should not lessen your constant vigilance, this may however be helpful to you.
You may receive a fraud alert as a consequence of one of the following situations:
- Your buyer used several credit cards to buy on your shop during a short time gap.
- Your buyer made a purchase from a country that is different from the one where his card originated.
- Your buyer encountered several failed attempts before being able to process the payment.
- The credit card has already been used for suspicious purchases on other online shops.
- A fanciful email address has been used.
- The buyer’s names is significantly different from the email spelling.
- The purchase amount is significantly different from the average shopping cart.
What to do if I identified a potential fraud?
Ask your buyer to provide a copy of his ID and his credit card:
If you have any doubt about your buyer’s real identity, you may ask him for a copy of his ID and a partial copy of his credit card. The goal is to check if the name on the credit card matches the ID’s name so that you can be sure your buyer is the real card owner. Of course, he may refuse to proceed, however this request should not be an issue if he is the legitimate card owner.
Refund the transaction as soon as possible if the purchase is confirmed as fraudulent:
If you don’t refund a fraudulent transaction, the credit card rightful owner may soon file a chargeback to his bank. The consequence will be a total refund of the purchase plus 18€ penalty levied by the card owner’s bank.
Do not ship the order as long as there are still doubts:
If you have any doubt about the legitimacy of a payment, you still have the option to put the order on hold and refund the transaction. If your buyer is legitimate and is willing to resolve the issue, you will still have the opportunity to sort this out and make him repay later.
Activate the 3DS in case of multiple fraud attempts:
Once you are targeted by a fraudster, this may be the clue for a series of several other attempts as the person responsible will try to go forward.
In order to not be dragged in a fraud spree, we advise you, as soon as a fraud is identified, to active the 3DS option starting at first euro level. This will show the fraudster that he got spotted and that action is being taken to counter his attempts.