Protecting your online store against fraud

Protecting your online store against fraud

Beating credit card fraud as an online seller – tips for Australian retailers

Too many Australian online stores do not take the potential for ecommerce fraud seriously enough so do not protect themselves sufficiently. The net result is that they send much of their profits out the door as online scammers target unsuspecting sellers who do not put in place adequate deterrents. If you don’t think that planning how to protect against online fraud for your new store is important then think about this – would you leave your stock outside the front of your store at night and hope that it wouldn’t get stolen? No. So don’t leave your new online business unprotected.
The reality is that fraud happens. It happens no matter whether you’re selling offline or online. It happens to small and large retailers alike. If you know about it and do what you can to protect yourself against it, you give yourself the best chance of your new online store succeeding. Especially if you’re competing in a competitive market where every dollar counts.

Spotting fraud

In general, fraudsters tend to each have their own system which they use time and again. They have ways of identifying potential targets who they feel their exploits can be effective against.
Some of the ways that you can identify a potential fraudster are:
  • Suspicious Email Addresses: Ask yourself if the email address being used looks legit. While it’s not impossible that an honest user will have a weird email address, an address that has obviously been set up to be anonymous should raise red flags for you immediately. Look at the domain name and see if it is a “disposable” email address, a free email address like Yahoo, Hotmail or Gmail, or something that looks very unusual to you. If in doubt, it’s best to query it. One thing you can also check is whether the email address used actually works. You can do this by sending an innocent “follow up” to the order and see if it gets delivered or bounces back to you.
  • Suspicious Personal or Business Names: You may want to be more wary of people with famous names, celebrity names, one word names, or obviously fake names. If the order is placed in the name of a business, you can look it up on the Australian Business Register ( to check that it is a legitimate Australian business with the right Australian Business Number (ABN) with a matching address to where the order is going.
  • Buyers in a particular hurry: If a buyer writes to you and is in a huge hurry to get their order dispatched by you, it may be because they are using a stolen credit card that has not yet been reported stolen. Of course, that might not be the case – they might just be impatient or have an urgent need for your goods. But it is one reason to be wary. If they write to you, look at the way they write. Is their English very good? Does their email make sense? Does the reason they are in a hurry make sense? Do you have any other reason to suspect them – for example did they contact you and say not to bother sending the item with tracking (so that they can later put in a PayPal “did not receive” dispute and keep your goods and get their money back)?
  • Gift Buyers: There are many people who buy things for others – with the shipping and billing address being different. Things to ask yourself in this situation are whether the buyer and seller are in different states, and whether there’s any reason that they should be different. For example if the buyer is in the military and ordered from an Australian Government email address, sending their package to someone with the same surname back in Australia then that’s more trustworthy than someone buying a present from overseas for a random person here in Australia. Gift buyers in other countries you should be particularly wary of. There are many honest people but as a seller you need to try to work out how to sniff-out the dodgy ones as well. One reason to suspect gift buyers more is if they are a first time buyer placing a gift order with different shipping and billing addresses and requesting Express Post
  • Very large orders If you are a small home business and normally sell a product in units of 1-5, then an order of some huge number like 100 units you should be suspicious of. If they are a legitimate buyer why are they ordering so much? Provided you refund an order, you have the right under Australian law to decline an order if you are not happy with the terms provided you are doing so lawfully (see information from the ACCC at If you are not comfortable with a sale, don’t complete it.
Overall, you have to look at the big picture and determine whether you are suspicious of the buyer or not. There are no hard and fast rules here, as there are innocent explanations for the above potential fraud signs as well as dishonest ones. If multiple signs are there you should be more suspicious than if there are only one.

Dealing with Post-purchase fraud

In some industries like fashion and party goods, post-purchase return fraud is also common. This is where someone purchases your product with either the intention of returning it as “faulty” or claiming they did not receive it.
The best way to combat these types of situations is to deter them to begin with. Ways you can do this include:
  • Make it clear in your returns page that you don’t automatically accept returns and check whether a return is legitimate before paying out on it. For example if you are a fashion seller you might mention that you photograph items before they are sent out, and that items will be compared against photos if they are faulty to confirm they are a genuine fault before being processed. You might also want to ensure that returns are not accepted without a returns authorisation number, which means that people must contact you before they try to return something.
  • Photograph items before they are sent, so you can use them in a dispute
  • Send items out with tracked post so you can use the tracking number in a dispute or chargeback claim

If you are suspicious of a buyer…

If you are suspicious of a buyer and are not sure if you should send out their order then there are a number of things you can do:
  • Look up their address on Google Maps. Does the home or shipping address look legitimate to you?
  • Search for the buyer on Facebook. Most individuals these days have a Facebook account and you may be able to verify some of the key details about their account this way
  • If you are still feeling wary, send the item out tracked post so you have a tracking number in the event of a dispute. If you don’t have a tracking number and the buyer used PayPal you will always lose a dispute as PayPal use the tracking number to determine if the item was actually sent and received. In other countries the postal services have a proof of lodgement option that you can get to prove you actually posted the item even if it isn’t tracked after that, but this option is not available with Australia Post.
  • Make sure that your website is secure and that you are using a trusted ecommerce shopping cart provider like Ozcart. Your site should have the SSL protection padlock on checkout, the server it operates on should comply with the PCI DSS standards set out by the credit card industry like Visa and MasterCard and you should advertise this on your site as well. If your site is secure – tell them about it!
  • Contact the buyer. Call them to check a detail on their order and get a feel for how they respond to you. If it’s an international order or of high value you might even write to them to get them to confirm their identity with you by scanning and sending a copy of the card used to purchase from you or their driver’s license as proof of identity.

Use fraud scanning software

Most of the bank and payment gateways, and third party services like PayPal now have fraud systems built in to their processing that you can take advantage of when processing transactions. These systems have a number of fraud indicators like where the transaction was placed compared to what they told you their billing and shipping address was, where the credit card was issued versus the number on it, and a number of other factors that are used to create a risk score. Over a certain threshold and the transaction goes through but you are warned to check – over a higher threshold and the transaction is blocked. There are also third party services you can subscribe to like Maxmind (which is supported by Ozcart) to help you do this as well.

Keep track of your fraud

If you do become a victim of fraud, don’t despair. Learn from it so you can better identify these types of scams next time. You might also want to report it to the ACCC who take fraud very seriously and also maintain a website for consumers called Scamwatch (which is useful to read and digest even though you are a seller – as you will also buy things from others).
One thing you can also do is keep a spreadsheet of your fraud by postcode or region, so that when you get other orders in those areas you can be more wary of them – especially if they meet some of the other common characteristics of fraud discussed above. You can plot your fraud areas using Google Maps once you have enough data to see if there are any patterns.
In recent years the ACCC has issued annual reports on scams and online fraud in Australia. This shows statistics of fraud by state.

Being prepared

You can minimise your potential online fraud and make your business more of a success by doing the basics well and doing what you can to both remove the chances of fraud happening and deterring those looking for potential victims. If you combine this with a securely hosted ecommerce platform ,it can really give your new online store a solid platform for success.
Ozcart Ecommerce

Ozcart has been in business since 2006 and is an online, hosted shopping cart that you can use for your current or new online store. We offer so many features for the same low price. In fact, we are addicted to adding new ones to ensure that we remain one of the best choices for a shopping cart.

No Comments

Post A Comment