Comment by pitched
2 years ago
I’ve heard that a lot of Shopify sites will have the auto credit card processing disabled for new orders. So that a real person can validate the order before hitting Stripe or whoever with it. Fraud orders are usually easy to spot by shipping addresses and you can get a good sense for it pretty quickly. It isn’t quite chicken sexing!
Maybe the hot take here is that the best way to ruin your own business is to automate credit cards?
"Fraud orders are usually easy to spot by shipping addresses"
You can find some of these by searching the shipping address and seeing if it's a freight forwarder or an obviously vacant home (listed on MLS with empty room pictures). Those kinds of shipping addresses have a pretty high fraud rates.
But, if you mean seeing that the shipping address doesn't match the billing address on the card via AVS... That's trickier, especially for B2B spaces where a business owner buys with a credit card tied to their home address, but ships to their business.
> You can find some of these by searching the shipping address and seeing if it's a freight forwarder
Am a legitimate user of a freight forwarder, this attitude makes me sad.
It's not really an attitude. I get that legitimate orders go that direction too. It's a flag to check into the order further. Same for vacant-looking addresses, mail-shop boxes, and so on...many are legit orders, many aren't.
With credit card fraud, the merchant holds 100% of the liability. They lose the item they shipped, the shipping costs, the associated revenue, then some chargeback fees on top too. So, they check on things that could be fraud.
3 replies →
I would assume the payment provider should handle those analytics, not the vendor
Outside of 3DS, they aren't liable for the fraud. So there's an incentive problem. They also don't have all the context. Their APIs generally want the billing address and don't have a provision to pass the shipping address...as one example. It's not the only piece of context they don't have and don't have a way to pass.
Or maybe these processors should train an AI to find whatever pattern you are describing.
That's sort of the problem - Payment processors know that fraud is occuring, and they punish the business owner.
Yes, in an ideal world, they would find the fraudster and lock them up. But that’s not feasible and they need something to happen. Punishing the business owner makes no sense in many cases (like this one; you are not going to try to fraud your own system after 7 years of no issues), but that’s the only one they can get to.