Implementing stringent security measures is essential for preventing fraudulent purchases and safeguarding the integrity of online transactions.
People regularly shop online these days on e-commerce sites because of convenience. There is a huge variety of items, more than what you can find in a physical store. The large number of sellers also means you can get just about anything such as food, clothes, electronics, kitchenware, car accessories and so much more. E-commerce sites require customers to create an account which is linked to a registered email address. Online merchants treat a single email address as an individual customer.
If a fraudster tries to buy multiple items in quick succession, it will usually trigger a fraud alert on the merchant side. Very soon, that fraudster’s account would be suspended and that will be the end of their crime spree.
That is, until the fraudster signs up for a new email address and creates a new account on that online store. This means that the fraudsters can keep coming back for more with a different email address. They can even attempt multiple purchases at the same time using a multitude of email addresses.
Fortunately, the merchants can utilize some fraud detection strategies to mitigate these fraud attempts. Let’s explore the problems and solutions below.
First problem – Free email providers
The first place that fraudsters turn to would be a free email provider like Gmail, Outlook or Yahoo when trying to sign up for new free emails. Online merchants can easily flag such emails for order verification if they are a small and medium-sized business. But what if the store routinely handles hundreds or thousands of orders per hour? It would be next to impossible to perform order verification on all of them manually.
Second problem – Disposable email providers
Similar to the free email providers, disposable email providers cause even more issues for e-commerce sites. The fraudsters don’t even have to sign up to use a disposable email address. With just a single click, they can generate a new random username with a list of different domain names to use. Then, they can keep defrauding the online stores with their new disposable email addresses. It’s even harder to keep track of which domains belong to the disposable email providers as they are continually changing.
Solution no.1 – Perform identify verification
The most basic way to mitigate a user with multiple email addresses is to enforce identify verification either during login or just before checkout. Performing an SMS verification with a One-Time-Passcode (OTP) is the easiest to implement. The end user will receive a code via SMS on their mobile phone which they have to input into the webpage before they can proceed further. This ensures that the mobile phone number used by the customer is valid and will limit the potential damage that a fraudster can do.
After all, how many mobile phone numbers can a fraudster have? Unfortunately, with tech-savvy fraudsters, they can find their way around that using disposable phone numbers. So, this basic strategy is not 100% fool-proof.
Solution no.2 – Check the IP geolocation
Every online order originates from an IP address. With an IP address, it is possible to geolocate the physical location of the computer or mobile device. To mitigate fraud, it is advisable to check the IP geolocation country vs. the shipping or billing address. If they are not a match, it is usually a fraudulent order. Bad news is that fraudsters can work around this by using proxy servers located in the country that matches the shipping or billing address.
Solution no.3 – Proxy detection
As mentioned in the previous section, IP geolocation can be circumvented by the use of proxy servers, usually VPN servers. That makes it very important to be able to detect if the IP address is actually a proxy server. Merchants should block orders that comes via a proxy server. Only people with bad intentions try to hide their online presence by using proxies, especially when making online purchases.
Solution no.4 – Device fingerprinting
An advanced tracking technique called device fingerprinting is a useful way to track an online user. Regardless of the emails or IP addresses being used, it is usually possible to track a particular user. But this is assuming that the proxy server being used does not scrub all personal info from the user. Learn more about device validation, a.k.a. device fingerprinting.
Combine all the above to achieve the best result
For an online merchant, the best solution is to use an automated fraud screening service like FraudLabs Pro. It combines all of the above, in addition to credit card, user and email blacklists, to give the best possible fraudulent order transaction screening. Free and disposable email addresses can also be flagged for manual review or rejection.
As you can see in the previous sections, none of the solutions mentioned are 100% effective by themselves. However, when you combine all the solutions into a robust fraud detection algorithm, you will see the number of fraud orders being detected increasing dramatically.
It does not matter if fraudsters try to submit a fraud order online. It does not matter if the fraudsters keep changing their email addresses to avoid detection. FraudLabs Pro can and will detect the bad actors, stopping them before they can inflict financial losses on your online business.
Free Fraud Protection Today!
Start safeguarding your business with FraudLabs Pro Fraud Prevention at Zero Cost!