I have my site set to automatically capture payments and it has captured a payment of £1115 with a warning that there is a high risk of fraud.
My immediate reaction was to refund the card payment and send a paypal invoice instead, but if the card is a stolen card and I refund the money, I lose £1115. But if I send the goods and then it turns out to be a fraudulent payment and there is a chargeback I lose the goods.
Does anyone have any suggestions other than doing nothing and waiting to see if the customer does a chargeback?
These type of situations can be tricky, and ultimately your first gut instinct on how to handle the situation is, in my opinion, the right choice to make. When our systems flag an order as high risk it means that one or more key attributes that we looked for didn't match up. When this happens we typically would suggest that you refund and cancel the order as there is a high risk of the order getting a chargeback. We do have a document that outlines our fraud analysis tool here that I'd recommend reading over in this case.
If you'd prefer to not cancel the order, then you could reach out to your customer to verify the information. Typically you could ask for a photo of the credit card showcasing the name, as well as a photo of their driver's license to see if things match up. Other things to look for would be whether the billing/shipping address match (including Google mapping the address), as well as funky looking names/email addresses. If they are able to provide this information, and you feel comfortable fulfilling the order then you can proceed as normal.
That all being said, I would highly advise not waiting to find out whether the order receives a chargeback or not. When an order receives a chargeback then you would be charged 10 GBP plus the original order amount. The process is then handled directly by the banks and can take up to 90 days until they determine who they favor. We have an in-depth document here that outlines the chargeback process should you need it!
In short, I would highly suggest refunding and canceling the order, however, should you want to fulfill it then you do run a high risk of losing the product, the original order value as well as the 10 GBP chargeback fee.
These situations can be tough, however, if you do have any other questions or need anything clarified, please let me know as I'd be happy to help!
Thank you Peter. I realised after I posted the question that I had not made my concerns completely clear. I am not concerned about losing the sale. It's just that if the payment has been made on a stolen card and then I refund it to that card after the card has been reported as stolen, does my real refund money end up going into a black hole somewhere and then I lose the refund money AND the original payment, if you see what I mean.
If someone can tell me for sure how it works I would be grateful.
Edited to add: having asked the customer (shipping address in Tenerife, IP address in barcelona) for the card billing address, he has given me a town (not a street address) in Taiwan. I don't think so somehow! But I would like an answer about how it works please.
Thank you for providing the additional context! In the case that the original card was canceled, and a refund was placed back onto this card then it would be up to the cardholders' bank to ensure the funds are properly placed back on to the account.
For example, if the cardholder's card was stolen and they were issued a new card then their credit card company can easily reroute the funds back to the appropriate account. Should the account be fully closed, then these funds are typically held into a holding account. From here, the credit card company would mail out a physical cheque to the cardholder to ensure they receive their funds.
I hope that provides some clarity on the situation, however, if you do have any questions please feel free to reply back and I'll happily help out!
The E-commerce Frauds are now taking a severe turn, and costing the sellers both monetary and inventory losses. Some E-Commerce frauds like Chargebacks, Return To Origin(RTO), Payment Frauds are the top frauds.You can read more about such frauds at - https://goo.gl/ibFWMZ
To avoid them, ThirdWatch, offers e-commerce businesses a smart way to fight fraud. Their AI mechanism Mitra detects any kind of anomalies in the data received and blocks suspicious transactions. Mitra automatically differentiates between genuine and illicit transactions, without the need of maintenance or manual upgrades.
As far as I know, they are working with major E-Commerce companies now and expanding towards Fintech Business.
They offer free 2-month trial period, charging $0, and also integrates with Shopify within 100 minutes.
I'm using their services. If you want you can reach out to them and discuss further with their representative. Their link - https://goo.gl/4AnxTj
The Young Answer
I think you made the right call in this case! In general, Shopify's fraud detection will be right in most cases, so it's a good idea to simply cancel all "high-risk" orders, in particular if you get a lot of them.
If you can, I always recommend going into your payment provider settings and activating CVV and ZIP verification - this adds another layer of security to your store. Also, we've installed the "Fraud Block" app (https://apps.shopify.com/fraudblock-fraud-prevention), which automatically cancels all high-risk orders - super convenient, since no more fraudulent orders will slip through.