FROM CACHE - en_header

Shopify Medium Fraud Alert but Indicators are all green?

Alice14
Tourist
10 0 12

Hi all,

I have an order from a new customer where all the indicators check out but Shopify is still flagging as medium fraud risk. What could be causing this, if the IP address, credit card CVV, billing address all match? Does Shopify's algorithm take other unknown factors into account, for example, does Shopify look for chargebacks by a person/IP address across all its stores and compile data to generate a fraud alert against a particular buyer? The order is in the $200-ish range. On the rare occasions I have previously seen a fraud alert from Shopify, at least one of the indicators is red. Here nothing is red. What am I missing?

This is what I'm seeing:

Indicators
  • Some characteristics of this order are similar to fraudulent orders observed in the past
  • Card Verification Value (CVV) is correct
  • Billing street address matches credit card's registered address
  • Billing address ZIP or postal code matches the credit card's registered address
  • There was 1 payment attempt
  • Payment was made with 1 credit card
  • Location of IP address used to place the order is [Redacted for posting] United States
  • Shipping address is 4 miles from location of IP address
  • Billing country matches the country from which the order was placed
  • The IP address used to place the order isn't a high risk internet connection (web proxy)
 
Replies 7 (7)
Jason_Beacon
Shopify Partner
235 12 46

Hi Alice.

Shopify does not publish publicly how their fraud system works for obvious reasons. The very basic fraud analysis is just there to inform a merchant of possible bad orders. I'm thinking they also take aggregated data from other merchants to determine the validity of the order. In any case, The system is known not to be the best at determining if an order is a fraud or not and false positives can happen, which mean the order could actually be a good one.

What you should do in this instance is either phone up the customer or send an email confirming their order. Be sure to keep track of all communications and possibly send the shipment via signature required for extra insurance.

And be wary that you can still receive a chargeback. If you do not simply feel comfortable with the possibility of losing your money, then I would just outright cancel the order.

I hope this helps you a bit. 

Decrease fraudulent orders, stop chargebacks with Beacon. The most customizable fraud and risk management system built for Shopify businesses

https://apps.shopify.com/beacon
Alice14
Tourist
10 0 12
Hi Jason

Thanks for your reply. I am wondering why emailing or calling the buyer would help? If they are using a stolen credit card, wouldn’t they say yes the order is valid ... only for me to find out weeks later that it wasn’t?
Victor
Shopify Staff
Shopify Staff
1461 140 333

Hi @Alice14,

Thank you for reaching out and for providing the information about this order. The risk analysis tool is not always clear about why an order is deemed medium or high risk, as @Jason_Beacon mentioned. This can sometimes make it difficult to determine whether you should fulfill an order or not, and it's also worth remembering that it's possible to receive a chargeback from a low risk order too. The risk analysis tool is there to help you make decisions about orders you receive but it cannot tell you with complete certainty if an order is fraudulent or not.

In terms of how an order's risk analysis may be calculated, more information is listed on our fraud analysis page on the Shopify Help Center:

Fraud recommendations are powered by machine learning algorithms that are trained on historical transactions across all Shopify stores. The recommendations give you the benefit of years of fraud detection experience. Shopify continuously improves these algorithms to better identify fraudulent orders.

I would also recommend asking yourself a couple of questions about the nature of the order, such as whether this is a larger/ more expensive order than you typically receive, and if the customer is based in an area or country you typically receive orders from? This information, along with the information provided in the risk analysis for the order, can help you make a more informed decision. You will also want to consider other factors such as how much it would impact you financially if this order does prove to be fraudulent, and whether or not you have received other fraudulent orders and/ or received chargebacks in recent times.

If you have any suspicion about the card being used, you can contact the customer and ask them to prove ownership of the card—this could be done by having them take a photo of card whilst blocking out the full number aside from the last four digits, whilst also showing their name. This may be an extra step they are not wish to take, or they may not respond at all, but if they do provide this then you can have more confidence in the fact that they do actually have possession of the card in question. Ultimately, the decision is up to you, and you will need to decide how much proof or evidence you need to fulfill the order. I would recommend checking out our Help Center page on fraud prevention for further advice and recommendations.

Finally, if you are based in the United States, you can consider opting in to our Fraud Protect service. This will allow you to fulfil protected orders with the knowledge that if a chargeback is issued against the order due to fraud, Shopify will reimburse the full disputed amount and the chargeback fee to you, and handle the chargeback process on your behalf.

Kind regards,

Victor | Shopify Social Care

Victor | Social Care @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

Jason_Beacon
Shopify Partner
235 12 46

There are different types of fraud cases. Friendly fraud, card parsing fraud,  Identity fraud, etc.. Yes, you are correct the customer can just say the order is valid and intending to cheat the merchants, but statistically speaking, this is very low compared to other types of fraud. You might even be contacting the original account holder that may or may not know about an unauthorized purchase used by a third-party bad-actor.

What you want to do is add a little friction to the checkout process so that you can make absolutely sure you want to process the order. Most people intending to cheat do not want to waste their time with a shop that is cautious.

Decrease fraudulent orders, stop chargebacks with Beacon. The most customizable fraud and risk management system built for Shopify businesses

https://apps.shopify.com/beacon
JosephSeller
New Member
3 0 0

Hey Jason - thanks for your input here! I have a similar scenario: a few orders with Medium risk flagged but no indicators which would actually suggest that. So, it would lead me to believe that the NAME of the person, or their location/address, might actually be the actual factor or characteristic that is associated with the fraud. 

You mention "

What you should do in this instance is either phone up the customer or send an email confirming their order. Be sure to keep track of all communications and possibly send the shipment via signature required for extra insurance.

And be wary that you can still receive a chargeback. If you do not simply feel comfortable with the possibility of losing your money, then I would just outright cancel the order."

 

How do we know the person who owns the card is the person making the order? So if I phone the customer... what number am I using? If I use the provided number to phone the customer how do I know I'm calling the person who owns the credit card / debit card being used?? So, that's not terribly helpful. Send an email? But - again - unless I know the email of the person who owns the credit card how do I know who I'm calling?? That makes no sense. If they make an order and provide a name and phone and email and I call those, won't the fraudster simply answer the phone? If they provide a bogus number, perhaps then, it would lead to a call to a person who has no knowledge of the order. 

I ordered something on a site once and the charge went through. Then, I got a call on another phone I had that appeared on my credit report and probably in databases. The company looked me up and was making sure that I was the person who placed the order. But, they didn't merely call me at the phone I provided on the order: they pulled a number from someplace else and found me and only then confirmed the order. Is this what we would be doing with these medium or high risk orders??

 

I had an order recently - it was flagged as medium risk. I looked up the address and it was public housing and he left a large tip. Large tips are unusual. Perhaps these are things also consistent with fraud from historical transactions and this is why they flagged it as fraud? SO the guy comes in for his visit and I asked for his credit card to compare to the one used and his Driver's license. I also looked him up on social media - so I confirmed it was him. This is enough to confirm this is the guy who made the order. 


But, if he wants to do a chargeback and simply say, "hey I never made this charge" then the credit card company would likely side with him. I don't know what would happen then - but I know people do that. So, I also have surveillance video which shows him at my business. I think that a savvy fraudster will win in the end: my job is to make it as inconvenient for them as possible and to fear being caught. In reality, if I went to the local police with a complaint it would never make it to the desk of the white collar crime division. 

JosephSeller
New Member
3 0 0
JosephSeller
New Member
3 0 0

Alice, I have the same issue! A FEW recently came through as medium risk - but no little red marks to tell me what it might be! So I find myself looking their addresses up, looking for them on social media, etc. Which is time consuming - but my average order is $320 so it's worth it. What have you been able to figure out? 

I think some of these people likely have histories of chargebacks in the 'system' and this is part of the characteristics that Shopify includes. Also, I wonder if location/address of where the person lives; if it's a high crime high fraud area in general then that will probably flag. It's UnPC for Shopify to post that for us so we have to figure things out like that.