- NotSitting.com, an eCommerce store selling furniture online was hit by an organized credit card fraud ring in December and January 2016
- Total loss of $15k in credit card chargebacks, lost inventory, technology changes, and staff time
- Fraudsters submitted an order that was shipped to a vacant house, where they simply picked up the package from the front porch
How we reacted:
- We installed FraudLabs Pro to provide real-time order fraud risk scoring
- We adopted a fraud risk evaluation process for high risk orders
- We made changes to our merchant account settings
- We worked with suppliers to change our shipping practices
Some Background on NotSitting.com
NotSitting.com was an Amazon Affiliate program website for 3 years before tragedy struck and we lost our account due to a terms violation, taking the earnings on this brand from approximately $2000 to $0 one night in July 2016. To rebuild value in the brand and monetize the traffic we chose to start dropshipping the desks we had been reviewing and recommending.
To get started we:
- Contacted suppliers to build reseller relationships
- Established a merchant account with Durango Merchant Services
- Incorporated a store into the website technology stack
- Massively changed the content and theme to focus on selling instead of page views
- Started advertising on Google and Facebook
We launched the store in October, 2016.
Just a couple months after launch we started receiving orders for a product in our catalog that had never been sold before. The product was about twice the retail value as our average order and we were getting a few orders per week. I was excited about the sales and unfortunately I was not suspicious enough of my customers to realize I was being defrauded.
NotSitting Tech Setup Prior to Fraud
The technology stack for NotSitting.com prior to the fraud attack was as follows:
- GoDaddy Business Hosting running a WordPress website
- Storefront handled by WooCommerce and a variety of related plugins
- The Network Merchants Inc payment gateway plugin for WooCommerce (NMI is the processor for Durango Merchant Services)
How We Discovered The Fraud & The Pattern
The first indication of trouble was in January 2017 when we received the first customer credit card chargeback. We provided the information we had for the customer, visitor, and payment information and our appeal was denied. We didn't realize it at the time but we about to see many more chargebacks.
A couple days later we had our next chargeback. That is when we realized we had a problem. The way we realized we were about to lose a ton of money was that both orders looked the same, for example:
- There was only a single product in the order, the one that had recently started selling really well
- Billing and shipping address were different but within about 100 miles of each other in the same state
- Using Google streets we noticed that the shipping address house was often rather run down while the billing address was a rather upscale house
- The email address provided on the order, when visiting the domain, rendered the same junk webpage...
When we noticed this we immediately went through our orders and found all the orders matching this profile. There were a lot of them.
We contacted our Durango representative to let him know about what we had found and to seek advice. Working with him, very very professionally, we created a fraud detection and investigation process that would work for the processor (NMI) so that they didn't shut us down. Fortunately for us, we had enough cash to pay the chargebacks... if we hadn't it would have caused a business collapse.
Fraud Evaluation Triggers
From that point on we had respect for eCommerce fraud and started scrutinizing every order that came in. Here's the process we adopted:
This is AssetLab Academy PRO content!
- If the billing and shipping address were the same we considered it a low risk order
- If the customer paid with PayPal we considered it a low risk order
- If the order was for a product we were not selling at a competitive price we considered it a high risk order
- If the billing and shipping address were different, we considered it a high risk order
High Risk Fraud Evaluation Process
When we determined an order was high risk we executed the following process:
- We looked at the Google Streets image for the Billing and Shipping address
- We called the phone number on the order
--> The fraudulent ones always went to someone with a different name, or just rang endlessly
- We loaded the domain portion of the email address for an assessment (i.e. firstname.lastname@example.org = we loaded http://assetlab.us)
--> Generally for the fraud orders we saw the same of junk homepage every time. A couple times we saw a very low quality, hastily created website for a business that was closed down. Meaning, they bought the expired domain name, setup email and a junk homepage, and started working.
- If we were still unsure we looked up the county tax assessors data for the shipping address to make sure there was a name match
--> The fraudulent orders never matched
To help deter fraud we made a few changes to the administrative side of the website we installed a plugin that created a fraud score for every order that takes in to account data from hundreds of thousands of merchants and global best practices for fraud scoring... and it was FREE!
The free version of FraudLabs Pro for WooCommerce
- FraudLabs provides eCommerce fraud risk scoring on hundreds of thousands of websites and has great information on risk level
- If any FraudLabs user marks a card as associated with fraud, all members benefit
- The plugin for WooCommerce is free and can be upgraded to get additional scoring and protection
- Visit FraudLabs Pro to learn more
Merchant Account Changes
We made some changes to our merchant account as well. Previously we were biased toward the person filling in the order form, meaning that as long as the CVV matched we would accept the card. We changed that up significantly requiring the following:
- Address match
- Zip code match
- CVV match
When a customer had trouble submitting an order with this setup and they called us (fraudsters never call) we just helped them through the process of finding the real billing zipcode for the card. This generally happened to business customers who were "using the boss's card" and just entered the business mailing address, which was incorrect.
We also made some changes to how we worked with our suppliers, specifically, we required signature on delivery for all products. This simple change resulted in deliveries to vacant properties being returned to the manufacturer or to us instead of delivery where a fraudster could retrieve the package. When this happened we were out the shipping charge but we didn't loose the whole order and the product.
Thank you for being an AssetLab Academy PRO!
These changes resulted in 100% fraud avoidance for the following 12 months, meaning, we did not deliver a single product to the hands of a fraudster. Interestingly, as soon as we changed the merchant account settings we saw an 80% reduction in high risk orders being submitted.