How to Spot Fraudulent Orders on Ecommerce Site

We have included the 6 most important tips on how to reduce credit card fraud on your ecommerce website. These tips are from a standpoint of AFTER A PURCHASE and how to spot a fraudulent order.

spot-fraud-orders

Tip #1 – Check IP Address

In all popular shopping carts, you will obtain an ip address for each order. You will want to check this ip address and IF the order ip is different from the billing and/or shipping address you will want to raise a flag and check further.

* Tip – Go to: http://www.iplocation.net – search for the ip of order and get location by city & state and compare.

Tip #2 – Different Billing & Shipping Addresses

Although this is a fairly common order, having the billing and shipping addresses being different, you will still want to look into these orders. For example, we do not recall any fraudulent orders from orders that had the same billing and shipping addreses. Note that if a billing and shipping address are in a different state completely than you may want to look at this order more in detail.

Tip #3 – Specific Countries

You will note over time that orders to specific countries have more probability of fraud orders. For example, in our latest project, Venezuela was almost always a fraud order. You may even want to consider banning country ip’s from your site.

Also, you may find specific cities, having more potential for fraud (in our real live example, it was Miami, Florida)

Tip #4 – Search on Google

For flagged orders, you may want to search google or google maps to better understand:

a. if order is to a residential or commercial area
b. if order is to a shipping company

You will also want to search for flagged orders for the address + the term “scam” or “fraud”. In one of our cases where an order was shipped to miami, florida to a shipping company, we found other ecommerce websites having the same fraud orders.

Tip #5 – Call Customers

You may want to have your phone number field in your cart as a mandatory field. If so, call your customer and say thanks for their order. During your call, also pay attention to any flags that may arise. (or if you don’t a hold of customer, please note this.)

Tip #6 – Multiple Orders & Quantity

If you receive multiple separate orders or orders with multiple quantity which is much different from your regular average orders, raise a flag and look into this order carefully.

See our video below:

Setup Virtual Phone Number & IVR Extensions /w Twilio

This article shows you how to implement IVR extensions with your twilio phone number.

Step 1 – Register with phone number from twilio

If you haven’t done so already, go to twilio.com and get a phone number.

Twilio

Step 2 – Setup scripts and XML on server

Before you tell Twilio to handle your voice calls with the following scripts, you’ll need to create them.

a. XML file – Output to twilio is handled with xml. Your xml file will run as soon as a phone call is initiated. This xml for example has an intro message and asks the user to input a 1,2,3 or 4 and sends response from phone to our second file, a php file.

Please make sure that you input your intro message and specify at the end of xml, the full URL path of your php processing file. In this case it’s http://www.example.com/handle-incoming-call.xml


<?xml version="1.0" encoding="UTF-8"?>
<Response>
<Gather action="handle-user-input.php" numDigits="1">
<Say voice="woman">Welcome to COMPANY.</Say>
<Say voice="woman">In order to further assist you. Please listen to the following:</Say>
<Say voice="woman">For sales, please press 1.</Say>
<Say voice="woman">For technical support, please press 2.</Say>
<Say voice="woman">To speak with Bob, please press 3.</Say>
<Say voice="woman">For all other inquiries, please press 4.</Say>
</Gather>
<!-- If customer doesn't input anything, prompt and try again. -->
<Say voice="woman">Sorry, I didn't get your response.</Say>
<Redirect>http://www.example.com/handle-incoming-call.xml</Redirect>
</Response>

b. PHP file – This file gets the input from xml (number dialed) and checks the day of the week and time. then it runs a few if statements and either redirects phone number and calls a phone or redirects via a twiml to a voicemail with special message recorded in mp3.


<?php

$dayofweek=date('D');
$hour=date('H');

if(($dayofweek!='Sat')&&($dayofweek!='Sun')){
if(($hour>17)&&($hour<23)){

//ok time to call

$ok='1';
}
}

header('Content-type: text/xml');
echo '<?xml version="1.0" encoding="UTF-8"?>';
echo '<Response>';
$user_pushed = (int) $_REQUEST['Digits'];
if ($user_pushed == 1)
{
echo '<Say voice="woman">Connecting you to, sales.</Say>';
if($ok!='1'){echo '<Redirect>http://twimlets.com/[email protected]&Message=http://www.example.com/ftZLg.mp3</Redirect>';}else{
echo '<Dial>+13105551212</Dial>';}
}

else if ($user_pushed == 2)
{
echo '<Say voice="woman">Connecting you to, technical support.</Say>';
if($ok!='1'){echo '<Redirect>http://twimlets.com/[email protected]&Message=http://www.example.com/ftZLg.mp3</Redirect>';}else{
echo '<Dial>+13105551212</Dial>';}
}
else if ($user_pushed == 3)
{
echo '<Say voice="woman">Connecting you to, Ori Tzvielli.</Say>';
if($ok!='1'){echo '<Redirect>http://twimlets.com/[email protected]&Message=http://www.example.com/ftZLg.mp3</Redirect>';}else{
echo '<Dial>+13105551212</Dial>';}
}
else if ($user_pushed == 4)
{
echo '<Say voice="woman">Connecting you to, operator.</Say>';
if($ok!='1'){echo '<Redirect>http://twimlets.com/[email protected]&Message=http://www.example.com/ftZLg.mp3</Redirect>';}else{
echo '<Dial>+13105551212</Dial>';}
}

else {
echo "<Say voice="woman">Sorry, You dialed an invalid number.</Say>";
echo '<Redirect>http://www.example.com/handle-incoming-call.xml</Redirect>';

}

echo '</Response>';
?>

* reference – http://www.twilio.com/docs/howto/ivrs-extensions

Step 3 – Login to twilio.com and reference script

Go to “numbers” page, and click on your phone number. Under the “Voice Request URL”, enter the full path on your server to the xml file and click on “save changes”.

Voice Request URL in Twilio

That’s It!.

Please feel free to view complete “how to” video or comment at bottom of this page with any suggestions or questions.

Video Transcription:

Would like to show you how to implement a virtual phone number via a twilio phone number, setup extensions and an automated system (IVR) and to setup some a timed programmatic addition to redirect phone number based on time of day and day of week. In order to implement this, we use a twilio phone number. Twilio enables you to rent a phone number and do simple programming to enhance phone number (voice and sms). In addition twilio is very affordable.

Let’s dive in and begin. We setup a phone number. the test is, anytime someone calls on a weekday during specific business hours, we want to enable them to go to specific extensions, (sales, technical support, etc), and if not within business hours or weekend, it will redirects to voicemail. Pretty soon, we’ll show you the programming.

Register with twilio.com, get a number and login. Go to the “numbers” page and click on phone number. We want to tell twilio what to do when a voice call comes in via the field of “voice request url”. We can select all or inbound and outbound. Also you can set what script to run in case of a sms message. Right now, we’ll go over the voice option. We setup a file on our webserver. In order to actual ger more information, go to twilio docs (http://www.twilio.com/docs/howto/ivrs-extensions). you can download their zip file and read their examples and documentation to help you understand more. IVR allows you to create extensions. For example, an intro message and “for this, press 1, for this press 2” and the script will know how to handle it. Other than php, the examples may be in other languages as well. The docs explains what happens. when a customer dials a twilio number, it goes to twilio’s server and the server triggers the url we just specified. I’m going to dive into this pretty quickly. We’re now going to go to the ftp and create this file. Now’s we’re using our ftp client and editing our php script. In our voice request url, we told it to go to our xml file named
handle-incoming-call.xml. Let’s edit this file. It’s a simple structured xml file which says the following. Whenever you gather an input from the phone call, send it over to another file, our php file. Say in a woman’s voice “welcome to astral web”, then pause and say “in order to proceed”… “for sales press 1”, etc etc. The gather field will listen to the phone and will send info to the php file and if someone did not press a correct number the xml repeats the same menu and waits for correct dial/input. Now let’s edit the php file and look inside. Again the output of the file is in xml and the file listens to the input. If the user presses 1, it will run the first part, if the user presses 2 and on and on. If nothing was presses, it will say in a woman’s voice, sorry you dialed an invalid number and will redirect to the original xml.
the script will check if it’s during business hours and if so, it will redirect/dial to another phone number and if not, it will play the mp3 from twimlet which we earlier recorded for voicemail. Twimlet is twilio’s own language which enables us to add more coding at we did via the twiml is redirect to voicemail, send an email and play as the message on voicemail an mp3 that we recorded.
Instead of mp3, you can input regular text. for example, hi i am not in but remember that in the url, you cannot have spaces. Replace spaces with plus signs “+”. Above in the code, we set the time and date and then checked in if statements.That’s it! I wanted to give one more tip on xml. Make sure you always have double quotes and quotes are closing correctly and that your header is in xml. If you have a problem, you can diagnose via your dev tools and logs area. Don’t forget to test that everything works.