No announcement yet.

Small Order Credit Card Fraud

  • Filter
  • Time
  • Show
Clear All
new posts

  • Small Order Credit Card Fraud

    We had to turn off accepting credit cards for parts of the day due to a huge increase in small order credit card fraud. This started out as 1 or 2 orders a day and quickly went to around 10 orders a day before we turned off accepting credit card payments. We use Square for processing our cc orders. All of the fraud orders are under $5. Our average order is closer to $50.00 so they immediately seemed weird. For the 10 orders they would all be getting shipped to different people. 5 of the orders would have the same email address and the other 5 would have the same different email address. All of the fraud scores were either 7, 9, or 10. They all seem to come in after 9pm eastern time. We have blocked all the ip's but it seems like they just go to different ip's. We check our not completed orders the next day and it looks like they are still trying to process the fake orders. However, they leave the site after they go to the checkout and don't see the credit card field. Anybody else experiencing this?

  • #2
    It is a known issue: Fraudster are testing stolen credit cards on small amounts to see which ones work, then they will use them for bigger fraud.

    There are to be pattern you can identify though. On a given day, they must use a set of IPs.

    Instead of blocking all CC payments You can
    • Set a minimum of let's say $15 for CC payments
    • Since you use Fraudwatch, use it to place all suspicious order in "review" mode. You can delete them there before they are processed (not sure is Square batches transactions instantly or not, but most CC companies don't, allowing you enough time to delete them)
    • You can also set a Fraudwatch rule to simply reject all orders with a Fraud score over 6 (or any number you like). Seems to be the best option in your case
    • Finally, if Square has this option, set a limit of transactions/IP the same day. These fraudster will use the same IP on a specific day to try 100s of cards. If you set an IP limit to 2-3, they won;t be able to do that. If they try the nest day with a different IP, they will be prevented to 2 tries as well.. I use this setting with FirstData and it has blocked many fraudsters wannabees.
    None of these settings will block legitimate customers
    Last edited by nicolas_t; 02-26-2020, 01:07 PM.


    • #3
      Thank you for the advice! I did not realize you could reject orders based on fraudwatch score. I just turned that on and hopefully that will keep them from coming in. Again, really appreciate your help!