Back to the top

Roni Bolana

Credit Card Fraud Techniques: How to Identify Them & Keep Your Business Safe

Credit Card Fraud Techniques: How to Identify Them & Keep Your Business Safe Technology is developing at an unbelievable pace. As our technology develops, so do the gaps in security measures, leaving many businesses and individuals vulnerable to credit card fraud. The reality is that, according to a study done by Kount, a staggering 40% of all financial fraud is related to credit cards. What's even more shocking is that this translates to $5.55 billion worldwide! There are various techniques that you and your business can adopt to avoid credit card fraud, and stop those devious fraudsters in their tracks.......

Continue reading

How to Handle Shopify Orders That Have a High Risk of Fraud

How to Handle Shopify Orders That Have a High Risk of Fraud

Shopify is a platform for businesses of all sizes to create an online store. It offers users a customizable platform, an easy-to-use checkout process, and a wide range of features. However, with great power comes great responsibility.

Unfortunately, Shopify’s popularity has come at the expense of many different types of e-commerce fraud. This post will discuss how to handle and fulfill high-risk orders on Shopify.

How to Know if an Order Is Fraudulent

There are a few ways to determine if an order is fraudulent on Shopify. These include:

Order history discrepancies

One way is to look at the order history and compare the new order to previous orders. If there are large discrepancies between the orders, like a sudden and significant order amount, it could be a sign that the order is fraudulent.

IP address irregularities

Another way to tell if an order is fraudulent is by looking at the customer’s IP address. If the billing IP address isn’t located near or close to the shipping address, this could be a sign the order is fraudulent.

Changes in a customer’s shipping details

One possible sign that a purchase may be fraudulent is if the shipping address changes after the initial order is placed. This could be an indication that the purchaser is trying to hide their true location, which could be a sign of criminal activity.

Multiple failed order attempts

If a customer is trying to place an order multiple times, it could be a sign that they are trying to commit fraud. This could be because they are trying to place fake orders or orders with stolen credit card information. If you suspect a customer is trying to commit fraud, it is recommended you block high-risk orders and attempt to verify the customer’s personal details.

Can High-Risk Orders Be Managed?

There are various ways to manage high-risk orders on Shopify. These include:

In-app fraud checks

In-app fraud checks are a way to prevent Shopify fraud by verifying that the person trying to make a purchase is actually the person who created the account. This can be done by asking for verification information like a birthdate or address, using fraud prevention software like Shopify’s fraud analysis, or by requiring a password or authentication code that is only known to the account holder. This helps to prevent someone from stealing another person’s account and making fraudulent purchases or chargebacks.

Order verifications

  • Just like in-app checks, an order verification is a process by which a customer’s order is checked against the information on their account to ensure that the order is valid. This can help to prevent Shopify fraud, as it makes it more difficult for someone to place an order using someone else’s account information. Order verifications can also help to ensure that orders are placed accurately and that no mistakes are made.

Is Managing High-Risk Orders Worth the Effort?

Generally speaking, managing high-risk Shopify orders can be worth the effort for merchants who are able to secure a favorable payment processing agreement with a reputable merchant account provider.

By taking these precautionary steps, you can prevent fraudulent orders, flag a customer that is making repeated and suspicious orders, and subsequently lessen the headaches and potential revenue loss now and in the future.

Risk Factors Associated with E-Commerce Fraud

Risk Factors Associated with E-Commerce Fraud

E-commerce fraud is the use of fraudulent means to obtain money or goods through online transactions. The consequences of e-commerce fraud can be significant for businesses. They include financial loss, damage to reputation, and loss of customers.

To help reduce the risk of e-commerce fraud, here’s a breakdown of the different types of e-commerce revenue fraud schemes with examples.

Types of E-Commerce Fraud

There are several types of e-commerce fraud you should be aware of. These include:

Account Takeover Fraud

Account takeover fraud is the unauthorized use of an account that belongs to another person. This can be done by stealing personal information, such as a social security number, or by hacking into a computer system. Once the perpetrator has access to the account, they can use it to make fraudulent purchases or withdraw money.

An example of this would be if someone gained access to your bank account information and used it to make unauthorized withdrawals or purchases.

Friendly Fraud

Friendly fraud is a term used to describe when someone uses a credit card or other type of payment method to make a purchase, but later disputes the charge through a chargeback. The perpetrator does this intending to keep the product or service without paying for it. This can be done by either contacting the merchant directly and alleging that the product was not received or defective, or by filing a dispute with the credit card company after the fact.

Interception Fraud

Interception fraud occurs when the perpetrator uses a stolen credit card or a hacked third-party payment system account to purchase online goods. Once the order is placed, the fraudsters then attempt to intercept the parcel using one of the following methods:

  1. Stealing the order from the drop-off location.
  2. Redirecting the parcel by contacting the online store and requesting the order be sent to an address of their choosing.
  3. Contacting the shipping company and rerouting the package to a destination of their choice.

How Can You Identify E-Commerce Fraud?

There are a few ways to identify e-commerce fraud. One way is to watch for anomalies in customer behavior, such as sudden spikes in activity or orders placed from unusual locations. You can also look for discrepancies in order information, such as mismatches between the shipping and billing addresses or items ordered that don’t seem to be related. Additionally, you can use security features like two-factor authentication to ensure that the person placing the order is actually the customer.

Can You Prevent E-Commerce Fraud?

It is possible to prevent fraud. To do so, online businesses need to understand which types of attacks are possible. With this knowledge, appropriately placed security measures can help to protect both the business and their customers.

One of the most important things businesses can do is to make sure the business has a secure website. This means using strong passwords, encrypting information, and firewalls. They should also keep their software up to date. You could also use a fraud risk assessment checklist or survey to determine if there are any vulnerabilities in your business or website.

With these tactics working in unison, your e-commerce store will be more secure and impervious to fraudulent activities than ever before.

High Risk Payments Recovered Post-Payment

High Risk Payments Recovered Post-Payment

High risk payments represent a growing segment of online transactions with some dedicated payment services providers, specializing in a field that offers a premium for those that better manage the risks involved. Processing high risk payments successfully depends upon shoring the risk, obviously the more information the decisions are based on, will improve results. Recently FUGU has teamed up with such payment processor to do precisely so.

In the current state of affairs the only way to shore the risk presented by high risk payments is by creating an Authorization Hold that insures the availability of the funds but does not defend against chargeback. The main form of shifting liability is through 3D Secure a costly process in every aspect, denying more than 15% of all transactions, creating more friction than needed to achieve better results.

In this case, FUGU is working with the payment gateway and presents the Auhtorization Hold and captures the hold sum automatically. The transaction is moved from the churn zone to the collaboration zone, as FUGU continues to communicate with the customer, getting to know more while collecting evidence against dispute including a full KYC process (see below).

After the payment, when the customer is most collaborative, in cases of high risk, FUGU contacts the payer with different forms of evidence validating the transaction. Using the following methods in various configurations, FUGU reduces denials by 70% and more:

These methods offer additional insights:

Sign & Approve

Customer receives a receipt for signature that is very familiar:

  • Validate mobile number
  • Measure cooperation
  • Device signature
  • Match IP and GEO –Location

Request a Selfie

Customer receives a request for a single use of the camera to confirm identity:

  • Save as representment
  • Validate mobile number
  • Measure cooperation
  • Device signature
  • Match IP and GEO –Location

Request ID Scan

Customer is asked to submit a picture ID as a form of identification:

  • Save as representment
  • Measure cooperation
  • Device signature
  • Match IP and GEO–Location
  • Match Selfie with ID face

Ask for Credit Card Scan

In extreme cases, customer may be asked to submit a scan of the credit card:

  • Save as representment
  • Measure cooperation
  • Device signature
  • Match IP and GEO –Location
  • Match First & Last Digits


In the unfortunate event of a dispute, all evidences are available with a click of a button

  • Selfie image
  • ID scan
  • Selfie ID match
  • Credit Card scan

6 Tips for Fighting Credit Card Chargebacks

6 Tips for Fighting Credit Card Chargebacks

A credit card chargeback is a refund issued when a cardholder contacts their card issuer to request a reversal of charges that they feel are made in bad faith. The issuer investigates the request and, if it determines that the charge was not authorized, fraudulent, or the merchant didn’t deliver a quality product or service, it reverses the charge and refunds the amount to the cardholder.

This is a common practice that—for legitimate or illegitimate reasons—can have a significant effect on your online store’s bottom line.

To help you mitigate and manage these impacts, here we discuss strategies on how to deal with chargebacks and how to fight a credit card dispute.

How Do You Fight a Credit Card Chargeback?

One of the biggest disagreements many online merchants have with return item chargebacks is that they are often authorized far too liberally. Many merchants would argue that they weren’t given any warning of a customer complaint or granted an appropriate amount of time to solve the customer’s issue with a product or service.

Thankfully, there are steps you can take to fight credit card chargebacks:

1. Be Aware That Chargebacks Are Often Issued Without Warning

Usually, you will receive no notification of a chargeback. Most times, the only way you’ll know of a chargeback is because funds will be withdrawn from your business’ bank account by a customer’s card issuer.

2. Keep a Vigilant Watch on Your Business’s Bank Account

Once you become aware of a chargeback, understand that there is a response deadline that you must meet in order to dispute the removal of funds. As such, it’s a good idea to monitor your business’ bank account; otherwise, you’ll likely miss the window of time you have to contest a chargeback.

3. Do Your Research on Why a Chargeback Was Issued

In order to lodge a dispute, understand there is a “reason code” issued with each chargeback that explains the reason the chargeback was issued. To help you fight a chargeback, be sure to do your research on the reason code, as it will go a long way in helping you win a chargeback dispute.

4. Gather Compelling Evidence to Fight the Chargeback

In order to successfully dispute a chargeback, you must gather enough compelling evidence for a card issuer to reverse their decision. Evidence like sales receipts, a copy of your returns policy, and any direct communication with the customer will all help to overturn an illegitimately issued chargeback.

5. Write a Rebuttal

A well-written rebuttal letter will go a long way to successfully disputing a chargeback. Include the evidence you have gathered and describe why you believe the chargeback has been granted unjustifiably or in bad faith.

6. If You Need It, Reach Out for Help

Successfully handling chargebacks can be both a confusing process and a lot of hard work. To soften the blow, why not reach out to an institute that fights chargebacks regularly, like FUGU?

Should You Fight Chargebacks?

Chargebacks are expensive, and the cost isn’t just in the fees. You also lose the revenue generated from a sale, which can take a considerable chunk out of your profits. To avoid this, chargeback management measures can be taken, although even the best preparation won’t keep your business completely safe from chargebacks.

To help you out, contact our team of experts here at FUGU, as we are more than happy to help you prevent as many chargebacks as you can so that you can get back to driving your business toward success.

What an AVS Mismatch Is and How to Fix It

What an AVS Mismatch Is and How to Fix It

Address verification service (AVS) is a fraud prevention measure used by merchants that accept credit or debit cards. AVS compares the billing address provided by the customer with the address on file at the card-issuing bank. If the addresses do not match, the transaction may be declined to help prevent fraudulent activity.

This helps to ensure that the person making the purchase is actually the cardholder and not someone attempting to use the card illegally. Read on to learn more about AVS mismatches, how to tell if they indicate fraud, and how to fix them.

What Is the Purpose of an AVS?

An AVS mismatch arises when a billing address is entered into a payment processing system but does not match the address on file with the card-issuing bank. This mismatch can cause a transaction to be declined as the bank will presume that the purchase is being attempted with a stolen or counterfeit debit or credit card. In most cases, AVS mismatches can be resolved by contacting the card issuer and updating the billing address on file.

Are AVS Mismatches Indicative of Fraud?

AVS mismatches can indicate fraudulent activity if the discrepancies are significant and not attributable to innocent causes.

Although, merchants should understand that not all AVS mismatches indicate fraudulent activity. There are also many innocent explanations for AVS mismatches, such as:

Out of date billing addresses

Cardholders that have recently moved from one residence to another often forget to update their details with their financial institute. This results in a discrepancy between billing addresses, leading to an AVS flagging a legitimate transaction.

Supported countries

AVS is not supported by countries outside of the US, UK, and Canada. This can lead to cards that have been issued outside of these three countries being flagged by AVS.

Multiple cards or addresses

A cardholder with multiple credit or debit cards and/or residing in multiple residential locations can also lead to an AVS flagging a non-fraudulent transaction.

Fixing an AVS Mismatch

When a transaction is flagged by AVS, there are four courses of action they can take, which are:

  1. Retry the transaction.
  2. If the customer is somebody you know and trust, merchants can override the AVS mismatch and payment system.
  3. Reach out to the customer’s financial institution to verify their identity.
  4. If many legitimate transactions are being flagged, merchants can contact their payment processor and rework their AVS thresholds.

AVS Filters Assisting in Fraud Protection

AVS filters are one avenue of fraud protection that businesses can use to help combat nefarious activities. While they are not a cure-all, they can be a valuable asset in a business’ anti-fraud arsenal. Some of your customers may be flagged as fraudulent by AVS filters, but this does not mean that they are not legitimate customers.

For more than understandable reasons, some customers may have their cards flagged. So instead of turning well-meaning cardholders away, why not use the strategies detailed here to turn an AVS mismatch into a legitimate purchase? Both your customers and your bottom line will thank you for it.

Cutting Costs – Automating Manual Reviews

Cutting Costs – Automating Manual Reviews

If you’re selling online, chances are that 10% of your transactions are routed to manual reviews.

This is a costly and inefficient process, hurting results in more than one way. The question is can we automate these tasks safely, without increasing exposure to fraud.

FUGU has an innovative approach, automating manual tasks working on them after the payment but before the actual risk is assumed, increasing conversion, reducing churn, and preventing fraud.

How do we do it?

FUGU continues to track transactions after the payment, engaging flagged ones according to the relevant payment scenario, i.e. our system “understands” the transaction, its incongruent elements included, initiating actions required to complete the transaction safely.

Instead of rejecting transactions, we collect, evaluate, and store the evidence required, attempting to complete the transaction within the sphere of customer care. As we get to know the customer and the transaction better, true fraud distinguishes itself from valid complexities as indicated in a variety of signals we collect and process.

Most recently, we have been chosen by a fast-growing merchant on top of Shopify to do exactly this, reduce their post-payment manual labor costs without compromising revenue. Because of the nature of the business, they had to route an inordinate amount of transactions to manual reviews, for evidence and identity assurance. We implemented our solution, automating card scans, and selfie id’s with ML.

These tasks are completed after the payment, saving up to 40 man-hours a month but also applying reviews to more transactions, reducing the merchant’s overall exposure to chargebacks and disputes.

There is time and money on the table

E-commerce uncertainty leads to loss of valid business

The fundamental problem of e-commerce risk is uncertainty. There is only so much you can get to know about your customer, without severely damaging the funnel and conversion rates. As anyone who has a sales funnel knows, each added step between product and customer has a cost in conversion. At this very moment, many designers and engineers all over the world are struggling to minimize friction, to perfect their customer journey. All of these efforts come to a halt as the funnel reaches what used to be called the final destination, checkout and payment. At this point, the customer is handed over to a third party, the payment processor. These suppliers are providing a valuable service, but they are also shaping it to protect themselves by blocking or challenging the customer before payment is concluded. In most cases these practices cause a significant loss of valid business to the merchant.

Old trick: Buy time and gather more information before you decide

There are several ways of dealing with this uncertainty, some are happy enough with overprotection, the cost is usually hidden from them and when asked they will say they have no problem with chargebacks or fraud. Others aware of the loss will try to get to know the customer pre-payment, asking many questions and significantly raising churn rates since fraud absolutely does not account for all the churn. A third option is to delay the decision using all available time to reveal more information. This is what FUGU does, we use the time after the payment to gather more information. Our data from live customers is now robust enough to show that the time after the payment can be extremely valuable if used correctly. Monitoring post payment behavior against a variety of signals recorded by our sensors shows that fraud clearly separates itself from genuine payment complexities, a process rapidly accelerated by the proactive measures taken.

FUGU’s post-payment risk prediction safely validates more transactions

The data proves the validity of bringing back old tricks to a new data set. The bottom line is:

FUGU approves 40% of the transactions previously blocked by mistake.

Just that translates into a 1% increase in topline.

But there is more,

FUGU successfully identified 100%  of Friendly Fraud for that specific time period.

Simply put, it is money on the table!

The future of payments is far beyond a handshake at POS

The future of payments is far beyond a handshake at POS

The beginning of a beautiful friendship

In the old world the payment part of a transaction was a straightforward matter, a payment made in exchange for goods in a distinct moment in time – imagine two people shaking hands in the market. This seemed to be the case in ecommerce as well, with credit card transactions in place of cash. The evolution of payments and the rise of new forms of fraud such as Chargeback Fraud determine that it is no longer so. These days a payment indeed starts at the point of sale but will be final and secured only at a much later phase where last installment was made or the chargeback or return option expires. Online merchants should understand the opportunities of monitoring the relationship with their customers during that time frame and leverage it to make better business decisions.

New “Starched” payment models are on the rise

Globalization has quickly exposed merchants to higher competition where product differentiation is no longer enough. One of the ways to stand out had been by business model differentiation leading to a constant evolution of payments. No longer a handshake at a deterministic moment in time, we now need to consider payment a continuous relationship only starting at POS. New payment models now offering longer relationships where payment is either differed or split are on the rise. Solutions like split it or Buy Now Pay Later are offered by merchants to their customers as means of differentiation and in many other cases simply because it is the new standard.

Merchants should monitor, Post-Payment relationship with their customers

Merchants shouldering most of the fraud liability along these longer timelines, use risk analysis tools that limit themselves to a snapshot analysis of information available at POS the site of the Handshake. It means they completely ignore all information revealed during the payment relationship far after POS. Instead of a snapshot, online sellers need a “video” capturing and analyzing the evolution of risk long after the initial risk assessment has been made.

For example:

  1. Something is purchased and paid for later; what happens when customer care receives a request for a change of delivery address, does this change the risk evaluation? It seems obvious that such information is relevant to risk after the payment and should be collected and factored.
  2. A payment was split into installments and customers’ satisfaction drops; they might turn into friendly fraudsters.
  3. Or simply the customer tried to cancel an order with no success and is pushed towards falsely denying the transaction.
  4. A recurring payment subscriber is unhappy with a deal and turns to disputing the charge.

Payment risk tools evolve beyond a “snapshot” at POS

Many merchants shore the dynamic aspect of risk by shifting liability through 3D Secure or other forms of insurance, but these are costly measures with negative effects on the topline. FUGU with its innovative post – payment risk monitoring solution offers a way to gain visibility on payment relationship, spreading sensors along the delivery and payment timeline, continuously analyzing signals captured and anticipating fraud on a sequential time award basis. FUGU with post-payment monitoring capabilities is the only solution in the market who can alert merchants when:

  1. Customers update delivery address after the payment, this could have a direct impact on the risk analysis and it is logged and factored.
  2. Customer with a split payment contacts customer care with a complaint, this could lead to a dispute. Fugu logs and factors the action as well as its embedded data, alerting to risk while shoring it with further documentation.
  3. Customer consulting the return policy after delivery, could be a sign of customer considering turning to friendly fraud, logging and factoring the visit can also trigger proactive measures that mitigate and deter fraud.
  4. A recurring charge generates recurring touch points with the customer; these are analyzed and factored to provide a dynamic view of long-term risk.

All these offer merchants ways to mitigate that risk without negatively affecting conversion rates. (checkout our blog post)