Fraudulent order scenarios

• A large amount of fraudulent orders are being placed.
• The fraudulent orders appear to have similar customer information.
• It's possible that an automated bot is placing these orders.
• You may receive a larger than normal bill from your merchant account provider for failed authorizations.
• Your merchant account may possibly be suspended.

Best practices for managing fraudulent orders

• Check the Failed Authorizations Report for signs of bot fraud. Signs of bot fraud include:
  • A higher than usual amount of failed authorizations in a day.
  • The failed authorizations show the same customer information.
  • The failed authorizations display credit card numbers and the last 4 numbers of each are different.
  • The orders are for the same dollar amount.
  • The failed orders are made in rapid succession.
• Make sure that you have Risk Tools enabled.
• Within Risk Tools, set your reCaptcha settings to 1 AVS/CVV mismatches within 1 minute, and show the reCaptcha for 1440 minutes (24 hours). Keep this setting until the bot activity stops. When it stops, revert the reCaptcha settings so legitimate buyers don't have any issues and abandon their cart.
  
  It's important to be cautious as to when you revert your reCaptcha settings. There are situations where the bot may still be testing your store once a day. If your reCaptcha settings are reverted too soon, you may again see an increase in failed authorizations, which may cause high fees from your payment processor.
  
  Fraudsters tend to test a store, leave it alone for a while, and then return to the store. It's important to note that just because the fraudulent orders stop, it doesn't mean that the fraudster is gone for good. We've seen cases where a fraudster will attempt to place a fraudulent order once a day for a month while the reCaptcha settings were set to 1/1/1440. There have also been cases where a fraudster will hit a store for about a week, stop for 2-3 weeks, and then return for another week.
• Monitor the Failed Authorizations Report for the next few weeks to check for continued fraudulent activity.
• If you notice that the fraudulent activity is continuing, we recommend disabling real-time authorizations.
  
  Disabling real-time authorizations works because card testers and fraudsters consider a credit card is valid if an order goes through. When you disable real-time authorizations, all orders go through and the fraudster will think that every credit card they test is valid. However, usually after a few days, they will realize that a store is no longer a reliable test store and will stop using it to test their cards.
  
  As mentioned, this will cause all orders to go through - including fraudulent orders. All fraudulent orders will need to be manually marked as Fraudulent in order to be removed from your store statistics, not affect inventory, and not be charged transaction fees. This may be a difficult task if a bot is hitting your store hundreds of time a day. This is why we don't recommend this as a first step. However, if reCaptcha hasn't resolved the issue, this is the best way to proceed.
  
  Please note that if a fraudster stops using your store after disabling real-time authorizations, it doesn't mean that it won't become a target for fraud again. It does mean, however, that particular fraudster is less likely to return as they will be aware that you know of their activity. Make sure to re-enable real-time authorizations after the activity stops.
• Make sure to check the Failed Authorizations Report weekly for possible missed legitimate orders. You will also be able to discover possible fraudulent activity more rapidly.
  
  Note: When you see signs of a failed legitimate order, it doesn't mean that the buyer wasn't able to complete their order. Copy the buyer's email address and search the Order Manager for their email address to see if they were able to complete their order. Learn how to search orders in Merchant Solutions.

See Also:

• Risk Tools Overview
• Warning signs of fraud
• Reduce fraud
• Supported Braintree options
• Does PayPal provide any fraud protection?