Ecommerce Fraud Prevention With Drupal Commerce
f you’re a business owner with an ecommerce site, you’ve almost certainly been a victim of fraud in the form of credit card chargebacks.
A chargeback is when a retailer must pay a credit card provider for the loss on a fraudulent or disputed transaction. So if someone complains that their credit card was used without their permission to buy one of your products, and you can’t prove it was a legitimate transaction, you have to cover the cost of the item and pay an additional fee.
Chargebacks can be five to 10 percent (or even higher) of sales depending on what you sell. If you sell PDFs, you’re relatively safe, because PDFs don’t have much resale value. But if you sell things like video games and tablets and laptops that can be resold easily, you could be a big target for fraud.
The kicker is that you can’t stop people from doing a chargeback. You have to stop yourself from accepting fraudulent orders in the first place. And Drupal Commerce can help.
The key is to assess the risk of an order. Acro Media developed a fraud scoring module for Drupal Commerce that looks at what increases your risk of fraud.
But in order for the module to be effective, you need to tell it what orders you’ve had that were fraudulent. That means looking at what you get chargebacks on and going into the module and marking those orders as fraudulent. The module can use that data to extrapolate what other orders are likely to be a problem.
You can then set certain rules, like orders over a certain price or orders from certain categories or orders containing certain combinations of products are more likely to be fraudulent and need to be dealt with.
What to Watch For
Was this the same email/shipping/billing address as a fraudulent order? That’s a pretty good indication that this order is likely fraudulent as well. You could opt to just decline orders like that and not even look at them.
In other cases, you might flag orders as dangerous (maybe fraudulent, maybe not) and investigate a little more — maybe call the person or put them through a credit check or talk to the bank.
Hopefully, in most cases you can note the order as being really safe and send it through automatically.
At the start, you won’t have much data. But the more you go through your orders and mark which ones caused you grief, the better your results will be. It actually doesn’t take that much — if you process even a few hundred orders, you’ll start getting some better results.
Is it Just Me?
The module currently only looks at your specific data on your specific site. There was talk of doing a global version where everyone who uses the module could share the data (i.e. “What’s the score you have for this email address?”) but privacy and licensing concerns have yet to be worked out.
To learn more, check out our High Five episode “Ecommerce Fraud Prevention With Drupal Commerce.”