Alexa Kreizinger

Determining the biggest risk factors for your store with NS8

Did you know that you can utilize your own data in NS8 Protect to discover risky behaviors that could signal fraud? Learn how to find this information and use it to create custom order rules that better protect your business.

Fraud comes in many forms, and it can be difficult to keep up with the wide variety of schemes and scams that affect ecommerce merchants. Even the most knowledgeable merchants may not know which threats pose the greatest risk to their business. Luckily, with the information made available by NS8 Protect, identifying and stopping the most serious threats to your store is an easily-attainable goal.

Fraud Tailored for Every Store

Different stores can be more susceptible to different types of fraud based on their target audience, type of product, and average purchase size.

For example, a store that sells a large quantity of small, inexpensive items like novelty T-shirts may have trouble with chargeback fraud (especially if the merchant is bringing in low-quality traffic through bad ad campaigns). On the other hand, a store that sells expensive items like game consoles may have more trouble with dishonest shipping forwarders or orders being placed with stolen credit cards.

Each type of fraud is also associated with its own unique risk factors. For example, a merchant who has recurring issues with chargeback fraud may notice that the bulk of their bad orders come from a single location. This will be even more notable if the location in question happens to be a data center or a country that isn’t part of their core customer demographic. Another merchant who has issues with card-not-present fraud may find a pattern between these bad orders and a sudden influx of users hiding behind proxies or using the TOR browser.

Although your company (probably) has some form of fraud prevention already in place, you still may not have a full picture of the particular risk factors driving this fraud—and that’s okay!

You can use NS8 Protect to examine your store’s data, determine which risk factors are most closely associated with bad orders, and then use this information to stop fraud in its tracks.

Accessing Your Data

NS8 Protect’s Suspicious Orders screen makes it easy to view all of your fraudulent (and potentially fraudulent) orders in one place. With a bit of mastery, you can harness this information further by tweaking certain menu elements to display a more comprehensive overview of your store’s data.

By default, the Suspicious Orders screen only shows orders that have yet to be fulfilled and will not show orders that have already been approved or canceled. However, if you are diligent about your order processing, this means you may not have many items on your Suspicious Orders screen—and you’ll want as many data points as possible in order to analyze your threat risks. To show more orders from your store’s history, you can create an on-screen filter tailored to fit your needs.

Shopify Users:

Display previously-fulfilled orders by removing the filter for “NS8 Order Status is in Merchant Review” but keep the filter for “NS8 Risk is in Medium/High.”

Alternatively, if you are specifically interested in orders that were canceled and not orders that were eventually cleared for approval, you can change the first filter to “NS8 Order Status is in Canceled,” or any other combination of the above filters.

Other Ecommerce Platforms:

Display previously-fulfilled orders by removing the filter for “NS8 Status in investigate/cancel” and replacing it with a filter for “EQ8 Score less or equal [value],” where the value is an EQ8 Score threshold that represents your chosen risk level (for example, a value of 400 or less).

If you would like to view all canceled orders instead, you can create a filter for “NS8 Status in canceled” to show orders that have been canceled (likely due to fraud risk). You can also use any combination of these filters or find some other setup that works best for you.

What matters most is that you’re able to get a picture of your data and analyze it accordingly.

You should also make sure that you’ve selected an appropriate date range for your data, or else you may have too many or too few orders displayed.

Once you have orders to work with, you’ll want to add additional columns to the Suspicious Orders page. Some useful columns to start with include:

  • Primary User Risk Factor
  • User Country
  • AVS/CVV Result Code
  • University
  • Colocation Session
  • IP Matches Billing/Shipping Country
  • Proxy Based Session
  • Spoofed User Agent
  • TOR User

Any possible column will provide useful data points, so feel free to experiment as you see fit! If the amount of information displayed becomes overwhelming, you can always work in sections by adding a few columns at a time and removing others when you no longer need them.

Once you have enough data, it’s time to start looking for trends.

There’s no single correct approach for examining your order information, but your best bet is to keep an eye out for any patterns or anomalies. If all of your high-risk orders seem to originate from a single IP address or you realize that you’ve canceled a significant number of orders with bad CVV result codes, take note. Recurring traits among bad orders may point towards a common risk factor, and identifying your store’s biggest risk factors will help you prevent future instances of fraud.

Building Your Defenses

If you’ve isolated a handful of specific risk factors that seem to pose a significant threat to your store, don’t fret—identifying the monster under your bed is simply the first step in driving it away! NS8 Protect’s Order Rules can help automate your fraud prevention to ensure that these threats won’t slip past undetected.

Now that you know your main risk factors, you can create Order Rules tailored to your store’s needs.

If most of your suspicious orders are coming from one country, configuring an Order Rule to flag all orders from this country will give you the chance to review these orders and take action as needed. Depending on the criteria and severity of the threat, you may choose for the Order Rule to cancel these orders outright, verify a customer’s identity, or simply flag them for further review.

You can also add more Order Rules and sub-rules to your automation process for additional scrutiny: maybe instead of canceling all orders from a certain country, your Order Rule will only cancel orders from this country if they exceed a predetermined price threshold and have a low EQ8 Score.

If you have questions about the process of finding your risk factors or creating customized order rules, our Client Success team is happy to help. Email for a personalized review of your store’s data.

About the author
Alexa Kreizinger

Alexa works tirelessly to document NS8's products for users and developers. When she isn’t busy writing technical documentation, Alexa spends her time reading, playing video games, and jamming out to 80s new wave.

More From NS8
7 order rules you should be using

Order rules allow you to automate all or part of your fraud prevention strategy. While some will be specific to your industry and risk factors, here are seven order rules any company can use.