Alexa Kreizinger

What to look for when reviewing an order for potential fraud

Our Order Review page provides a comprehensive overview of each order. Learn how to interpret the data on this page and incorporate it into your manual review.

As any online retailer knows, ecommerce fraud comes in many forms. Although there’s no one-size-fits-all approach to fighting the various types of fraud, knowledge is your best defense against hackers, fraudsters, or other bad actors. Remaining vigilant helps you stay ahead of the game and prevent fraud before it happens.

We compile all the information about an order in one convenient location, arming you with the necessary knowledge to spot suspicious users. Depending on the order rules you have in place, you might have already configured NS8 to approve or cancel orders automatically through our fraud prevention workflows. But when certain orders require human oversight, you can review additional data points on the Order Review page to help guide manual decision making.

Some of this data, like an order’s score and risk level, lets you assess orders at a glance. This is a great place to start, but some edge cases will require more comprehensive analysis. The Order Review page provides a detailed overview of the many factors that contributed to an order’s score, giving you the necessary information to make an educated decision and prevent fraud with confidence.

We divided the Order Review page into sections that group similar types of data points together. These sections can help you find information quickly, but if you’re still unsure of what to look for when reviewing an order, we’ve compiled a simple guide. Keep reading to learn some of the different pieces of data to look for and how to interpret them.

Payment and order data

One of the key things to examine when reviewing an order is information about the order itself, including its price, time placed, and payment data. While these factors alone may not necessarily guarantee the presence of fraud, they can be a strong indicator of suspicious activity.

One of the most prominent indicators of fraud is an order’s price. Although an expensive order may be exciting at first, be careful that it isn’t too good to be true. Large orders are not inherently suspicious, especially if your store tends to attract big spenders, but a sudden influx of unusually high-value orders may be cause for concern. Fraudsters may place large orders with the intention of later filing a chargeback or committing credit card fraud using stolen credentials. When you review an order’s price, take note of the specific items that a customer ordered, especially if your products have a high resale value. A customer who purchases 10 expensive cell phones may be planning to resell those devices to a third party.

While not as obvious as price, the time that a user placed an order can also shed light on its risk of fraud. Ecommerce lends itself well to late-night shopping, so orders placed at 2:43 a.m. may just mean that your customer base includes a night owl or two. But when examined in combination with other factors, including price and location, orders placed at odd times may increase the chances of fraud. For example, if you receive a spike in orders during a time when most of your customers are asleep, you may be receiving invalid traffic from bots who place orders as part of a retargeting fraud scheme. A single order placed in the middle of the night may not warrant suspicion, but if you receive a dozen expensive orders between 4 a.m. and 4:10 a.m., they may be a sign of fraud.

Payment data can be a telltale indicator of fraud. For security purposes, we do not show your customers’ full credit card numbers, but the Order Review page does analyze the risk factors surrounding each transaction. One of these risk factors is the number of payment attempts for an individual order. It’s not unusual for customers to accidentally mistype their credit card number while placing an order, but a customer who attempts to enter five or six different sets of payment info is highly suspicious and likely using stolen credit card data. In addition to the number of payment attempts, the Order Review page will list any other applicable payment risk factors that we detect.

Customer and location data

Another source of valuable data is information about the customer who placed the order and their location at the time of purchase. This gives you some insight into the person behind the order, not just the details about the order itself. With this extra information, you can form a more complete picture of an order’s fraud potential.

Some of this information, like a customer’s name and email address, is extremely simple yet is a key indicator of fraud. Email addresses from untrustworthy or unusual domains can be a sign of fraud in the making, especially if the customer is using an email address from a service that generates disposable email addresses for temporary use. The Ekata Identity Check extension will make a note of customers who are using email addresses from these domains. Fraudsters often use temporary, untraceable emails to cover their tracks and avoid getting caught. A customer’s name is unlikely to raise quite as many red flags, but you may recognize the names of notable repeat buyers or scammers who have taken advantage of you in the past. If a customer is using an obvious pseudonym to hide their identity, like the name of a cartoon character or famous actor, they might be trying to hide other things from you too.

The Order Review page also displays the previous five orders from returning customers if they used the same credentials across multiple transactions. You can view the score and order data from past purchases, which helps you make informed decisions about any new purchases. While a history of legitimate orders does lower the risk that a new order could be fraudulent, you shouldn’t let your guard down completely: A hacker could have gained access to a legitimate customer’s credentials in an attempt to commit account takeover fraud. Be sure to examine the factors discussed in this article and remain on the lookout for red flags, even for your returning customers.

Location data is an excellent source of information when you’re trying to determine your customers’ intentions. A discrepancy between a customer’s billing and shipping addresses may be a cause for concern, although there are legitimate reasons for a mismatch. For example, a customer might be shipping an item to a friend, or temporarily living in a new location that’s not associated with their credit card’s billing address. However, if the shipping and billing addresses are extremely far apart, it’s worth investigating further or sending a customer verification request for the order. Additionally, if a customer’s shipping address is in an area that you do not typically service, like a country where you cannot legally sell or ship your products, this is a major red flag and could be grounds for cancellation.

In addition to the billing and shipping addresses associated with the order, we also track the customer’s device location at the time of the transaction, then compare it to their shipping and billing addresses. A shipping and billing discrepancy might be less concerning if the customer’s device location is the same as or close to the shipping address. Though there is still always the potential for fraud, the customer is at least where they claim to be. But if a customer’s location is wildly different than their shipping or billing address, they may be operating under dishonest circumstances. This is especially true if the customer’s device is in a colocation facility or data center that’s not accessible to humans. Bots are usually behind these orders, and we’ll flag them accordingly since bot orders are almost always fraudulent.

Our Ekata Identity Check extension can also help you verify whether a customer’s name, email address, and billing and shipping addresses are legitimate. By incorporating this supplemental score into your order analysis, you can make more informed decisions based on the trustworthiness of the customer who placed the order.

Device and behavioral data

After reviewing information about an order and who placed it, you should examine exactly how the customer placed their order. Our behavioral analytics make it easy to determine whether a customer exhibited suspicious behavior when they placed their order or used a suspicious device to do so.

Tracing a customer’s navigational history through your website is a simple yet effective way to search for red flags. Most shoppers spend at least a few minutes on your storefront browsing, reviewing different products, and reading product descriptions before they place an order. If a user immediately navigates to a specific item and instantly checks out, this may be a cause for alarm. Similarly, if a user visits several pages in an impossibly fast time frame, it’s likely that they are a bot, and their order is almost certainly fraudulent. This is doubly true if an advertising campaign referred a bot to a product page, since the bot may be making fraudulent purchases as part of a retargeting scheme.

Information about a customer’s device can also shed light on their intentions. If we detect that a customer is artificially manipulating their browser’s user agent to falsely pose as a different device type, we’ll show you a warning on the Order Review page. Most customers will not spoof their device type, especially for something as simple as an online purchase, and this is a significant indicator of fraud. Similarly, if a customer is using tools to hide their identity altogether, we will also warn you of this behavior. Although there are legitimate reasons to use identity-masking services like VPNs or Tor Browser, these tools are also commonly used by fraudsters which makes them reasonably suspicious. If a customer is browsing from a mobile device, we’ll look for a certain amount of natural movement from the user’s gyroscopic data. Since human beings exhibit slight movements whenever they use or hold a mobile device, a device that stays perfectly still is suspicious and can be indicative of bot behavior or mobile click farms.

Prevent ecommerce fraud by staying informed

There are a lot of factors to consider when reviewing an order, which is why we’ve built the Order Review page to be as intuitive as possible. Though it never hurts to spend time looking for these factors when you review an order, we also take care to note specific red flags whenever possible, which makes it easier to spot vital information at a glance. And if you’re still not sure whether to approve the order, our comprehensive score can give you an overall impression of an order’s fraud risk.

Staying informed and vigilant is your best defense when preventing ecommerce fraud. Unfortunately, fraudsters also do their best to stay ahead of the curve, which means an order’s legitimacy is not always clear. Using a fraud tool like NS8 can help you make informed decisions with as much information as possible. By learning more about your clientele, examining the outcomes of past orders, and considering your industry-specific risk thresholds, you’ll grow more and more knowledgeable about how to proceed with future orders.

Not already an NS8 user, but want to learn more? Schedule a demo.

About the author
Alexa Kreizinger

Alexa works tirelessly to document NS8's products for users and developers. When she isn’t busy writing technical documentation, Alexa spends her time reading, playing video games, and jamming out to 80s new wave.

More From NS8
Why not block ad bots?

Some ad fraud tools focus on blocking bots, but there are several reasons why NS8 does not. We explain our reasoning behind this choice.