Protecting Your Business Using Fraud Protection — ShopFactory Total Care

As a ShopFactory Total Care user, you have access to a very important online Fraud Protection Service automatically. Fraud Protection is a security protocol build into your Total Care account which notifies you when a potential fraudulent order has taken place on your website or an order has been placed with a higher level of risk than you may be willing or able to accept without doing some further security checks.

As a ShopFactory Total Care user, you have access to a very important online Fraud Protection Service automatically. Fraud Protection is a security protocol build into your Total Care account which notifies you when a potential fraudulent order has taken place on your website or an order has been placed with a higher level of risk than you may be willing or able to accept without doing some further security checks.

A risk notification will appear In your order notification email copy and in your Total Care account when you login to view your orders (Powered By Santu — after 30th Sept. 2013).

In your Fraud Protection service, you can enable certain "triggers" and or certain combination of "triggers" to notify you when a potential fraudulent order takes place at your discretion and depending on your risk profile as required. This service does not guarantee that there is no risk of fraud but allows you to minimize the risk depending on your initial settings and continuous monitoring and updating of the setting relevant to your business and depending on changing risk profile and threats.


The way this works is:

1. You assign a total risk indicator (RI score) to trigger your risk action depending on your risk profile (a higher level of risk is accepted with higher RI trigger settings).


2. You assign your risk indicator action for when the combined total risk indicator (RI) scores on an order equals or exceeds the risk indicator trigger from following actions :

  • an order can be held for manual review - BEFORE processing payment.
  • an order can be held for manual review - AFTER processing payment.


3. You assign the importance and severity of the various security checks and markers depending on your risk profile by assigning a level of risk ( the higher the risk indicator level, the higher the potential for fraud) for each one of the following:

  • Location - Customer does not appear to be in the country he/she claim to be in.
  • Cloaking - Customer is trying to hide his/her internet address by cloaking his/her IP address.
  • Free email account - Customer is using a free email account such as Hotmail, making it potentially impossible to trace him/her. Some people do this routinely to avoid spam.
  • High Risk countries - Order stems from a country with a higher than normal rate of fraudulent orders.
  • Credit card country of origin - Credit card was issued in a country other than the location of the customer (only MasterCard and Visa).
  • Name on credit card - The name on the credit card differs from the customer name.
  • Delivery address - The delivery address is different from the customer address.
  • Approved countries - Limit the countries from which you are willing to accept orders.


4. You can review and check any order which triggered the risk action more closely with all the details displayed in your Total Care account.

The other benefit is regular low risk orders are still handled automatically (as normal) if you are using automated payment processing so you can focus on other daily tasks. This service streamlines your fraud risk review process when the need arises. Regular low risk orders still pass through as usual so you can reduce your workload on reviewing orders.

Here is a sample set-up for fraud protection:

The following sample is only here as a guide to help better understand the various risk Indicators. The settings below do not guarantee to prevent all fraud. But, it will help to minimize the risk considerably for most businesses. The sample below is not suitable for all businesses and risk profiles. All the settings should be reviewed and adjusted for each individual business and depending on their own risk profile and requirements on a regular basis.

 

1.) Setting the Risk Indicator Trigger to 6 to allow the combination of a number of risk indicators to trigger the required action but to let some of the less critical indicators to pass when not in combination with other risk indicators.

2.) Setting the risk indicator action to “Review order manually BEFORE processing payment” to avoid potentially unnecessary processing fees and having to deal with the consequences of a fraudulent payment.  However, this will mean that payment has to be processed later once you have verified that the order is not fraudulent.

3. Setting following Risk indicator levels (the higher the risk indicator level, the higher the potential for fraud) for each one of the following:

  • Location - 4 medium risk / 6 high risk -  set to 4 in the event that the Customer is expected to place an order while travelling or on holidays outside of their home country but otherwise it should be set to 6.
  • Cloaking - 6 high risk - anybody cloaking is hiding something.
  • Free email account - 2 low risk - but in combination with another indicator can be a deciding factor.
  • High Risk countries  - 4 medium risk / 6 high risk - depends if your business is accepting orders from these countries , you decide which countries you consider high risk and what you want to do with orders from these countries.
  • Credit card country of origin - 1 low risk / 4 medium risk -  but in combination with another indicator can be a deciding factor, set higher if no orders accepted outside own country.
  • Name on credit card - 3 medium risk -  but in combination with another indicator can be a deciding factor - note : even smallest differences to customer name will be picked up.
  • Delivery address - 2 low risk - but in combination with another indicator can be a deciding factor.
  • Approved countries - Limit the countries from which you are willing to accept orders.