Fraud 101

Learn about the payments ecosystem, chargebacks and fraud detection.

How to review an order

Any fraud analyst will be quick to note that fraud detection is as much an art as it is a science. Order review, the most basic facet of an analyst’s role, is often a multistage process, is performed in tandem with tools like machine learning algorithms, and complemented by the analyst’s own intuition, possibly the most powerful tool in their arsenal.

However, as robust as data-driven models may be, there will almost always be a subset of orders where some manual review is necessary. Not all orders fit easily into “good” and “bad” categories, and those that don’t require further research to be correctly classified.

With that in mind, we’ve created a guide to help take fraud and risk analysts through the thought process around reviewing an order. Our goal is to illustrate not only our philosophy around order review, but the right questions to ask yourself as you review an order, and how you should approach making your decision.

1. The fraud analyst’s true objective

Fraud analysts may feel the need to justify their role by approaching order review with the singular goal of finding fraud. This should not be the analyst’s goal.

As fraud analysts, our goal is to approve (and thus, ship) as many orders as possible, in order to maximize revenue.

Inherently, this means that a fraud analyst’s priority should be a focus on shipping out good orders, not on reviewing more orders. While counterintuitive, the reasoning is simple: by focusing on the good orders first, analysts can help their company ship out the good purchases, leaving behind the small fraction of questionable orders for review.

Ultimately, finding fraud is not the end goal – it’s shipping out more orders.

2. What a fraud analyst is looking for

As mentioned above, the analyst’s objective is to approve as many orders as possible.

In order to approve an order, an analyst should be looking for concrete proof that the cardholder and the person making the purchase are the same individual.

Fraud analysts can accomplish this by validating that the cardholder is associated with any combination of the following factors used in placing the order: the email, phone number, billing/shipping address, etc. If any of these do not line up, this could be a sign of a fraudulent order, detering your ability to approve it.

3. Expert tips and tricks

In every industry, there exists some tricks of the trade. Below are tips gleaned from our veteran analysts, and broader analyst community, that they keep in mind when making a decision:

  • Trust your intuition. If an order doesn’t feel right, it usually isn’t.
  • Even experienced fraud analysts periodically experience analysis paralysis, or deep hesitation on pulling the trigger to ship or not ship an order. If this happens, ask a coworker or fellow fraud analyst to give the order a lookover.
  • If there’s a history of chargebacks associated with the email address used to place the order, there’s a good chance the current order is fraud.
  • Create a story for this customer.A story is a possible narrative for the transaction. It helps to imagine yourself as the customer when building the narrative and to ask yourself: would I or anyone that I know make a purchase that resembles this order? Is there a story where the elements of this order make sense? Does the item being purchased make sense in the context of what you can glean from their social profiles and the order information? If the answer is no, then the order could be fraudulent.
  • The age of the email address is a useful indicator, both on the good and bad ends of the spectrum, but a better use of the email is for validation of the story. Use the social profiles associated with the email address to see if you can find that customer X is indeed living in city Y and would actually purchase product Z.
4. Connect the dots on the order data

When investigating orders, fraud analysts have to take order information and find ways to connect the information together to paint a portrait of the customer and the order.

Consider the following information received on an order. Listed below are the data fields most commonly reviewed by fraud analysts:

Cardholder information:

Cardholder Name: Mark Bahl
Billing Address: 598 Woodscape Way, Mountain View, CA, 94040
Delivery Address: 340 Alverado Ave, Davis, CA 95616
Recipient Information: Evan Charmley
Phone Number: (650) 555 -5555
Email Address: Evan@gmail.com
IP Address: Davis, CA
CVV/AVS:Both are a match

Considering the information above, remember that your goal is to validate that the cardholder and the person placing and receiving the order, are the same person. Here’s what you should be asking yourself:

Key questions:

  • Does the cardholder name have a connection to any of the other order details, such as email, phone number or billing/delivery address?
  • Can you access social media accounts tied to the email address, and do they relate to the cardholder or delivery address?
  • Is the email old and tied to social media accounts and organizations, or is it newly generated?
  • Is the phone number a disposable VoIP line, or is it tied to the geographic region and the cardholder?
  • Are they using a hosting service or a proxy IP? Is the IP address associated to a school or business where the cardholder is also associated?
  • Is the IP address originating from within the geographic area as the billing address, or is there a large distance between the two?
  • Have there been past fraudulent orders from the email address, phone number, billing or shipping address, or IP address (if same name or shipping address are being used)?

Once the questions above have been considered, it’s time to delve into the actual order itself.

Order information:

(As a quick background, traditionally, some items are more susceptible to fraud than others. The most prominent categories include:

  • Electronics
  • Jewelry
  • Sunglasses
  • Sneakers
  • Perfume
  • Trendy items (like hoverboards)
  • Designer clothing

Also, keep in mind that there is often fraud on items where there’s a strong secondary market, like brand name pet food. Though this sounds counterintuitive, think about it like this: if Bob buys Brand X pet food once a week, every week, Bob is very aware of the exact cost of that purchase. Thus, if Bob can buy Brand X for less elsewhere, he’s interested. There tends to be a strong secondary market for things like diapers, baby formula, pet food etc.)

All in all, ask yourself this when looking at the order information:

  • Is this order a typical order of the majority of your orders? Does it contain a higher than average amount or size?
  • If this order does not look like a regular order, are the items selected easily resellable? Is there a secondary market for the selected items?
5. Tie the information together and make a decision

It’s time to pull the trigger and make a decision. Ultimately, rely on the story that the order gives, and use intuition to examine whether or not that story makes sense.

Remember, a fraud analyst will never have the full story for each transaction, but one should be able to collect enough information to be reasonably confident in approval or enough doubt for a decline. Again, the more information that can tie the cardholder to the person making the purchase, the better.

6. Final words of advice

Though an analyst’s objective is to approve as many orders as possible, beware of making up reasons as to why a possibly risky order should be approved, simply because you want to ship it.

Ultimately, trust your intuition. If order data is missing, if your gut tells you the order is off or if the story of the order makes no sense, cancel the order. If you or anyone you know would create an order like the order you are reviewing, it’s reasonable to accept it. (Depending, of course, on the order amount.)

Use all the data and tools at your disposal, but don’t ignore your instincts. The combination of human intuition and machine learning algorithms are the best offense against fraud.