Chargebacks and fraud can be expensive, especially when you're just trying to get your store off the ground. I see posts here all the time by new store owners getting their first chargeback(s) and wondering what they can do about it. The TL;DR is once you fulfill a fraudulent order (one with a stolen credit card), you are on the hook and will most likely eventually lose a lot of money – the items, shipping costs, and the revenue from the order plus a chargeback fee. The key is to prevent fraudulent orders in the first place. After more than 20 years in e-commerce, here is our current process for doing that.
What is a Chargeback?
A chargeback is when a customer calls their bank or credit card company and disputes a transaction. They can cite many different reasons but the most common is "I didn't make this purchase" or "someone stole my credit card." Other reasons might be that the item received is significantly different than what was ordered, the item never arrived, or that they returned an item and never received a refund. More information on different types of chargebacks.
Screening Orders for Fraud
There are lots of different "red flags" that can indicate an order is fraudulent, and not all fraudulent orders show up as "high risk" in Shopify. Even if an order shows up as normal, but is fraudulent, you'll almost always lose a chargeback.
Configure Shopify Payments Correctly
If you are using Shopify Payments, you should check the following two boxes to increase your site's security:
- Decline charges that fail AVS postal code verification
This makes sure the zip code on the billing address matches the address the cardholder has on file with their bank or credit card company.
- Decline charges that fail CVV verification
This verifies the 3 or 4-digit security code on the front or back of the card
Here is some information on how to configure Shopify Payments.
Note – if you use PayPal, make sure every order is "Eligible for Seller Protection" and then only ship to the PayPal verified address on the order. Make sure the shipping method is trackable.
If you use a traditional merchant account, you can check with your payment gateway (i.e. AuthorizeNET or GlobalPay) for instructions on how to configure your account. I recommend requiring zip code and street address match on AVS, if possible.
Red Flags to Look For
In addition to the Shopify fraud meter, we also run each order through the MaxMind Fraud Score API and anything that has an exceptionally high score or meets any two of the following criteria gets manually screened for fraud:
- Expedited shipping
- Different billing and shipping address
- Multiple items of different sizes (we sell shoes, so it's rare for someone to order two very different sizes at the same time)
- New customer – never placed an order before
- High Order Value – Over $300 (relative to your AOV – our average order value is around $120)
- Phone number or email that does not work
- Shipping to a UPS Store or Mail Boxes Etc location, freight forwarder, etc
Our Manual Fraud Check Process
If the customer has ordered before with the same billing and shipping address, it is most likely NOT fraudulent. If the customer has ordered before (especially if they have ordered the same size, shipping to the same place), then go ahead and approve the order.
Look at the MaxMind score. If it is below 5%, the order is most likely not fraudulent. If it is high, look at the report details and look for anything out of the ordinary. Distance from address, free email, proxy server are some. Some of the reasons MaxMind marks an order as potential fraud they do not disclose to us, but if an order has an extremely high fraud score (higher than 40%) there is a much higher likelihood that it could be fraudulent.
Look Up Address & Phone
Go to whitepages.com and lookup the address and phone number. Do they match the person on the order? Does the last name at least match? Note: You will probably not get a match on an apartment unit address or mobile phone.
Map the IP Address
Locate the IP address by visiting iplocation.net. IP should be somewhat close (50 miles) from the billing or shipping address. If it is in another country like China or the Philippines, that is a red flag that it could be fraudulent.
Check the Email Address
Many email addresses are not names, but rather nicknames or random phrases, but many are actual names. Does the name on the email address match the name on the order? Or at least the last name (often wives order for their husband).
Call the Customer
Just ask to verify some of the information. Say the order was flagged for review by our fraud department, and you just need to verify some information. Ask them to repeat the billing and shipping address, and have them verify the card issuing bank. DO NOT give them the address and ask “is that it” but rather ask them to give you the address and name they entered on their order. If the phone number does not work or you do not get the customer on the phone, do NOT ship the order until you do. Email the customer asking them to call us to verify some information.
Make a Judgment Call
After doing all of the above checks, you have to make a judgment call. Does it seem like fraud to you?
What to do when you get a chargeback?
Even with a great process in place to prevent fraudulent orders, chargebacks will still happen. The vast majority of disputes we get are from legitimate customers and are not the result of actual fraud. It's typically a customer that's unhappy with our policies.
Here is how the chargeback process works on Shopify. If you're not on Shopify, the process is very similar on other payment processors. Essentially, merchants (store owners) are notified of a chargeback and have a specified amount of time to "respond."
If you don't respond, you will 100% lose the chargeback. If your response is not evidence-based, you will lose the chargeback. Below is the information we include in our chargeback responses.
We include a cover letter that includes a brief description of the order, customer, dates, shipping, and evidence included in the response. This is just a high-level overview of the evidence in the following pages, to make it easy for whoever is revieweing it.
The evidence will be different depending on the type of chargeback. Always include tracking and delivery information, regardless of why a customer is disputing a transaction. We also always include any correspondence we had with the customer, such as phone calls, emails, or chat history.
If a customer states they didn't receive the order, show their shipping address entered at checkout, shipment inormation, screenshot of the tracking page showing it delivered, the "confirmation" of where the package was left, and any correspondence with the customer about the order.
If a customer returns a damaged or used item, and that's against your policies, take photos of the product that was returned.
If a customer claims they didn't make the purchase, show the AVS and CVV match information, as well as Google Maps, WhitePages.com, and other resources showing the cardholder actually does live at the billing/shipping address. Show that the IP address used to place the order matches the city/state of the cardholder.
Include screenshots of any policies publicly displayed on your website that pertain to the dispute. For example, we had a customer file a chargeback because we did not refund them 100% of their order amount after returning a product, but they paid for expedited shipping. Shipping charges are never refundable, and that is clearly stated in our policies on our website. We included a screenshot with the policy in question highlighted.
Keep it Professional and Succinct
Keep your chargeback response professional – only include the facts and evidence. Don't make any assumptions or accusations. Simply provide the evidence, and a lot of it, that makes your case.
We win 99% of the chargebacks we appeal, primarily because we screen orders for true fraud and don't fulfill any orders that look overly suspicious, and we have clear policies and a well-defined process for mitigating any chargebacks that do occur.