The IP Blocking feature is intended to aid merchants in blocking fraudulent orders due to carding, the practice of testing stolen or generated credit card numbers in checkout. Fraudsters can set up scripts to automatically run through your checkout process until an order is accepted. Often times this allows fraudsters to determine if the credit card information is valid. Once fraudsters have valid information they may place orders on your store and others.

Because of the automated nature of these orders, there are patterns that you can detect. You should be on the lookout for multiple orders from the same IP address with the following characteristics:

• short period of time
• large dollar value items with easy resale qualities such as electronics
• unusually large number of items per order
• originating from high-risk countries; certain countries have a higher than average incidence of fraudulent transactions. You can search the Internet for IP geolocation if you are interested in proactively blocking IP addresses based on country of origin.
• shipping and billing address in one country but IP address located in a different country.

Below are some general warning signs of a fraudulent order. These warning signs aren't the only factors to consider when reviewing an order. No single one of these warning signs is a sure indication that an order is fraudulent. Likewise, there is no guarantee that if an order has none of these factors, that it's a legitimate order. These factors are provided to help merchants identify high risk transactions and when to do a little extra research on verification before completing the transaction.

You can use Risk Tools to apply AVS and CVV Rules which can provide an extra level of information to merchants in deciding to accept, reject, or flag the transaction for follow up with the cardholder or issuing bank.

• Suspect ship address - If the same shipping address appears for multiple orders with different credit cards, the order may be fraudulent.
• Untraceable email address - In many fraudulent orders, the customer's email address is often at one of the free email services, which are relatively untraceable. Email the customer and ask for an alternate email address that is not from a free email provider.
• Expensive items - Be wary of big orders, especially for expensive brand-name items.
• Multiple items - It can be a bad sign, for example, if someone orders three watches or three Walkman Personal Stereos at once, especially where the items have a high resale value.
• Express shipping - Most fraudulent orders specify overnight or one-day shipping. Fraudsters are counting on you rushing to fill the order rather than take the time to carefully review the order.
• Shipping address differs from billing address - If you are selling valuable items, it can be a good policy only to ship to the billing address of the card.
• Suspicious billing address - If the billing address is 123 Main St., New York, the order is probably fraudulent. You can use Google Maps or another location tool to see if the address can be verified.
• Freight forward service - Fraudsters will often use freight forwarding services to deliver fraudulent ordered goods to a U.S. address that will then be reshipped to an international destination. (Solution: Use a shipping carrier that does not allow delivery to a freight forward address or check the delivery address).
• New site - Newly opened sites are more often targeted, perhaps in the belief that the merchants will be inexperienced.
• Leave at the door - If someone placing a very valuable order says just to leave it at the door, it could be a sign that a fraudster is using some unwitting person's house as a drop-off point. (Solution: require a signature.)

On their own, any one of these warning signs do not necessarily mean that an order is fraudulent. However, if an order has multiple warning signs, you should investigate the order carefully. As a general rule, you should never ship a valuable order unless it checks out. And be aware that getting a valid authorization is no guarantee that the order is legitimate.

Note: Turbify provides the IP address blocking feature as is and without warranty of any kind to Merchant Solutions and Store v.1 merchants to be used at the merchants' discretion. Merchants should carefully review the Reverse DNS Lookup information provided before blocking any IP address, as IP addresses may be dynamically assigned to users by certain Internet Service Providers possibly blocking legitimate buyers and not ensuring the fraudster is blocked from ordering. Also, as IP addresses may be falsified, merchants are advised to use AVS and CVV responses to determine which orders to approve, reject, or follow up with the issuing bank.

See Also:

• IP blocking overview
• Block an individual IP address
• Block a range of IP addresses
• Remove an IP address from the Block List
• What is an IP address?
• What is CIDR?
• What will a customer see coming from a blocked IP?
• Can IP addresses be spoofed or falsified?
• Is there a limit to the number of entries in the IP Block List?