Preventing & Dealing With Fraud
One of the toughest things we've had to do in recent months, is come up with a strategy to help stores prevent fraud, when using our Stripe integration. Why we're doing this, and not Stripe, will become clearer as the post goes on.
CVC Verification
The first, and simplest thing we do, is ask your customers to put the CVC code in when checking out. Stripe takes that code and matches it up with the credit card number. If the CVC check fails, Stripe should decline the purchase. The issue is they don't decline it by default. You, as the account holder, need to check the box in your dashboard to make sure this happens. To make sure you decline any card where the CC number doesn't match the CVC, go into your Stripe account, click your name in the top right hand corner, click Account Settings, then in general, scroll down to where you see "Decline: Charges that fail CVC verification". It's extremely unfortunate that this isn't on by default. It seems completely and totally logical to us that it should be on, but for some reason, Stripe doesn't think so, and we've asked them on multiple occasions. Update: Good news, everyone! For new Stripe customers, the default setting for this has now been reversed and will decline on a failed CVC. However, if you're already using Stripe, you should double check your settings there to ensure this is enabled.
Zip Code Verification
The next thing we've done, is add a zip code verification to the checkout. The billing zip or postal code associated with the card your customer is trying to use, must be entered, and verified. If it doesn't match the card, it gets declined. But again, this doesn't happen by default. So if you'd like the card to be declined if the billing zip code is wrong, check the box in your Stripe dashboard. If you don't want it to decline, leave it unchecked. Either way we're still asking for it on checkout.
Order Flagging Rules
While this isn't really preventative, since it's taking place after the purchase has already happened, we have a flow going here, and we don't want to screw that up. So, the last thing we'd like to tell you about is Flagging Rules.
With Flagging Rules, you can specify a multitude of rules by clicking the gear icon on the top left of your Sales area and then clicking "Manage Flagging Rules". When a new order breaks one of those rules, it will get highlighted red in your sales dashboard. Now, once again, this won't prevent an order, it will just alert you to an order that broke your rule, and allow you to research it. Then if you choose to refund them prior to fulfilling it, you can do that from your Stripe or PayPal dashboards.
Obviously this Flagging Rules feature can be used for other things, beyond fraud detection, but this is it's main responsibility, and focus. Maybe in the future we'll add other rules that will make it even more useful for different tasks, but for now, this is it's only purpose.
As always, if you have any questions, please feel free to contact us.