UX Lab - Using order rules to help aid fraud protection

Wednesday, 22 June 2022

Online shopping brings with it many great benefits including time & cost savings, a huge choice of products from across the globe, and lots of flexibility with payments. It’s now part of everyday life with people buying more and more things online that they would previously have bought in store. In fact, approximately 17% of all global consumer sales are now carried out online with that figure set to continue rising as more businesses open online.

Unfortunately, however, wherever money and payments move, thieves and fraudsters quickly follow, which means they’re now also online, and as a result online payment fraud is rising too. In fact, it now affects over 80% of businesses, costing them over £100bn since 2018. It’s gaining in popularity too. Fraudsters don’t need physical cards, just the card details, to carry out their crimes and they’re also harder to trace and verify when not paying in person. They’re also able to target multiple victims at the same time. You can see what makes it so attractive to them.

In order to help combat fraud the PSD2 (Payment Services Directive second revision) has been introduced. This helps protect shoppers online by ensuring all Payment Service Providers (PSPs) are responsible for Secure Customer Authentication (SCA), which is applied to ALL customer-initiated electronic payments including proximity, remote and m-payments within the European Economic Area (EEA). The directive aims to improve security around online payments in an effort to reduce fraud by requiring the payer to be authenticated using at least two factors such as password, pin or signature, combined with a key generation device (mobile phone, card reader etc…) or biometric scan (e.g. fingerprint, retina, or facial scan). It's great that payment providers are increasing measures to combat fraud and those should be absolutely vital to your business.


Order Rules

Whilst your payment provider offers these measures to help you with fraud protection, it never hurts to be extra vigilant. With that in mind, tradeit features a number of order rules which have been designed to help you review certain orders and double check if they are legitimate before being processed.

When orders are placed they are normally sent to the warehouse to be picked and packed but before that happens, you may wish to review specific orders to check they are legitimate. This can be achieved through the implementation of order rules, giving you an extra level of protection, and helping alert you to suspicious and unusual ordering activity.


Configuring Order Rules

Order rules are extremely flexible and can easily be configured, added, or removed in tradeit's administration system. If order rules are implemented, each order is reviewed against each order rule set up, and if the conditions of any order rule are met then that order is flagged for review. It can then be manually checked by a member of staff before deciding whether to accept or reject it. There are a number of different, standard conditions that can be set up - shown below.

Condition Configurable
Is customer's first order? No
Is not customer's first order? No
AVS (Address Verification Service) response is matched No
AVS (Address Verification Service) response is not matched No
Delivery address and payment address are the same No
Delivery address and payment address are not the same No
Delivery address postcode and payment address postcode are the same No
Delivery address postcode and payment address postcode are not the same No
Delivery address Is not the customer's default delivery address No
Order contains at least one item with an overridden unit price
i
With the necessary permissions applied, administrators can override list prices at the basket for specific customers so they can check out with different pricing. This is often used in B2B ecommerce for closing deals on the spot. These orders can be flagged to ensure that this is being applied correctly and not abused.
No
Order contains at least one unauthorised product No

Alongside these more standard conditions there are also some that can be configured for more specific or enhanced requirements. These can be configured with up to nine operators: is equal to, is not equal to, is greater than, is less than, starts with, does not start with, is empty, is not empty, and in list.

Some of these will also require values, such as period of time, and currencies to be applied, helping cover a huge number of variables and allow for almost any scenario.

Condition Configurable Operators Notes
Total number of orders Yes Is equal to
Is not equal to
Is greater than
Is less than
Specify value and rule period
Payment address postcode Yes Is equal to
Is not equal to
Starts with
Does not start with
Is empty
Is not empty
Specify value
Delivery address postcode Yes Is Equal to
Is not equal to
Starts with
Does not start with
Is empty
Is not empty
Specify value
Total order value Yes Is Equal to
Is not equal to
Is greater than
Is less than
Specify value and rule currency
Total quantity order of the same SKU Yes Is greater than
Is less than
Specify value
Attribute value Yes Is Equal to
Is not equal to
Starts with
Does not start with
Is empty
Is not empty
Specify the company attribute or order attribute that will be evaluated and the value
Order contains at least one of the selected products Yes In List Specify one or more products
Order contains at least one product in selected product groups Yes In List Specify one or more product groups

How they work in practice

So, for example, a configurable condition could be implemented for 'Total number of orders', which looks at the number of orders a user places in a specified time period. That requires an operator, a value, and a rule period applied to it in order to work. Let's say you wanted to flag any more than 5 orders within a day, you would need to include:

  • Total number of orders as the condition
  • Is greater than as the operator
  • 5 as the value
  • 1 Day as the rules period

Or, in another example a configurable condition could be implemented for 'Total order value', but would require an operator, a value and a currency applied to it in order to work. Let's say you wanted to flag all orders of £1000 or more, you would need to include:

  • Total order value as the condition
  • Is greater than as the operator
  • 1000 as the value
  • £ as the currency

You can also add multiple conditions to a rule, so could flag orders over £1000 if they came from a certain postcode, or were a customer's first order, rather than just any order over £1000. One thing to note however is, if you wish to flag orders for review which are greater than £1000 or greater than €1000 then this would require you to setup two separate order rules as they can't both be conditions of the same rules. One order rule is needed to flag orders over £1000 and one order rule is needed to flag orders over €1000. The reason for this is the rule currency can only be set to a single currency per order rule.

Setting up order rules is simple but provides you with an additional level of protection for your business, helping you to combat online fraud. Speak to us today about configuring order rules on your tradeit installation.

*NOTE: Order Rules are in no way a replacement for a payment provider's fraud prevention measures. They are merely aimed at being an additional screening process for suspect orders rather than the only solution.