The 8 common e-commerce scams to avoid.

Apr 10 2018 | Alice Wong, Small business - North Americas, PayPal

Criminals are persistent, but you can avoid falling for scams by taking some proactive steps and knowing what to watch out for. Be aware of these most common e-commerce scams:
Criminals are persistent, but you can avoid falling for scams by taking some proactive steps and knowing what to watch out for. Be aware of these most common e-commerce scams:

1. Shipping service scam.
The buyer asks you to use a specific shipping service. They may claim they can get a discount, or that they have a preferred vendor that is more reliable. In reality, they can easily contact the shipping company and reroute the order to another address.

How to avoid a shipping service scam: Use only your shipping account, review the order for other fraudulent red flags, and ship to the address on the Transaction Details page in your PayPal Business account.

2. Prepaid label scam.
The buyer asks you to use a pre-paid shipping label provided by them, but the shipping labels could’ve been purchased with a stolen credit card. Or, they may be attempting to send the package to another country, PO Box, or untraceable location.

How to avoid a prepaid label scam: Don’t accept shipping labels and only ship to the address on the Transaction Details page. This also helps ensure that you remain covered under the PayPal Seller Protection policy on eligible transactions.

3. Package rerouting scam.
The buyer provides an incorrect or fake shipping address and, when the package cannot be delivered, contacts the shipping company directly to reroute the package to a new location. Then, they file a complaint saying they never received the package and because it was rerouted, and the seller can’t prove the item was delivered.

How to avoid a package rerouting scam: Work with your shipping company to block buyers from rerouting, and also validate a buyer’s address before shipping.

4. Overpayment scam.
A customer attempts to overpay for an item or an order and asks you to wire them the difference. They may be using a stolen credit card or account to pay you, and if the legitimate account holder reports unauthorized activity, that money can be withdrawn from your account.

How to avoid an overpayment scam: Never wire money to someone you don’t know and if a customer overpays, consider canceling the order, as it’s likely to be fraudulent.

5. Employment scam.
This happens when someone contacts you to be their employee or partner. They ask you to sell products on eBay or a website, pay their supplier, and update your PayPal account address to their address. They can then conduct fraudulent transactions and you may be liable.

How to avoid an employment scam: Never list someone else’s address and never send money to someone you don’t know. You should also verify all of your suppliers.

6. Employee theft from a PayPal account.
In some cases, you might give your employees access to your PayPal Business account so they can do their job. Unfortunately, this opens you up to fraud risk. An employee might transfer money to their account, their friend's accounts, or to an offshore account. When you ask where the money went, they may tell you it was for a customer refund, used to pay a supplier or used for payroll.

How to avoid an employee theft scam:
  • Always conduct background checks on potential employees and review current employees’ account activity on your PayPal Business account regularly.
  • If you need an employee to manage your finances, make sure no one person has control over your account. When it comes to your finances, you should have checks and balances in place.
  • Only give employees access to the information they need to do their job.
    • Use PayPal's manage users functionality to set up employee privileges.
    • You can decide how much access to give each of your employees.

7. Return policy abuse.
You sold something and the buyer files a complaint with PayPal stating the product was damaged, you sent the wrong order, or the product was broken. When this happens, PayPal will ask the buyer to send the product back to you. The buyer may be telling the truth — packages get damaged in shipment from time to time. But if you notice that an item the buyer said was broken is in perfect condition or the buyer used the item before sending it back, they might be trying to take advantage of you. Maybe they found it for less somewhere else or they’re trying to avoid your return policy.

How to avoid return abuse:
  • Always pack items securely to prevent damage.
  • Communicate with your customers. Inform them of any flaws up front and provide product pictures so customers know exactly what they're buying. If you’re selling a technical product, send installation instructions so the buyer can use the product.
  • Provide a customer-friendly return policy so the buyer doesn't feel like they need to make up a reason for returning the order.
  • If you sold something on eBay and feel your buyer is misusing the returns process, report it. If you sold something on your own website and feel the buyer is misusing the return process, you can appeal your claim by contacting your payments company.
  • Create a list of customers you don't want to do business with again. The list should include information such as name, address, email and phone.
    • If you have your own website, the list could also include IP addresses, computer or device IDs and credit card information.
    • Monitor new orders against your negative list.
    • If you're a smaller business, you can create a negative list using Excel or a Macro.
    • If you're a larger business, you can use a third-party rules system or develop your own in-house solution.

8. Affiliate scams.
If you use affiliate marketers to help increase your sales, there are some additional things to be aware of. As a refresher, here’s how it works:
  • Affiliate marketers are paid based on their performance.
  • Each time the affiliate refers a customer to your website, and it results in a sale for your business, the affiliate gets a commission.
  • You may notice that one affiliate is generating higher sales than your other affiliates.
Fraudulent affiliates take advantage of your revenue-share program by placing orders using stolen credit cards, then:
  • Since you didn't realize the orders were fraudulent, you paid the affiliate.
  • Months later you realize the affiliate was a fraudster because your customers filed complaints that their credit or debit cards were stolen.
  • As a result of this scam, you may incur losses like affiliate fees, cost of your product, shipping fees, transaction fees, chargeback fees, and your time.

How to avoid affiliate scams:
  • If you offer an affiliate program, make sure you know who your partners are.
  • If you're partnering with a third party that refers affiliates, understand how the third party verifies and approves their affiliates.
  • Pay affiliates 60 or 90 days after the order date so that if there is a chargeback or customer complaint, you notice it before the affiliate has gotten away with that money.
  • Watch for spikes in sales on products that come with higher affiliate payouts.
You can also access additional information about fraud and online security by reviewing our FAQs at the bottom of this page.

 
The contents of this site are provided for informational purposes only. You should always obtain independent, professional accounting, financial, and legal advice before making any business decision.

Frequently asked questions.

When you are fully approved for PayPal powered by Braintree you are provided with a basic set of fraud filters to help combat fraud on your account. PayPal and other fraud management vendors can provide more filters to help you take control of your business.

Here's how to enable fraud filters on your PayPal powered by Braintree Control Panel.
  1. Log in to your Control Panel.
  2. Click on Settings.
  3. Select Processing.
  4. Edit AVS and CVV under basic credit card fraud filters.

AVS
Postal Code does not match (when provided) (N)
Postal Code not provided (I)

Note that AVS rules only check the numeric values of an address. We generally don't recommend enabling Street Address Verification. For example if a customer lives at 12345 6th street, depending on how they enter the information it could confuse the system and cause false rejections.

CVV
CVV does not match (when provided) (N)
CVV not provided (I)

For more information on preventing fraud please see click below to download the "Fraud Prevention Checklist"
Download the Fraud Prevention Checklist (185Kb)

If you have more questions, please contact us at PPpbBTMerchantSupport@paypal.com.
Fraud tools are used throughout the industry to help fight fraud. The fraud tools listed below are available through PayPal and other fraud management vendors.


Address Verification Service (AVS)
  • Use AVS to verify the billing address matches the one that the card issuer has on file. AVS compares the street number and ZIP code entered by the customer with information maintained by the card issuer.
  • How to set up AVS fraud filter through PayPal
  • Maximum Transaction Amount filters the total amount of the transaction (including tax, shipping, and handling fees). Transactions that exceed the maximum amount trigger this filter.
  • Unconfirmed Address filters payments when we have not confirmed the customer’s shipping address and the transaction is more than an amount you specify.
  • Country Monitor filters payments from countries that you believe pose an increased risk of fraud. This filter screens the customer's IP address, billing address, and shipping address for matches with your list of high-risk countries.
     
Here's how to set up your basic Fraud Management Filters.
  1. Click Tools.
  2. Click All Tools.
  3. Scroll down and click PayPal Fraud filters.
  4. Enable desired filters.
  5. Click Save.
Card Security Code (CSC)
  • Ask customers for their CSC. This is the 3 or 4 digit number located on the card that helps confirm they have the card with them. The CSC filter compares the number provided by the customer against the number on file with the issuer. A valid CSC helps verify that your customer has a physical card with them when they place an order. An invalid code could be the result of a customer's typographical error or it could indicate that a fraudster did not have the card with them.
  • How to set up CSC fraud filter through PayPal
  1. Click Tools.
  2. Click All Tools.
  3. Scroll down and click PayPal Fraud filters.
  4. Enable desired filters.
  5. Click Save.

Lookup the card BIN
  • The first 6 numbers listed on a card is called a Bank Identification Number (BIN). It gives you details about the financial institution that issued the card or card issuer. Use a BIN check service to find out where the card was issued. Be cautious if the billing address country and the card issuer country don’t match.
  • BIN checks are available at www.bin2country.com can be purchased through fraud management companies.

Use IP geolocation tools
  • IP geolocation is a good way to pinpoint the geographic location of the computers used for transactions, including the city, state and country. To be proactive about a potential fraudulent transaction, you can check the geolocation details against the billing and shipping address country your customer provided. If the geolocation information doesn’t match, it could be fraud.
  • You can also use IP geolocation to look for anonymous proxies (a tool that attempts to make online activity untraceable). Orders that originate from anonymous proxies are more suspicious because fraudsters use them to hide their location. However, legitimate customers who value privacy could also use anonymous proxies to protect their information, so this might not always indicate fraud.
  • What can I do if the IP geolocation information does not match the billing or shipping address?
    • Resolve the discrepancy by contacting the customer or by following step 3 below.

Device Identification
  • Device Identification tools can be used to help identify the computer or phone that placed the order. Each computer or phone has unique characteristics.
  • Device identification can determine if a buyer is repeatedly visiting your site using different information (names, addresses, IPs, credit cards, computer browsers, etc.) to mask their identity.
  • You can search online for a list of third party vendors providing this service.
Fraud tools are used throughout the industry to help fight fraud. The fraud tools listed below are available through PayPal and other fraud management vendors.

Address Verification Service (AVS)
Use AVS to verify if the billing address matches the one that the card issuer has on file. AVS compares the street number and ZIP code entered by the customer with information maintained by the card issuer.

Here's how to set up AVS fraud filter through PayPal:
  1. Log in to your PayPal account.
  2. Go to the Business Profile icon beside "Log out" and select Profile and settings.
  3. Click My Selling Tools.
  4. Click Update next to "Managing Risk and Fraud" in the "Getting paid and managing my risk" section.
  5. Review your AVS settings and if you find it necessary, edit your settings
Card Security Code (CSC)
Ask customers for their CSC. This is the 3 or 4 digit number located on the card that helps confirm they have the card with them. The CSC filter compares the number provided by the customer against the number on file with the issuer. A valid CSC helps verify that your customer has a physical card with them when they place an order. An invalid code could be the result of a customer's typographical error or it could indicate that a fraudster did not have the card with them.

Here's how to set up CSC fraud filter through PayPal:
  1. Log in to your PayPal account.
  2. Go to the Business Profile icon beside "Log out" and select Profile and settings
  3. Click My Selling Tools.
  4. Click Update next to "Managing Risk and Fraud" in the "Getting paid and managing my risk" section.
  5. Review your CSC settings and if you find it necessary, edit your settings
Lookup the card BIN
The first 6 numbers listed on a card is called a Bank Identification Number (BIN). It gives you details about the financial institution that issued the card or card issuer. Use a BIN check service to find out where the card was issued. Be cautious if the billing address country and the card issuer country don’t match. BIN checks are available at www.bin2country.com can be purchased through fraud management companies.

Use IP geolocation tools
IP geolocation is a great way to pinpoint the geographic location of the computers used for the transaction. These tools can help you locate the area of the computer used during online order including the city, state and country. To be proactive about a potential fraudulent transaction, you can check the geolocation details against the billing and shipping address country your customer provided. If the geolocation information doesn’t match, it could be fraud.

You can also use IP geolocation to look for anonymous proxies (a tool that attempts to make online activity untraceable). Orders that originate from anonymous proxies are more suspicious because fraudsters use them to hide their location. However, legitimate customers who value privacy could also use anonymous proxies to protect their information, so this might not be an example of fraud in all instances.
  • What can I do if the IP geolocation information does not match the billing or shipping address?
    • Resolve the discrepancy.by contacting the customer or by following other steps listed under step 3 below.
Device Identification
Device Identification tools can be used to help identify the computer or phone that placed the order. Each computer or phone has unique characteristics and this tool can determine if a buyer is repeatedly visiting your site using different information (names, addresses, IPs, credit cards, computer browsers, etc.) to mask their identity. You can search online for a list of third party vendors providing this service.

 

It’s extremely important to report any suspected instances of fraud. If you think your account has been compromised change your password and update your security questions right away to protect your account (we may limit what you can do on your account until you do so).

Here are some types of fraudulent activity. Please follow the steps we’ve included below to report them:

  • Unauthorized activity on your PayPal account
  • Unauthorized transactions on your PayPal Debit MasterCard®
  • Fake PayPal emails or spoof websites
  • Items not received or a potential fraudulent seller


Unauthorized activity on your PayPal account

If you've received an email notification that something has been changed on your account, but you don't remember changing it, please change your password and security questions. Next, you can update any changed information, such as your email address, address, phone number, or other profile information.

If you notice a transaction that you didn’t authorize on your PayPal, bank or credit card statement, let us know right away through our Resolution Center. Some charges may appear unfamiliar but are legitimate and authorized, learn more.

  1. Go to the Resolution Center at the bottom of the page.
  2. Click Report a Problem.
  3. Select the transaction you want to dispute, and click Continue.
  4. Select “I want to report unauthorized activity.”
  5. Click Continue.
  6. Follow the instructions to finish opening your dispute.

If you can't log in to your PayPal account, follow the steps to reset your password.


Unauthorized transactions on your PayPal Debit MasterCard®

If the unauthorized transaction involves your PayPal Debit MasterCard®:

  1. Go to the Resolution Center at the bottom of the page.
  2. Click Report a Problem.
  3. Select the transaction you want to dispute, and click Continue.
  4. Select “I want to report unauthorized activity.”
  5. Click Continue.
  6. Follow the instructions to finish opening your dispute.

Remember, you’re 100% protected against unauthorized transactions sent from your account.

Here's how to report your PayPal Business Debit Card lost or stolen.

  1. Click PayPal debit card under your PayPal balance.
  2. Click the card you want to report lost or stolen under "Manage my cards."
  3. Click Report this card lost or stolen card.
  4. Click Deactivate Now.


Fake PayPal emails or spoof websites

If your account is limited, we'll send you an email with the reason for the limitation. For your convenience, we always list the steps to remove the limitation in the Resolution Center under Steps to Remove Limitation.

If you received an email stating that your account is limited but don't see any steps in the Resolution Center, you may have received a fake email. Forward it to spoof@paypal.com and we’ll investigate it for you. After you send us the email, delete it from your inbox. If you clicked on any links or downloaded any attachments within the suspicious email or website, log in to your account and view your transactions. It’s also a good idea to change your password.

Items not received or a potential fraudulent seller

If you sent a payment but haven’t received what you paid for, or believe the seller to be fraudulent, you should visit our Resolution Center. We’ve developed several programs to help protect you, and opening a dispute is the first step to help get your problem resolved. Here’s how:

  1. Go to the Resolution Center.
  2. Click Report a Problem.
  3. Select the transaction you want to dispute.
  4. Click Continue.
  5. Select either I didn't receive an item I purchased or the item I received was significantly not as described or I want to report unauthorized activity, depending on the nature of your dispute.
  6. Click Continue.
  7. Follow the instructions to file your dispute.

Here are some popular scams you should avoid.