Mitigating risk as a seller: How to spot unusual buyer activity.

Jun 09 2020 | PayPal editorial staff

Fraud can cost a business time and money - that’s why it pays to be vigilant of unusual account activity, where fraud could be lurking. Here are some telltale signs of unusual buyer activity that may suggest fraudulent intent. If you see any of the 13 indicators below, you may need to take a closer look.
And if you haven’t already, make sure to look at the six best practices to help prevent fraudulent payments from even taking place.
 
1. Shipping Address is in a high-risk country or location that’s known for fraud.
Are you seeing an abnormal number of payments from an unusual or unexpected location?  While cross-border commerce is growing rapidly and there are benefits to accessing a global market some countries have gained a reputation for fraud. Payments from these countries may require closer scrutiny.
 
2. An order is larger than normal.
Be cautious if you receive an order from a new customer that’s larger than your average order size, especially if it’s for a product that’s in high demand, such as electronics.


3. You receive an unusually large number of orders during an unusual time of day.
For example, you receive 10 orders from U.S.-based customers, all around 3 a.m. on the same day.
 
4. You receive an unusually large number of international orders within a short period of time.
For example, you receive over 50 orders from customers outside the U.S. within a few days, when you normally receive only two international orders within a month.

 
5. An order consists of multiple requests for the same item.
For example, a customer orders 50 pairs of the same shoe in various sizes. Ask yourself if it makes sense for a customer to order several of the same product.

6. Several orders from different customers are shipped to the same address.
Fraudsters often steal credit cards from multiple people and ship the orders to a single address. 


7. The billing and shipping address don’t match.
Just because a customer ships the order to another address, it doesn’t automatically indicate fraud, but a legitimate customer is more likely to ship orders to their billing address. Look at all the order details to see if anything else appears unusual.
 
8. A customer asks you to change the shipping address after the order has been paid for.
Make sure their address change makes sense. Fraudsters originally enter valid addresses so your fraud systems don’t catch them. Then, they contact you to change the address. Also keep in mind that if you decide to ship to another address, the purchase will no longer qualify for
 PayPal Seller Protection.
 
9. You receive multiple credit cards for the same order.
Be cautious if the customer provides you with several different credit card numbers. The cards can be in the same name or different names. The fraudster may ask you to split up or create multiple transactions using the various cards. If you don’t already collect the credit card customer’s name, start requesting this information to help detect fraud.
 
10. A customer asks for rush or overnight shipping.
Fraudsters like to receive merchandise quickly, regardless of the cost.

 
11. The email address looks suspicious.
Look for email addresses that seem unusual, like knh$$yro123456@gmail.com, or undeliverable emails. Legitimate customers are more likely to use email addresses that contain their name.
 

12. A customer overpays you. 
If someone overpays you, don’t send the extra money back through a wire transfer, online banking transfer, or a pre-loaded money card. Overpayment 
scams are common. Instead, return the money through PayPal.

13. The shipping address looks suspicious. 
Before shipping an expensive order, make sure you know where the order is being shipped. Criminals may ship orders to freight forwarders, shipping companies, P.O. boxes, or vacant properties so they can remain anonymous.
 

For more information on protecting your business, you can also review these six steps to help prevent fraudulent payments.
 

The contents of this site are provided for informational purposes only. You should always obtain independent, professional accounting, financial, and legal advice before making any business decision.

Was this content helpful?

Frequently asked questions.

You can use Visa, MasterCard, Discover, or American Express cards that have a registered billing address to make PayPal payments.

Another fast and easy option is paying with your bank account. Many PayPal members choose to pay with their bank accounts because it’s a convenient way to keep their spending under control.

However you choose to pay, we’ll send you a receipt every time a payment is made from your account so that you can keep track of your transactions. And we look out for you. We’ll let you know if we notice any unusual account activity.

Fraud tools are used throughout the industry to help fight fraud. The fraud tools listed below are available through PayPal and other fraud management vendors.

Address Verification Service (AVS)
  • Use AVS to verify the billing address matches the one that the card issuer has on file. AVS compares the street number and ZIP code entered by the customer with information maintained by the card issuer.
  • How to set up AVS fraud filter through PayPal
  • Maximum Transaction Amount filters the total amount of the transaction (including tax, shipping, and handling fees). Transactions that exceed the maximum amount trigger this filter.
  • Unconfirmed Address filters payments when we have not confirmed the customer’s shipping address and the transaction is more than an amount you specify.
  • Country Monitor filters payments from countries that you believe pose an increased risk of fraud. This filter screens the customer's IP address, billing address, and shipping address for matches with your list of high-risk countries.
     
Here's how to set up your basic Fraud Management Filters.
  1. Click Tools.
  2. Click All Tools.
  3. Scroll down and click PayPal Fraud filters.
  4. Enable desired filters.
  5. Click Save.
Card Security Code (CSC)
  • Ask customers for their CSC. This is the 3 or 4 digit number located on the card that helps confirm they have the card with them. The CSC filter compares the number provided by the customer against the number on file with the issuer. A valid CSC helps verify that your customer has a physical card with them when they place an order. An invalid code could be the result of a customer's typographical error or it could indicate that a fraudster did not have the card with them.
  • How to set up CSC fraud filter through PayPal
  1. Click Tools.
  2. Click All Tools.
  3. Scroll down and click PayPal Fraud filters.
  4. Enable desired filters.
  5. Click Save.

Lookup the card BIN
  • The first 6 numbers listed on a card is called a Bank Identification Number (BIN). It gives you details about the financial institution that issued the card or card issuer. Use a BIN check service to find out where the card was issued. Be cautious if the billing address country and the card issuer country don’t match.
  • BIN checks are available at www.bin2country.com can be purchased through fraud management companies.

Use IP geolocation tools
  • IP geolocation is a good way to pinpoint the geographic location of the computers used for transactions, including the city, state and country. To be proactive about a potential fraudulent transaction, you can check the geolocation details against the billing and shipping address country your customer provided. If the geolocation information doesn’t match, it could be fraud.
  • You can also use IP geolocation to look for anonymous proxies (a tool that attempts to make online activity untraceable). Orders that originate from anonymous proxies are more suspicious because fraudsters use them to hide their location. However, legitimate customers who value privacy could also use anonymous proxies to protect their information, so this might not always indicate fraud.
  • What can I do if the IP geolocation information does not match the billing or shipping address?
    • Resolve the discrepancy by contacting the customer or by following step 3 below.

Device Identification
  • Device Identification tools can be used to help identify the computer or phone that placed the order. Each computer or phone has unique characteristics.
  • Device identification can determine if a buyer is repeatedly visiting your site using different information (names, addresses, IPs, credit cards, computer browsers, etc.) to mask their identity.
  • You can search online for a list of third party vendors providing this service.
Having a secure, unique password for each of your online accounts is critically important. If a scammer gets just one password, they can begin to access your other accounts. That’s why it’s important to have a strong, unique password for your PayPal login.

A strong password should have the following characteristics:

•    More than 8 characters long.
•    Use lower case, upper case, a number, and a special character [like ~!@#$%^&*()_+=?><.,/].
•    Not a word or date associated with you (like a pet’s name, family names, or birth dates).
•    A combination of words with unusual capitalization, numbers, and special characters interspersed. Misspelled words are stronger because they are not in the dictionary used by attackers.
•    Something you can remember.

How often should I change my password?

Normally, there should be no reason to change your password or PIN. But there are a few cases where it's a good precaution. For example:

•    You notice something suspicious on your PayPal account.
•    You suspect that someone you don’t trust has your password.
•    You notice something suspicious in your email account or other online accounts.
•    You have recently removed malware from your system.
•    PayPal asks you to change your password.

If one of these occurs, change your Password, PIN, and security questions immediately. You can change these under personal settings.

If you receive an email asking you to change your password, it could be a case of phishing. Instead of clicking on a suspect link in an email, just log into your PayPal account by manually typing the URL. Click the Settings tab, and then Personal Info. You will find the password, security questions, and PIN (if you've set one up) on this page.
If your payment is on hold or not available right away, we’ll notify you via email or an alert on your Summary page.

Delaying funds availability is a common industry practice we implement to help ensure the secure use of PayPal by both buyers and sellers. By placing your payment on hold, we’re trying to make sure that there’s enough money in your PayPal account to resolve any issues that may arise with your account such as chargebacks or disputes. When subject to a hold, the money is temporarily not available to use.

If there aren’t any issues with your transaction or account, the payment will typically be released within 21 days after receipt. After your hold is released, it may take until midnight (but it's usually sooner) for the money to appear in your PayPal account.

Here are some reasons your funds may be temporarily on hold or unavailable:

1. You’re a new seller with PayPal or you’re an established seller but have opened a new account.
When you’re a new PayPal seller, it takes time to build up enough history to demonstrate a pattern of positive buyer-seller transactions. The good news is you can usually move out of this status by confirming your identity and building up a history of positive selling activity.

If you’re an established PayPal seller, but opened a new account, that account will be eligible for holds until a good history is established.

2. You haven’t sold in a while.
When your selling activity has been dormant for a long time, it will also take time to rebuild a history of positive buyer-seller transactions.

3. Multiple customers filed for a refund, dispute, or chargeback.
If multiple customers file for a refund, dispute, or chargeback, or if you receive a large number of refunds, disputes or chargebacks in a short period of time, it can delay the availability of your funds. The best way to resolve this is to work directly with your customers to prevent, or solve, disputes and chargebacks.

Sometimes it’s possible that your customer filed for a refund, dispute, or chargeback because someone illegally used their PayPal account to buy something. We ask that you hold off on shipping any items when this happens.

4. Your selling pattern appears unusual or has changed.
Unusual sales activity includes: an increase in sales or a change in average selling price, business platform, or type of item being sold.

5. You’re selling higher risk items.
Higher risk items can include tickets, gift cards, consumer electronics, computers, and travel packages.


How do I get my money sooner for a transaction on hold? provides information on how you may be able to get your funds released early.
Why is my payment from a sale on eBay on hold? provides information on eBay holds and how to contact eBay.

We’ll use cookies to improve and customize your experience if you continue to browse. Is it OK if we also use cookies to show you personalized ads? Learn more and manage your cookies