Mitigating risk as a seller: How to spot unusual buyer activity.

Jun 09 2020 | PayPal editorial staff

Fraud can cost a business time and money - that’s why it pays to be vigilant of unusual account activity, where fraud could be lurking. Here are some telltale signs of unusual buyer activity that may suggest fraudulent intent. If you see any of the 13 indicators below, you may need to take a closer look.
And if you haven’t already, make sure to look at the six best practices to help prevent fraudulent payments from even taking place.
1. Shipping Address is in a high-risk country or location that’s known for fraud.
Are you seeing an abnormal number of payments from an unusual or unexpected location?  While cross-border commerce is growing rapidly and there are benefits to accessing a global market some countries have gained a reputation for fraud. Payments from these countries may require closer scrutiny.
2. An order is larger than normal.
Be cautious if you receive an order from a new customer that’s larger than your average order size, especially if it’s for a product that’s in high demand, such as electronics.

3. You receive an unusually large number of orders during an unusual time of day.
For example, you receive 10 orders from U.S.-based customers, all around 3 a.m. on the same day.
4. You receive an unusually large number of international orders within a short period of time.
For example, you receive over 50 orders from customers outside the U.S. within a few days, when you normally receive only two international orders within a month.

5. An order consists of multiple requests for the same item.
For example, a customer orders 50 pairs of the same shoe in various sizes. Ask yourself if it makes sense for a customer to order several of the same product.

6. Several orders from different customers are shipped to the same address.
Fraudsters often steal credit cards from multiple people and ship the orders to a single address. 

7. The billing and shipping address don’t match.
Just because a customer ships the order to another address, it doesn’t automatically indicate fraud, but a legitimate customer is more likely to ship orders to their billing address. Look at all the order details to see if anything else appears unusual.
8. A customer asks you to change the shipping address after the order has been paid for.
Make sure their address change makes sense. Fraudsters originally enter valid addresses so your fraud systems don’t catch them. Then, they contact you to change the address. Also keep in mind that if you decide to ship to another address, the purchase will no longer qualify for
 PayPal Seller Protection.
9. You receive multiple credit cards for the same order.
Be cautious if the customer provides you with several different credit card numbers. The cards can be in the same name or different names. The fraudster may ask you to split up or create multiple transactions using the various cards. If you don’t already collect the credit card customer’s name, start requesting this information to help detect fraud.
10. A customer asks for rush or overnight shipping.
Fraudsters like to receive merchandise quickly, regardless of the cost.

11. The email address looks suspicious.
Look for email addresses that seem unusual, like knh$$, or undeliverable emails. Legitimate customers are more likely to use email addresses that contain their name.

12. A customer overpays you. 
If someone overpays you, don’t send the extra money back through a wire transfer, online banking transfer, or a pre-loaded money card. Overpayment 
scams are common. Instead, return the money through PayPal.

13. The shipping address looks suspicious. 
Before shipping an expensive order, make sure you know where the order is being shipped. Criminals may ship orders to freight forwarders, shipping companies, P.O. boxes, or vacant properties so they can remain anonymous.

For more information on protecting your business, you can also review these six steps to help prevent fraudulent payments.

The contents of this site are provided for informational purposes only. You should always obtain independent, professional accounting, financial, and legal advice before making any business decision.

Was this content helpful?

Frequently asked questions.

You can use Visa, MasterCard, Discover, or American Express cards that have a registered billing address to make PayPal payments.

Another fast and easy option is paying with your bank account. Many PayPal members choose to pay with their bank accounts because it’s a convenient way to keep their spending under control.

However you choose to pay, we’ll send you a receipt every time a payment is made from your account so that you can keep track of your transactions. And we look out for you. We’ll let you know if we notice any unusual account activity.

Chargeback Protection allows eligible merchants to reduce the risk of fraudulent credit or debit card transactions cost-effectively. When a customer pays by credit or debit card without using a PayPal account, the liability for fraud and unauthorized transactions falls on the merchant. With Chargeback Protection, if a transaction that we approved turns out to be fraudulent, PayPal will reimburse the disputed amount and the associated chargeback fee. Read the Terms and Conditions for Chargeback Protection.
Which merchants are eligible for Chargeback Protection?
To be eligible to sign up for Chargeback Protection, a merchant must have a business account with PayPal and have enabled credit card payments (unbranded processing).

How Can a Merchant Apply for Chargeback Protection?
Merchants can enroll in Chargeback Protection from within their PayPal account. Merchants simply need to click on 'Manage Risk and Fraud' within their Payment Preferences and select Chargeback Protection. Terms apply.
How does Chargeback Protection work?
We’ll provide risk decision-making on all your online​ and mobile credit and debit card transactions and decline fraudulent payments. If an approved transaction is later identified as fraudulent, we’ll reimburse you for that loss.
  1. We’ll monitor checkout transactions
  2. We review credit and debit card transactions for risk
  3. We reimburse any chargeback fees if a transaction is later found to be unauthorized
How much does Chargeback Protection cost?
There are no yearly caps on ​losses, no annual or monthly contracts,​ revenue requirements, or cancellation fees.

Chargeback Protection (Standard)

0.40% per approved transaction

If a chargeback occurs, merchants must submit proof of shipment as requested by the Resolution Center to qualify for Chargeback Protection reimbursement.
*Fees are subject to change.

How does Chargeback Protection benefit the merchant?
Many merchants don’t have in-house expertise in fraud detection and prevention and outsourcing can be expensive. According to the LexisNexis® Risk Solutions 2020 True Cost of Fraud™ Study, on average, a merchant spends more than 3.00 USD to detect and prevent about 1.00 USD of fraud-not including the lost revenue from declined transactions that weren’t actually fraudulent. With Chargeback Protection, PayPal merchants can harness the experience and expertise we have from the billions of annual transactions on our network to spot and prevent risky transactions while maximizing revenue.
Which types of transactions are covered by Chargeback Protection?
Chargeback Protection applies to PayPal Commerce Platforms Advanced Credit and Debit Cards (ACDC) checkout and Braintree orders. PayPal Here transactions, Zettle transactions, and transactions for cash equivalents such as online poker chips for gambling or Visa cash gift cards aren’t eligible for Chargeback Protection.
What Chargeback types Chargeback Protection cover?
Chargeback Protection covers only unauthorized and fraud-related chargebacks as well as Item Not Received (INR). Non-fraud-related chargebacks (for example, broken item), Significantly Not as Described (SNAD), refund not processed, and duplicate charge) aren’t eligible for Chargeback Protection. You’re expected to reply to unauthorized and fraud-related chargeback disputes as usual in the PayPal Resolution Center.
What chargeback types Chargeback Protection doesn’t cover?
Chargebacks that aren’t related to fraud are not protected by Chargeback Protection, including Broken Item, Significantly Not as Described (SNAD), Refund Not Processed, and Duplicate Charge.

What are the differences between Chargeback Protection and Fraud Protection? 
Chargeback Protection Fraud Protection 

Chargeback Protection is a built-in, risk decisioning tool available to eligible PayPal merchants.
PayPal uses risk models and analysis in real-time to accept or reject transactions based on their risk level.   
PayPal will assume liability for any fraud or “item not received” chargebacks that may later occur.

Fraud Protection* is a built-in, fraud analysis tool given to all PayPal merchants at no charge.
Merchants set risk rules and filters within the Fraud Protection tool, determining which orders to accept or reject.
Merchants carry the liability for any chargebacks that may occur when using Fraud Protection.

* If you’re currently enrolled in Fraud Protection when you sign up for Chargeback Protection, we’ll automatically disable Fraud Protection in your account. You’ll no longer have access to the Fraud Protection dashboard and, should you enable Fraud Protection later, your historical data won’t be available.

PayPal lets you quickly and securely send and receive money for goods, services and more.

With PayPal you can:

  • Shop online in more than 200 countries and regions.
  • Send money securely to friends and family around the world.
  • Checkout quickly at hundreds of your favorite online stores.
  • Accept credit cards on your website.
  • Make donations to your favorite charity.
  • Set up an online shop and receive payments.
  • Use your credit card and earn rewards.

At PayPal, your financial security is our highest priority. We use the latest anti-fraud technology to help make sure your transactions are safer and you’re 100% protected against unauthorized payments sent from your account.

We continuously work to disable fake or “spoof” communication including emails, websites, and text messages. We review all submissions sent to us, and work with law enforcement around the world to stop online criminals. 

When you aren't sure if you can trust a communication claiming to be from PayPal, check to see if the message does any of the following: 

Uses impersonal, generic greetings, such as “Dear user” or “Dear [your email address].”
Emails from PayPal will always address you by your first and last names or by your business name. We never say things like "Dear user" or "Hello PayPal member.”

Asks you to click on links that take you to a fake website.
Always check links in an email before you click them. A link could look perfectly secure like Make sure to move your mouse over the link to see the true destination. If you aren’t certain, don’t click on the link.

Contains unknown attachments.
Only open an attachment if you're sure its legitimate and secure. Be particularly cautious of invoices from companies and contractors you're not familiar with. Some attachments contain viruses that install themselves when opened.

Conveys a false sense of urgency.
Phishing emails are often alarmist, warning you to update your account immediately. They're hoping you'll fall for their sense of urgency and ignore warning signs that the email is fake. If there’s an urgent need for you to complete something on your account, you can find this information by logging into PayPal. 

The following are common scams where fraudsters use spoofed emails. When in doubt, always log in to PayPal and view the Resolution Center for any notifications.
"Your account is about to be suspended."
Many fraudsters send spoofed emails warning you that your account is about to be suspended. The email will ask you to enter your password in a (spoofed) webpage. We’ll only ask you to enter your password on our login page. 

"You've received a payment."
Some fraudsters try to trick you in to thinking you've received a payment for an order. They want what you're selling for free. Before you ship anything, log in to PayPal and check that actually you received a payment. We'll never ask you to share a tracking number by email. If you received a payment, you’ll always see it in your PayPal activity.​

"You’ve been paid too much."
Fraudsters may try to convince you that they overpaid for an item. For example, they’ll send an email that says they’ve paid you 500.00 USD for a camera you listed at 300.00 USD. The sender asks you to ship the camera in addition to the extra 200.00 USD you were “paid” by mistake. The fraudster wants your camera AND your money but hasn’t actually paid you at all.

Before sending anything, log in to PayPal and check that you received a payment.

Reporting Suspicious Communication 

Phishing emails often lead you to fake websites to steal your private, sensitive data. These websites could look unusual or they could appear genuine but have a suspicious URL.

If you receive a suspicious email or website link: 
  1. Don’t click on any links inside of the email or in the website, and don’t download any attachments.
  2. Don’t enter any information.
  3. Don’t change the subject line and don’t forward the message as an attachment.
  4. Forward the email and/or website to
  5. Delete the email from your inbox.
SMS/Text Message
If you receive a text message with a link inviting you to visit a website:
  1. Don’t click on any links inside of the SMS text message.
  2. Screenshot the message.
  3. Make sure that the message shows the full telephone number.
  4. Email the screenshot to
Telephone Call
If you receive a suspicious telephone call:
  1. Take a screenshot of your phone log showing the telephone number
  2. Email the screenshot to
  3. Include details of the telephone call, including what the caller stated or asked from you.
If the caller left a voicemail, and you’re able to view a transcript on your mobile device, include a screenshot of it in your email.

When you send an email to, you’ll receive an automatic email letting you know we received it.

Safeguarding Your Account

If you shared financial or personal information, or entered personal information on a fake website:
  • Change your PayPal password and security questions immediately.
  • Contact your bank and credit or debit card issuer and let them know what happened.
  • Review your recent PayPal activity to make sure you authorized all the payments.
  • Report any unauthorized payments in the Resolution Center. Remember, you’re 100% protected against unauthorized payments sent from your account.
We’ve put together some useful information on phishing and identity theft for you. To locate it, click Security on the bottom of any PayPal page.
You can also learn more about recognizing and preventing fraudulent activity here: If you’re a victim of fraudulent activity, there are more resources you can use to report it:

Here's a video on identifying suspicious emails:

We’ll use cookies to improve and customize your experience if you continue to browse. Is it OK if we also use cookies to show you personalized ads? Learn more and manage your cookies