The other week, on checking a credit card statement, I realised that there were two transactions on it that I didn’t recognise. This isn’t that unusual because unless the transaction is spelled out for me in words of one syllable, then I’m highly unlikely to connect a typed line of text to the lovely pair of socks I bought on a whim from an online store.
This time though, I knew something was seriously wrong. For starters, both transactions were on the same day, one for a small amount, the other for several hundred pounds. And then, when I checked the calendar, I realised I wasn’t even in the country that day. I was away on business and didn’t have that credit card with me.
A swift, panicky call to my bank and the awful truth was revealed. My credit card had been cloned. A familiar tale of woe, but one which happily in this case, was resolved within hours by my understanding bank. At no cost to me. Apparently they’re hot on the heels of the fraudster even as I type.
What’s all this go to do with Snorestore?
Every day, there are a number of orders which come through the Snorestore website which on first glance, look perfectly normal. But on closer inspection, there are signs suggesting that something’s not quite right.
It could be the time of day the order is placed: very close to our cut-off point for same-day despatch (2pm since you ask), or from a customer with a non-UK email address, or simply, a large order paid for by someone using a hotmail account, with different billing and delivery addresses.
Mostly though, it’s our credit card transaction processors HSBC and SagePay who alert us to inconsistencies. This happens immediately and the transaction, or attempted transaction, is flagged as potentially fraudulent.
What do we do in this situation? Sometimes, it’s clear that the customer has made a genuine mistake and hasn’t managed to put the correct information into the order form. We’re not saying what sort of mistakes these are, for obvious reasons, but many involve students, we will tell you that. Snorestore’s staff then ‘phone the customer and the matter is usually sorted out in a matter of minutes.
Other flagged transactions, though, are a bit more tricky. We don’t call the customer in this instance. We email. We explain the position and we ask for a response within 2 days. If that response isn’t forthcoming, the transaction is never processed to payment and the card used is never charged.
This causes some inconvenience on both sides, for us in terms of the amount of time it takes to follow up a risky transaction, and for the customer, who may have made a genuine error and thus have to answer some questions before we are prepared to ship their stuff.
Mostly though, this inconvenience is trivial. We reckon we intercept about 5 fraud attempts a week through a combination of our own scrutiny of order details, and the banks’ alerting system.
How do we know they’re fraudulent? Because if we don’t hear back from the “customer” when we email them asking for more details, we have to assume they were doing something they shouldn’t with someone else’s money. You’d be amazed how many people quietly disappear when challenged.