Fraudulent orders are on the rise (it seems as if the company's account security is more lax than they like to admit), and we have guidelines for fraud orders. Yesterday I caught one that didn't meet the main fraud criteria.
I see when I start my shift that there's an order in the queue--scheduled to drop in three hours--with only three items in it...okay, nothing particularly unusual to see that; customers will schedule orders and then add to them until the cutoff/drop time.
The order drops, still with 3 items. I can see by the zones that the order value is low, less than the minimum required for a pickup order (our minimum is $30). First thing I do is look at the pick list, which also gives me a name and phone number for the order...name looks fake as hell, and the phone number also looks dodgy (didn't recognize the area code). I pop onto a reverse lookup website.... phone number is registered in GA. I then run a search on the name and am not really surprised to see no results.
I have some time, so I decide to just gather the items; in doing that I can keep track of the prices, and as I expected the total order is less than $20. The next thing I do is email our online fraud department with the relevant info: order ID and name/phone with the order. Not two minutes later I get a response. DINGDINGDING we has a fraud!
I make copious notes on the pick list I'd printed and file it in a folder in my drawer named "bad stuff". Five minutes later SM comes down from his office with a printout of the email I just read.
SM: "Did you see this about a fraudulent order?"
Me: "Yup. I sent them the email. Nothing's been shopped."
SM: "Cancel the order."
I do so; in hindsight, I should have let it ride unpicked and see if the 'customer' called. (it's generally accepted that something's up if a customer calls to ask if an order is ready; on the few occasions that has happened the orders in question were scams).
I just realized that this could have been done using a stolen EBT card as there is no minimum when using EBT to pay online...that's the only way it could have gotten into the system. Unless there's another loophole/vulnerability that I don't know about which is entirely possible.
I daresay that anyone else probably would have just shopped the order like normal and not thought to contact LP until after it was invoiced (if at all). This order didn't meet the typical fraudulent-order benchmarks (large order, high cost items, etc). With those larger orders there is usually no obvious pattern (unless someone looks at the paper pick list before starting to shop), so we can't get the info needed to contact the verification department until after the order is invoiced--and thus charged. I have a feeling that this sort of thing is going to become more common; the scammers probably know the basics of what the company looks for now.
I see when I start my shift that there's an order in the queue--scheduled to drop in three hours--with only three items in it...okay, nothing particularly unusual to see that; customers will schedule orders and then add to them until the cutoff/drop time.
The order drops, still with 3 items. I can see by the zones that the order value is low, less than the minimum required for a pickup order (our minimum is $30). First thing I do is look at the pick list, which also gives me a name and phone number for the order...name looks fake as hell, and the phone number also looks dodgy (didn't recognize the area code). I pop onto a reverse lookup website.... phone number is registered in GA. I then run a search on the name and am not really surprised to see no results.
I have some time, so I decide to just gather the items; in doing that I can keep track of the prices, and as I expected the total order is less than $20. The next thing I do is email our online fraud department with the relevant info: order ID and name/phone with the order. Not two minutes later I get a response. DINGDINGDING we has a fraud!
I make copious notes on the pick list I'd printed and file it in a folder in my drawer named "bad stuff". Five minutes later SM comes down from his office with a printout of the email I just read.
SM: "Did you see this about a fraudulent order?"
Me: "Yup. I sent them the email. Nothing's been shopped."
SM: "Cancel the order."
I do so; in hindsight, I should have let it ride unpicked and see if the 'customer' called. (it's generally accepted that something's up if a customer calls to ask if an order is ready; on the few occasions that has happened the orders in question were scams).
I just realized that this could have been done using a stolen EBT card as there is no minimum when using EBT to pay online...that's the only way it could have gotten into the system. Unless there's another loophole/vulnerability that I don't know about which is entirely possible.
I daresay that anyone else probably would have just shopped the order like normal and not thought to contact LP until after it was invoiced (if at all). This order didn't meet the typical fraudulent-order benchmarks (large order, high cost items, etc). With those larger orders there is usually no obvious pattern (unless someone looks at the paper pick list before starting to shop), so we can't get the info needed to contact the verification department until after the order is invoiced--and thus charged. I have a feeling that this sort of thing is going to become more common; the scammers probably know the basics of what the company looks for now.
Comment