Online Ordering Fraud Prevention

  • jammer2552
  • Graduate
  • Graduate
  • User avatar
  • Posts: 139

Post 3+ Months Ago

I have a client (A New York Style Deli) who would like to allow customers to pre-order their sandwiches online.

I am worried about fraudulent orders. I have a reCaptcha on the page, and a warning of their IP being logged and warning against fraudulent orders.

Are there any other methods/steps/modules I could incorporate into my page as a sort of proof of human/is-going-to-pay ?
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

Are deliveries involved? If it's just pick-ups, I doubt that there would be any fraudulent orders.
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13503
  • Loc: Florida

Post 3+ Months Ago

Warnings about an IP being logged are likely to scare away more customers than they are crooks. IP warnings are going to raise privacy concerns and generally make customers feel uncomfortable whereas a crook is going to be thinking "All they're doing is logging IP addresses ? sweet!". I would get rid of the warnings.

In place of the warnings you use procedures designed to weed out crooks without burdening customers with the knowledge that someone is looking out for them. There's always someone in the crowd who forgot to take their meds and those people always encourage a panic when their paranoia kicks in.

For pickup orders, don't handle anything related to payment until the person comes in to pick it up. There's no need to mention that customers can not pay online when it's a pickup, just don't include a payment form for them to fill out. You can include a reminder that the physical card and a photo ID will need to be presented on pickup.

For deliveries, right above the card number input field, include a small notice that the physical card and a photo ID must be presented to the delivery person upon delivery. Keep in mind some banks include a photo of the cardholder right on the card.
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

I was thinking the same thing about removing the warnings. Warnings would send me away & so would showing a photo ID for a sandwich. When I worked in New York City for over 15 years, I could call any restaurant or deli & get my food delivered 24/7. They never asked for anything. Since you said it was a NY style deli, I'm telling how it's done.
  • jammer2552
  • Graduate
  • Graduate
  • User avatar
  • Posts: 139

Post 3+ Months Ago

Alright, I understand the cons to the warnings. I'll just secretly log their IP. :)

I just don't want someone submitting an order, and then never picking up. That would just be money down the drain.

I like to think of worst case scenarios - imagine someone maliciously ordering 10 sandwiches, with the intention of never picking them up. Those 10 sandwiches are just money and time down the drain. How could I prevent that?
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13503
  • Loc: Florida

Post 3+ Months Ago

Don2007 wrote:
I was thinking the same thing about removing the warnings. Warnings would send me away & so would showing a photo ID for a sandwich. When I worked in New York City for over 15 years, I could call any restaurant or deli & get my food delivered 24/7. They never asked for anything. Since you said it was a NY style deli, I'm telling how it's done.


Were you paying cash or with a credit/debt card though ?
How many years before online identity theft and credit card fraud started to become a problem more than just an occasional cost of doing business ?

Quote:
I just don't want someone submitting an order, and then never picking up. That would just be money down the drain.


Who do you think takes the loss when cards are used fraudulently ?
It's not the customer, and it's not the credit card company. It's the business who is responsible because they did not take proper measures to ensure the person using the card is allowed to use it.

What you can do is require people to register on the site to be able to place orders online. Papa Johns pizza makes you do this in order to be able to get a pizza online. I also get emails from Papa Johns with the same deals I used to take from the top of my pizza boxes and magnet to my fridge.
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

I was paying cash but they certainly would have let me use a credit card. The volume of business is so huge in NYC that they aren't worried about a few lost orders. Since the OP said New York style, I'm telling you what happens here. I think the OP is in Florida where there are a lot of NYers, so they probably will do a large volume too.
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13503
  • Loc: Florida

Post 3+ Months Ago

Well, there's really not much of a difference between an online order and a phone order as far as abandoned orders go. You could probably apply a lot of the same things from the businesses phone order practices to the online process.

Googles geolocation API might be something worth looking into. If an order appears to come from outside of an X mile radius you could decide whether to take the order, get more details from the customer, or refuse to fill the order.
  • jammer2552
  • Graduate
  • Graduate
  • User avatar
  • Posts: 139

Post 3+ Months Ago

joebert wrote:
Googles geolocation API might be something worth looking into. If an order appears to come from outside of an X mile radius you could decide whether to take the order, get more details from the customer, or refuse to fill the order.

The only problem with that approach is the fact I would be asking the user to install Google Gears, which even I don't want to do. (Clutter...)

Don2007 wrote:
The volume of business is so huge in NYC that they aren't worried about a few lost orders. Since the OP said New York style, I'm telling you what happens here. I think the OP is in Florida where there are a lot of NYers, so they probably will do a large volume too.

The volume of business this deli bring in doesn't even compare to NY. It's in a small town south of the capitol of Florida, with a population of about 31,000.

At this time, no money shall be transferred through the site, PayPal or any other method. All transactions will be done in-restaurant. Online ordering are easier to exploit than phone ordering imo.

Tell you what. Here's the url of the demo site. (Ozzu wont let me post external links...) jameschurchard DOT com/demo/tottd/
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

Try the online ordering. If you find that it doesn't work the way you hoped, you can always abandon it.
  • PeterCastle
  • Born
  • Born
  • PeterCastle
  • Posts: 1

Post 3+ Months Ago

My company allows restaurants to add online ordering to their existing sites. We don't let customers order without paying with a credit card. Otherwise it would be too easy for idiots (or competitors) to place a bunch of orders that they never intend to pick up. Having their IP address isn't gonna help much. Anyone can go through a proxy or place the order from some public wifi.

Post Information

  • Total Posts in this topic: 11 posts
  • Users browsing this forum: No registered users and 81 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.