What is interception fraud? How to detect & prevent interception fraud.

Interception fraud occurs when fraudsters make online purchases using stolen credit cards. They will ship to the (valid) billing address linked to the stolen card, which will bypass checks that look for discrepancies between billing and shipping addresses. Once the transaction is complete, the fraudster will find a way to intercept the goods. Most commonly, they will try one of these techniques:

• Ask customer service to change the shipping address on the order before it ships.
• Contact the shipping service directly to reroute the package to a different shipping address.
• If possible, wait for the delivery and physically intercept the shipment at the stolen card owner’s address.

How to Detect Interception Fraud

Interception fraud is one of the most difficult types of e-commerce fraud to detect, particularly because the initial shipping address matches the address tied to the customer’s card. However, you can look for the following red flags to detect possible interception fraud:

• Unusual IP addresses: If the customer has purchased from you before, you can compare the IP addresses of different purchases to find discrepancies—for example, suddenly ordering from the US when they usually order from Europe. It’s possible that the account owner moved, or is on vacation, but it may be safest to dig deeper.
• Manual shipping address updates: If a “customer” calls in requesting to update their shipping address for a particular order, it could be an attempt to intercept the goods. Try to gather more details to verify the identity of the customer before updating the address.
• Larger orders than average: If a customer has purchased from you before, you’ll know how much they typically spend with you. If you suddenly receive an order for a much higher amount, you may want to look into it.
• Multiples of items:  One way interception fraud can lead to even more profit for the fraudster is if they resell the items they never had to pay for in the first place. Watch out for people buying multiples of the same item in one order.
• Expedited shipping: Putting a rush on things might help keep the fraudster safe from suspicion, because the business won’t have time to investigate any discrepancies. If you see expedited shipping along with some other red flags, you may be dealing with interception fraud.

How do you protect against interception fraud?

The best way to stop interception fraud is to stop payment fraud and keep fraudsters from using stolen credit card numbers.

Regularly Audit Your Security

Payment fraud happens when cybercriminals find vulnerabilities in your system. You should regularly assess your own website and payment processing systems for flaws.

Use Address Verification Services and Card Verification Values

Address Verification Service helps check a billing address against the one on file with the bank—though this will not stop payment fraud where the fraudster has the correct address. Also using Card Verification Values (CVVs) or Card Security Codes (CSCs) helps ensure customers have the physical card in their possession most of the time.

Gather Minimal Sensitive Data & Protect It

If you’ve stored full payment details for your customers, all a fraudster has to do is find a way to access the account—which is easy to do with bots—in order to steal the card information. Only collect the basic data you need to complete a transaction and ship the product. Additionally, ensure you use secure data transmission methods, like HTTPS, to encrypt data in transit.

Anti-Fraud Protection

A good online fraud detection solution will be able to locate and assess all of the red flags for criminal behavior automatically, making it easy to prevent interception fraud from ever happening in the first place. You will also want to ensure your site is constantly monitored by your solution, to locate requests and behavior that is out of the norm for your customers.

Intercept Online Fraud with DataDome

Interception fraud is only a subset of e-commerce fraud, but it can cost you tons of money in lost inventory and chargebacks. DataDome’s bot and online fraud management solution is machine learning-powered, works in real-time all the time, and determines if a request is suspicious within 3 milliseconds. DataDome’s machine learning-powered bot and online fraud protection put an end to SMS pumping attacks. Our real-time solution integrates with your tech stack in minutes, and determines at the edge if a request is made by a human or a bot within 3 milliseconds.

To see if you are facing interception fraud or other attacks to your website, mobile app, and API, try DataDome out for free to see a real-time dashboard of online threats to your company.