TaCode Tuesday: Preventing Delivery Fraud with Automated Zang Calls

Posted by Pedram Mohammadi on September 12, 2017

Delivery fraud, a new type of scam, exploits a business model loophole found on e-commerce sites that use the cash-on-delivery (CoD) payment method. This type of e-commerce fraud works by having a script automatically create new accounts with fake addresses and telephone numbers, ordering hundreds of products to pay CoD. The e-commerce company will then wrap-up all orders for delivery, leaving the scammed product out-of-stock for days. However, since all delivery addresses are fake, the items would end up returning to the warehouse, causing a huge loss on revenue due to restock, delivery failure, and loss of new orders.

Preventing Delivery Fraud with Automated Zang Calls  |  http://blog.zang.io

Is Your Fraud Prevention Strategy Sound?

Delivery fraud happens because most sites don’t have a sound fraud prevention strategy in place. Ideally, an e-commerce business should conduct online fraud detection by: (1) running background processes that conduct consumer profiling; and (2) verifying that the aggregate of information making up consumer profiles are correct.

Background checking takes into account several variables such as geolocation, device characteristics, user behavior, navigations, and transaction activities. This data will eventually be used to generate “contextual event information” that defines a normal or a fraudulent transaction.

On the other hand, variable authenticity needs to be substantiated through official identification documents such as Social Security Number (SSN), passport, or birth certificate. Verification can also be done through checking email addresses, devices, Internet Protocol (IP) addresses, and phone numbers. In 2016, Gartner identified five layers of fraud detection that characterize an effective OFD process.

Preventing Delivery Fraud with Automated Zang Calls  |  http://blog.zang.io 

Figure 1: Five Layers of Fraud Prevention

 

The figure above shows five layers of fraud prevention that e-commerce companies can adopt for not only delivery fraud, but other types of fraud, as well. The first three layers are critical to operate a secure e-commerce site. This includes verification from the network and device layer, an analysis of the IP address being used, and identity proofing through email and phone numbers. The fourth and fifth layer are emerging trends in e-commerce and delivery fraud prevention using Big Data analytics and cloud computing.

 

How To Perform Automated Customer Verifications?

In this week’s TaCode Tuesday, we will teach you how to conduct a third layer fraud prevention strategy through automated calls using Zang APIs. We will be creating a piece of code in PHP that will run every time a customer chooses cash-on-delivery as a payment method. The objective of the code is to:

  • Check the age of the account making the CoD order
  • Check if the phone number is valid by making an automated call
  • Allow the order to be placed once the phone number has been verified

Before we start, you should have an intermediate knowledge of:

  • PHP
  • MySQL
  • Zang APIs


Using Zang for Automated Call Verifications

Our proof of concept for automating customer profile verification consists of three features, related to the objectives we mentioned above. On a side note, identifying objectives before breaking down the requirement to features is a good Agile practice, especially if you’re using Scrum or XP.

Feature 1: When the customer chooses CoD as payment method, the website should be able to check the account profile to verify its legitimacy before allowing the order to complete.

Feature 2: An automated call verification should be invoked if the account is less than one-day old (i.e., a newly registered account) and has no previous successful transaction before allowing the order to complete.

Feature 3: The website should allow the order to complete through CoD delivery once the phone number verification has successfully been completed.

 

Preventing Delivery Fraud with Automated Zang Calls  |  http://blog.zang.io

Let’s start coding!

Feature 1: When the customer chooses CoD as payment method, the website should be able to check the account profile to verify its legitimacy before allowing the order to complete.

Feature 2: An automated call verification should be invoked if the account is less than one day old and has no previous successful transactions before allowing the order to complete.

 

 

Feature 3: The website should allow the order to complete through CoD delivery once the phone number verification has successfully been completed.

 

 

Remember…

E-commerce and delivery fraud prevention is a continuous process. Every day, new malwares are created that threaten server and network security. In fact, retail remains to be on top of the most vulnerable industries to data breach and privacy. In 2016, Symantec’s Internet Security Threat report documented that the Anthem Attack of 2015 exposed about 5.8 million customer identities in retail. Services sector did far worse, leaking about 260 million customer profiles.

Preventing Delivery Fraud with Automated Zang Calls  |  http://blog.zang.io Figure 2: Top Sectors Breached by Anthem Attack in 2015

 

Verifying customer identities using Zang calls is a quick and cost efficient way to increase security measures of e-commerce sites. Calls costs no more than $0.015/minute and outbound SMS’ are just $0.005. Want even more protection? Learn how to use Zang to create automated SMS alerts to prevent credit card fraud.

Start building on Zang 

 

Topics: TaCode Tuesday, cPaaS, Built On Zang, Security