Ecommerce sites might encounter issues such as prank orders, where customers place orders they have no intention of actually keeping, and fraudulent orders, where customers make unauthorized purchases using a third party’s information. As the ecommerce market continues to expand in Japan, the damage caused by these kinds of orders has become a challenge that businesses cannot afford to ignore.
Prank orders and identity theft orders placed through online stores not only lead to increased costs for shipping and return processing, but can also result in a heavier operational burden and damage to a brand’s image.
This article explains the main tactics used by perpetrators, the types of damage they cause, and the countermeasures that Japanese ecommerce businesses can take to combat prank and identity theft orders on their sites.
What’s in this article?
- What are prank orders and identity theft orders?
- Methods used for prank and identity theft orders
- Countermeasures
- What to do in the event of a prank or identity theft order
- How Stripe Radar can help
What are prank orders and identity theft orders?
Fraudulent activities such as prank orders and identity theft orders are a growing concern for ecommerce sites.
A prank order refers to the act of placing an order with the intention of canceling it or refusing delivery. The purpose of the order is to harass the business or disrupt operations.
An identity theft order refers to the act of placing an order with the unauthorized use of a third party’s name, address, phone number, or other personal information. It’s important to note that the impact extends not only to the business, but also to the individuals whose identities have been stolen.
Prank orders and identity theft orders not only increase costs for businesses but can also negatively impact customer satisfaction and the company’s reputation. By understanding the methods and motives behind these orders, you can implement robust fraud protection measures.
Methods used for prank and identity theft orders
Prank and identity theft orders take a variety of forms. Here are the common methods used:
|
Method |
Description |
Damage |
|---|---|---|
|
Credit card fraud |
Placing an order using stolen credit card information |
Chargebacks and loss of product |
|
Account hijacking |
Placing an order using an unauthorized login |
Customer service burden and decreased customer trust |
|
Bad-faith large-volume orders |
Placing bulk orders with the intention of canceling or refusing delivery |
Inventory disruption and lost sales opportunities |
|
Refusal to accept cash-on-delivery (COD) orders |
Declining to accept a product upon delivery |
Burden of shipping and return costs |
|
Use of vacant addresses |
Accepting delivery of fraudulently purchased goods at an address that is not your own |
Loss of products and burden of shipping costs |
|
Harassment through negative reviews |
Placing orders solely for the purpose of leaving bad reviews |
Damage to brand image |
Credit card fraud
This method of fraud involves using stolen credit card information to order products.
According to a survey by the Japan Credit Association, losses from credit card fraud have been increasing year over year, reaching a record high of approximately ¥55.5 billion in 2024.
In addition, much of this fraudulent activity stems from the theft of card numbers during online transactions. Ecommerce sites are the primary targets for these activities.
If such fraudulent orders occur, ecommerce businesses could incur losses due to chargebacks and other factors.
Account hijacking
In account hijacking, a third party gains unauthorized access to a user’s account and places an order impersonating the user. For example, an account might be hijacked due to password theft or a data breach, and products might be ordered using the registered address and payment information.
Bad-faith large-volume orders
This is a tactic in which individuals place large orders for products they don’t actually want, with the intention of canceling later or refusing delivery. The goal of doing so is to disrupt an ecommerce business’s order processing and inventory management. If this is done with limited-time or popular products, it could deprive genuine customers of the opportunity to make a purchase.
As a result, customers who would otherwise have made a purchase might abandon the site and never come back. This could result in decreased customer satisfaction and the loss of future purchases.
Refusal to accept cash-on-delivery (COD) orders
This occurs when the buyer refuses to accept delivery of a product despite having placed the order using COD as the payment method. They might do this as a prank, to harass the seller, or simply because they’re unable to pay when the delivery occurs. If the carrier’s storage period expires, the merchandise will be returned to the ecommerce business. In such cases, the ecommerce business will be responsible for the round-trip shipping costs and packaging expenses. This issue is particularly troublesome for international shipments, where return shipping fees tend to be substantial—often exceeding the actual retail price of the merchandise itself. As a result, there are many instances where a company might decide to abandon a product because the cost to get it back outweighs the benefit.
Use of vacant addresses
This is a scheme in which the recipient designates a delivery address—such as a vacant apartment or vacant lot—where it’s difficult to identify the actual occupant. This is a case of malicious identity theft, where the perpetrator pretends to be a resident to receive goods even though they don’t actually live there. If it’s clearly evident that no one lives there, the goods might be returned rather than delivered, but the shipping costs will still be borne by the seller.
Harassment through negative reviews
In some cases, orders are placed with the sole purpose of lowering the rating of an ecommerce site. For example, due to technical issues on the store’s end, an order could go through even though the item is out of stock. The perpetrator exploits this glitch by placing a large number of additional orders and then posting a barrage of negative reviews claiming they were unable to purchase the item—all with the intent of harassing the seller. Negative shop reviews can have a significant impact on future operations.
Countermeasures
While it’s impossible to completely prevent prank and identity theft orders, taking some preventive measures in advance can help minimize the damage if fraud does occur.
Strengthen ID verification and account security
By strengthening ID verification during the login and ordering process, many fraudulent orders can be prevented before they occur.
For example, you can implement the following:
- SMS authentication (phone number verification)
- Enhanced email address verification
- Two-factor authentication (2FA)
- Additional authentication, such as 3D Secure 2 (3DS2), for high-risk transactions
Two-factor authentication is particularly effective in preventing fraudulent orders resulting from account hijacking.
Restrict COD orders
Since COD orders are prone to issues arising from refusal of delivery, it’s advisable to establish specific conditions for their use.
- Disable COD for orders exceeding a certain monetary threshold
- Restrict COD options for first-time customers
- Prohibit COD usage for customers who have had issues in the past
By taking these steps, you can minimize unnecessary returns and shipping costs.
Use a blacklist
As a preventive measure against recurring issues, it’s helpful to maintain a record of information on customers who have caused problems in the past. It should include:
- Name
- Phone number
- Email address
- Physical address
By keeping a record of this information and comparing it with incoming orders, you can reduce the likelihood of problems happening again.
Employ a fraud detection service
It’s important to establish a system for detecting suspicious orders in advance. Employing a fraud detection service gives you access to advanced security measures.
A fraud detection service evaluates risk based on transaction details and historical trends, enabling it to automatically detect and flag transactions that might be fraudulent.
For high-risk transactions, you can implement context-sensitive measures, such as requiring additional authentication via 3DS2.
What to do in the event of a prank or identity theft order
If an online store receives a prank order or identity theft order, it’s important to respond promptly to prevent further damage. This section outlines the appropriate actions to be taken by both customers and businesses.
For customers
If you receive an order or delivery that you didn’t place, respond as follows:
- Contact the ecommerce business
- Contact your credit card company and report possible unauthorized use
- Change your password and set up two-factor authentication
If you suspect that your credit card information has been compromised, contact your credit card company as soon as possible to avoid further damage, and take actions such as having the card locked.
For businesses
Businesses should take measures to stop the damage and strive to prevent recurrence.
The following actions are recommended:
- Cancel the suspicious or fraudulent order and suspend shipping
- Contact the shipping company to request a delivery hold
- Contact the credit card company
- Record the details of the incident
- Enhance monitoring of similar order patterns
- Train staff
In serious cases, consider consulting with the police or relevant authorities. Also, report the fraudulent activity to the platform operator and payment service provider and ask them to take appropriate action, such as freezing the account or suspending its use. Sharing information and coordinating efforts among service providers helps prevent the escalation of damages and the recurrence of such incidents.
How Stripe Radar can help
Stripe Radar uses AI models to detect and prevent fraud, trained on data from Stripe’s global network. It continuously updates these models based on the latest fraud trends, protecting your business as fraud evolves.
Stripe also offers Radar for Fraud Teams, which allows users to add custom rules addressing fraud scenarios specific to their businesses and access advanced fraud insights.
Radar can help your business:
Prevent fraud losses: Stripe processes over $1 trillion in payments annually. This scale uniquely enables Radar to accurately detect and prevent fraud, saving you money.
Increase revenue: Radar’s AI models are trained on actual dispute data, customer information, browsing data, and more. This enables Radar to identify risky transactions and reduce false positives, boosting your revenue.
Save time: Radar is built into Stripe and requires zero lines of code to set up. You can also monitor your fraud performance, write rules, and more in a single platform, increasing efficiency.
Learn more about Stripe Radar, or get started today.
Der Inhalt dieses Artikels dient nur zu allgemeinen Informations- und Bildungszwecken und sollte nicht als Rechts- oder Steuerberatung interpretiert werden. Stripe übernimmt keine Gewähr oder Garantie für die Richtigkeit, Vollständigkeit, Angemessenheit oder Aktualität der Informationen in diesem Artikel. Sie sollten den Rat eines in Ihrem steuerlichen Zuständigkeitsbereich zugelassenen kompetenten Rechtsbeistands oder von einer Steuerberatungsstelle einholen und sich hinsichtlich Ihrer speziellen Situation beraten lassen.