In 2017, the average merchant had roughly 1.5% of their revenue consumed by false declines. These are orders that are perfectly legitimate, but end up being cancelled by merchants who either have strict rules in place, or are just uncomfortable with one or more data point in the order.

So who are the people most often behind these false declines, and how can merchants identify them and start accepting more of their orders? In this blog post we’ll look at five cases from Riskified’s order database which represent five archetypes we’ve identified as being wrongful victims of risk-averse merchants. These cases illustrate some of the most common reasons behind false declines, along with some tips for corroborating their “risky” orders. Names and details have been changed to protect their privacy.

The Gift Sender

Linda O’Reilly has lived in Sioux Falls, South Dakota her whole life. Her pastimes include baking apple pie, sudoku, and doting on her grandchildren. Her new iPad promises to be a game-changer on all three fronts: in addition to using the tablet to post her pies on Pinterest, she also discovered she can use it to order presents and send them directly to her grandchildren. From the same retailer, she decides to send Andy – who recently moved to London with his parents – a watch for his birthday (he’s only three, but he’ll grow into it). Becky in Austin will get a wheeled backpack for school (Grandma O’Reilly always liked Andy more).The Gift Sender illustration

Why were Linda’s orders declined?

One word: mismatches. In order to save a trip to the post office, Linda requested that the watch and backpack be shipped directly to her grandkids. This meant that the retailer saw a mismatch between the names and addresses of the billing and shipping addresses, likely to result in the order being flagged and sent to manual review – where an order is far more likely to be declined due to risk aversion and queue overload (It could also mean long waits for the customer, and bothersome identity verification measures).

A billing/ shipping mismatch is bad enough, but Linda’s case appears particularly insidious to merchants. A single billing location, shipping to multiple addresses around the world is exactly how a fraudster who stole Linda’s credit card might behave in order to avoid repeated orders with identical data points.

How to make sure you approve orders like Linda’s:

  1. First thing: get rid of the rule that automatically flags orders with a billing/shipping mismatch. These mismatches are very common, and aren’t a big risk indicator. In the consumer electronics vertical, a third of the orders Riskified reviews have this mismatch, and we’re able to approve over 95% of them.  
  2. If you’re using an automated fraud solution, make sure your data is being enriched with IP address information, including proxy use detection. This can help determine that, at the very least, the order was placed by someone in the geographic vicinity of the billing address. If you have no choice but to manually review orders, search for the names of the parties on social media (Hopefully you’ll be able to find some pictures of her and her grandkids together to establish a link).

The Office Shopper/Shipper

Ashar Singh, a corporate lawyer, works so much that he often jokes that he lives in the office. There’s truth to this: he brushes his teeth in the office, eats dinner in the office and sometimes really does sleep there. So when he shops online, it’s only natural that he orders from his office computer, and has goods shipped to his office. Last week Ashar tried to order a new pair of loafers to his office address, but was shocked to have his order repeatedly declined.

The Office Shopper/Shipper illustration

Why was Ashar’s order declined?

Let’s think about how Ashar’s transaction details appear to a fraud analyst: his IP location and shipping location (his office) is different than his billing address (his apartment). That sounds a lot like someone just stole Ashar’s card data and is ordering some new shoes to himself. But it gets worse: many corporate offices use proxy servers for security reasons, meaning all three addresses could be different. And if the office shopper happens to be traveling for work, you’ll also see a discrepancy between the shipping, billing and IP addresses.

How to make sure you approve orders like Ashar’s:

  1. The best case is that the office shopper is using a corporate email domain (like Many third-party data sites can tell you if an IP address is corporate, the ISP, geo-location and sometimes even the name of the company. Then it’s just a matter of making sure your automatic solution is able to match these data points to the domain.
  2. If your team is reviewing orders manually, the best bet is to Google the shipping address and see if it’s the offices of the same company he works for. Even if the customer is using his personal email to shop in the office, you have ways of approving the order: does the shopper have a LinkedIn profile that matches the corporation owning the proxy? Does the company on his LinkedIn have a branch in the geographic IP location? These sorts of manual searches take time which keeps customers waiting, but it’s still better than just declining a good order.

The Tourist

Avi and Rebecca Cohen have been planning their vacation for half a year now; this December they’re flying with their three children from Tel Aviv to New York. The plan? Two weeks of the stuff you can’t get in Israel: Broadway shows, dollar-slice pizza and quality shopping. Actually, the shopping starts before they get there. It’s winter in NYC, and Cohen’s don’t even own coats (The Middle East has its advantages). So they decide to buy winter gear online in advance and have it shipped to their hotel. Once they’re in the city they want to stock up on electronics. Since the lines are crazy (because of pre-holiday shopping), they browse in-store, then order the goods online; shipping some to their NYC hotel, and a few straight to Israel to avoid carrying them.

The Tourist illustration

Why were the Cohen’s orders declined?

  1. It can be as simple as a merchant auto-declining orders placed with International credit cards. But even if merchants don’t just outright block cross-border orders, many end up being falsely declined because an AVS test will return a N/A result; AVS is only supported for cards issued in the US, UK or Canada.
  2. Hotels and Air BnB shipping addresses can cause problems for fraud review systems. Many seemingly unrelated orders all being shipped to an address is a pretty alarming pattern. And if one bad order is shipped to this hotel, it may cause the address to be placed on a blacklist.

How to make sure you approved orders like the Cohen’s

  1. One of the best ways to detect order legitimacy–regardless of how scary the order details appear–is to use behavioral analytics. The customer’s behavior during a shopping session can be a huge tip-off. For instance, fraudsters tend to go straight to checkout, where legitimate customers shop around, compare goods, and are far more likely to check things like the returns policy. Read more about behavioral analytics and fraud here.
  2. Avoid blacklisting hotel addresses. In fact, stop using blacklists altogether, as they are guaranteed to result in more false declines. And they also amplify mistakes: if you incorrectly decline the Cohen’s order, and then blacklist their email address, you’ll keep on rejecting  their legitimate orders (assuming they ever shop with you again…).

The Thrifty Global Shopper

Anna Poppov buys a lot of cosmetics. She lives Russia, where identical lipstick, perfume and foundation all cost around twice as much as in many European countries. Since a lot of the brands she prefers are sold all around the world, it’s far more affordable for Anna to search international stores for deals – and pay for shipping – than to buy them locally. Some American stores don’t offer shipping to Russia, so she uses a reshipper (forwarding service), to deliver the goods to her doorstep.


The Thrifty Global Shopper illustration

Why was Anna’s order declined?

Fraud analysts have nightmares about orders with a foreign IP, foreign credit card and foreign shipping and billing addresses. Fraud trends can differ wildly between countries, and with the pressure of a queue of waiting customers, it’s easiest for analysts to be risk-averse and simply decline orders from places they’re not familiar with.

And if Anna uses a reshipper, it’s even more likely that her order will declined. Fraudsters often user reshippers to mask their true physical location, and analysts tend to be very cautious (usually too cautious) with these orders.

How to make sure you approved orders like Anna’s

  1. Don’t base your perception of geographical riskiness on reputation – look at the actual numbers.  While it’s true Russia is consistently ranked pretty low on the corruption index, and fraud rings can operate there relatively freely, Riskified still safely approves over 97% of cosmetics orders with a Russian IP address.
  2. Reshipper use is indeed a risk factor, but that doesn’t mean these orders should be auto-declined. Check the email address associated with the order; an email account that has existed for over two years is a strong sign of legitimacy. Also check if the order is coming from a country that you offer shipping to (or if these shipping rates are exorbitant); if not, you’ve found a potential legitimate order story.

The college student (especially foreign students)

Kevin Ruffer just started his Freshman year at UCLA, and he’s way too swamped to go shopping. So he orders the college essentials straight to his dorm (which is just a quarter mile off campus): headphones, new sneakers and an expensive cologne his mom recommended. His roommate, Li Song, from China, is inspired to do the same.

The college student illustration

Why were Kevin and Li’s orders declined?

Let’s start with Kevin. The first problem is that the billing address on his credit card is still his parent’s house, so there’s a mismatch between that and the shipping address of his dorm room, which is just half a mile from campus. But more than that, colleges sometimes look really sketchy to fraud analysts. If he shopped on campus, using the UCLA wifi, The pattern of many orders under different names placed at the same IP address, delivered to the same shipping address, sounds a lot like this is a fraudster’s residence.

Li’s orders are even harder for merchants to approve. Because he’s using an international credit card (with an international billing address), this order looks a lot like someone in California bought a Chinese card off the dark web and is shopping with it. With over a million foreign college students in the States this year, merchants are losing a lot of revenue by rejecting these orders.

How to make sure you approve orders like Kevin and Li’s

  1. The key here is figuring out that Kevin and Li are university students. If they’re ordering from campus, then–just like in the case of the office shopper–a third party IP service like Maxmind can tell you that this IP belongs to UCLA. But even if Kevin and Li do their shopping from their off-campus dorm, hope isn’t lost. If they’re using .edu emails, that’s a pretty good tip off.
  2. Of course, it often happens that students will shop off-campus, using personal emails. You may see a pattern emerging through these tips: whenever you encounter a seeming incongruity in order details, you just need to start digging. It’s more than likely that you’d discover that Kevin and Li are associated with UCLA on Facebook or other social media platforms. Maybe you find old pictures they’ve posted of new sneakers. Suddenly, the mismatches listed above make plenty of sense.

Happy reviewing!

I hope this was a helpful overview of some of the most commonly falsely-declined orders. Click the button below to get more tips to help boost approval rates and improve the customer experience: