Copyright © 2019

Selling digital content and how to prevent fraudulent orders

Wednesday, 16th January

Selling digital content is easy; there is no shipping and no delayed orders. Usually, no matter what kind of digital content you sell—software, photos, fonts, music, video—you can offer a live preview/demo where potential buyers can see the product(s) before purchasing them. All you have to do, as a digital content seller, is to make it easy for prospects to preview/demo your digital products, check them out, and download them. Unfortunately, there is a major problem which is hard to avoid—fraudulent orders. These are orders made by people using stolen credit card details or PayPal accounts. Someone will come to your website, fill in the order form, and pay for the product. Once the payment processing company accepts the payment, the product will be available for download.

Some payment processing companies have their own methods to verify if clients’ payments are real or fraudulent. For example, if a client’s IP address does not match the billing country for the credit card used, they may call your client to confirm the purchase. However, when a payment is made, the payment processing company will first say that the payment is accepted, but will then run their fraud protection procedures usually 12-24 hours after. Obviously, if you offer an immediate download for your digital products this fraud protection system will not work for you.

Our company, StivaSoft, has a wealth of experience selling software online. At StivaSoft, we have always offered immediate download of our products. However, like other software companies, StivaSoft has experienced fraudulent orders too, which has made us think of ways to protect ourselves from fraudulent orders, and eventually resulted in implementing a fraud protection system which has drastically reduced the number of these orders.

First, let see how someone usually makes a fraudulent order. Usually, fraudsters either have access to someone else’s PayPal account or a stolen credit card. It’s not that difficult to obtain someone’s credit card details, such as their name, number, billing address, and expiry date. As no PIN is required when making online purchases, it is easy for one to use somebody else’s credit card for their own purchases. The fraudster will usually create a free email account (Yahoo, Hotmail, Gmail), which will be used for the purchase. If they are smart enough to use a proxy server when making the purchase, it will prove almost impossible to track them down and uncover their real identity. As there is no shipping for download purchases, their real physical location remains unknown.

Fortunately, there are many agencies set up where people can file a fraud complaint, such as:

Internet Crime Complaint Center
The National Consumer League’s Fraud Center
The Federal Trade Commission (FTC)

However, you will need to submit at least one real piece of information about the person, such as their name, email address, IP, or physical address. As stated above, these details are unknown in the event the credit card used is stolen, as a fake name is usually given. Although you will have an email address, it will be very difficult to trace if it is a free email account. IP address will remain unknown in the event a proxy server is used, and physical address is also unknown as there is no need for shipping for the purchase of downloads.

Companies, like StivaSoft, these days must take measures to protect consumers, as well as themselves, from fraudulent activity. So the big question here is: “What can be done to obtain real information about your buyers in an easy way which will not slow the download process?”

Well, nowadays almost everyone has a mobile phone. By obtaining a mobile phone number, you have a chance to gather real information about your client. Of course, as with entering a fake name, fraudsters can enter any number, so the trick here is to use the mobile phone number to send a verification code. In the event you have any doubts that a particular order is fraudulent, you can send an SMS message to the mobile phone number provided with a short order verification code. Your client must then confirm the order by entering the same code into the system. Once this is done, you can be 100% sure that the mobile phone number your client has provided is real, and that you have a lead on their physical location. This will make it extremely easy for you to submit an official claim against the person who made the fraudulent order, while making it easy for the local authorities to track them down.

All of the above—asking for mobile phone number, writing specific rules to determine if order may be fraudulent or not, sending an SMS message, requesting the client confirm the order using the verification code, and then providing the digital content—is done automatically. StivaSoft product purchase system has all this functionality built in, and since we’ve implemented it the number of confirmed fraudulent orders is now 0.

If you sell digital content and want to decrease the number of fraudulent orders, contact us at and we will be glad to offer you a fraud protection solution.