You can mix and match these rules based on your business requirements. For example, if only one shows up in an order it will not be considered a hazard, but if two or more are present it will be flagged for review. Evaluate your filtering results regularly and refine your rules.
Ranking and Messaging
A more advanced system will assign a high, medium or low risk profile to each suspect order based on which rule or combination of rules it triggers. Each order can be flagged accordingly and then dropped into an appropriate queue for review by a CSR. To initiate a dialog with your customers and reduce the load on CSRs, the system should automatically generate e-mails for each category. Predefined responses for each category could be as follows:
High risk: Hold or even delete these orders immediately. Automated e-mails should tell customers their order cannot be processed and that they should call your toll-free customer service line. Fraud perpetrators will almost certainly never call, but legitimate customers probably will. After further investigation, the order can be completed or cancelled as appropriate.
Medium risk: The order is held in a queue for review by a CSR. The customer then receives an e-mail explaining that his or her order is on hold for a routine security/quality review and a CSR will be calling him or her soon.
Low risk: These orders are reviewed by a CSR who either deletes or approves them. The customer is not notified unless further investigation is necessary.
It's up to you how you define your risk levels. If you can, base them upon empirical evidence gathered from other aspects of your fraud system.
A blacklist is a list of all e-mail addresses, names, phone numbers, billing addresses, shipping addresses or other information associated with fraudulent transactions. Check every transaction against the blacklist, and if any of the information matches, your system can stop it automatically.