If the Order Looks Too Good to Be True – It Might Be! Watch Out for This “Easy Money” Scam (& Other Types of Payment Fraud)
Have you ever received an email from a potential customer looking to place an order for hundreds, or even thousands of blank garments?
Seems like easy money, right? Why not accept the order? I mean, all you need to do is order the blanks, mark it up a bit, and profit! Easy money! 🤑🤑🤑
If it seems too good to be true, it probably is.
A tempting email awaits
There’s a common scam that plagues our industry. You get to work, check out your inbox, and find a cold email that looks something like this (Note: this is a real email received by one of our customers with the name and contact details removed):
Am interested in purchasing some blank t shirts from your store to be picked up and below is the specs and quantities needed.
Size:Adult small size
Size:Adult small size
I would like to know if you can get me pricing on this and do you take credit card through email as form of payment.
Mr. Andrew XXXXXXXX
You say to yourself, “There’s a name and a phone number here (note: we blocked out the contact information). It came in from a legitimate-enough looking email address. If you take this job with your normal markup, you’re likely looking at a few hundred dollars in profit. So why not take it?”
Because it’s probably bullsh*t. More on that in a minute.
Here’s another example of an email that was actually sent into Printavo’s customer care team (again, with contact details removed):
I got your text yesterday about your stocks arriving available as well
I need gildan 2x large all in plain blank white-500 units
I need fruit of the loom 1x large all in plain blank white- 500 units.
I need gildan 1x large all in plain blank yellow- 500 units
I need gildan 2x large all in plain blank orange- 500 units
Shipping to – XXXXXXX enterprise,
XXX XXXXXXX XXXX road
Get back to me with the grand total cost plus shipping thank you
We at Printavo obviously can’t handle such a request since we, you know, don’t print stuff (we just make the software that simplifies managing your print shop), but if we were a print shop, this would certainly be an appealing order.
Order 2,500 blank garments at 100% markup and make $7,500-ish? Why not?!
Again, because this isn’t a legitimate order from a legitimate customer.
So what’s the scam here?
- Fraudster pays you with stolen information
- Fraud victim disputes the charge as fraudulent
- You are out any time and money you spent on this job plus the money you thought you had in the bank from the payment
But it seems so legitimate…
While the address they gave you might be a legitimate address recognized by the post office, it’s unlikely that they actually reside or do business there. Additionally, it’s improbable that the address given matches the billing address on the payment method provided.
The same is presumably true with the phone number. The number could be a legitimate phone number, but it probably does not belong to the person who emailed you.
If the shop fulfills the order, and the legitimate owner of the credit card or bank account disputes the charge, then the shop is out the hundreds or thousands of dollars they thought they had as cash-on-hand.
Depending on the size of the order and the dispute, this could put a shop out of business.
How does the scam play out?
Given our experience, what often happens is:
- A shop receives a generic email from a new customer with a generic name and a generic email address (e.g., Mr. Benjamin Jones <email@example.com>)
- The greeting of the email often doesn’t directly address an individual, but a neutral recipient or broad department (e.g., “To Whom It May Concern” or “To the Sales Department”)
- The email makes a request for several hundred, common garments, often in at least two sizes with no artwork (e.g., 500M and 500XL Gildan White)
- The email provides a legitimate mailing address and a legitimate phone number, but the sender will often refuse to keep business dealings to email and off the phone.
- The employee who receives the email, meaning no ill will, views this as an easy-money job so they accept the work and take payment.
- At this point, the scammer has no further need to communicate with the shop, so they’re dust in the wind.
- The shop fulfills the order and sends hundreds of blank garments to a legitimate address, where, usually, someone unsuspectingly receives a ton of shirts they didn’t order.
- While all of this is going on, the individual whose account information has been stolen notices a fraudulent charge (to them), which they dispute with their bank.
- As this actually is a fraudulent charge, the bank sides with the customer and claws back the money from your shop, leaving you out the money you thought you had.
But how does the charge go through in the first place?
It depends on the method of payment:
- Credit card: If the fraudster is using a credit card, they’ve likely tested the card on a smaller purchase elsewhere (think a $1-$10 online purchase at CVS that could easily go unnoticed).
- ACH or bank transfer: If the fraudster is using ACH or bank transfer, they are relying on you to not let the ACH authorization period pass before you process the order. In other words, the payment may clear from the customer’s end, seemingly giving you the go-ahead to produce. In reality, the 5-7 banking day bank processing window confirming the funds actually exist has not yet passed.
Wait, ACH doesn’t process immediately?
It does and it doesn’t. Check out our guide on all things ACH to learn about:
- The timeline of an ACH transaction
- How ACH returns work and why they might happen
- Best practices for ACH transactions to prevent fraud
Of note, the above are not Printavo-specific issues but are universal to the world of ACH payment processing.
Oh, OK. So what are some red flags that may signify a fraudulent customer?
Great question. Here are some major (and unfortunately common) ones we hear from customers:
🚩A large order of blank or generic designs, usually in only a couple of sizes.
🚩Customer expresses unusual urgency in getting their payment processed, perhaps even pressing you to accept the payment outside of your normal routine.
🚩Order requests that do not address your company or any employees directly when they reach out.
🚩”To good to be true”orders as the scam requires the task on your end to be easy to be successful.
🚩Anyone that overpays on an order then asks for the difference to be refunded to another account or via another method that the original payment.
🚩The “customer” requesting to use their own carrier service. They can possibly claim they never received the goods as means of requesting a refund.
🚩Addresses, when searched on something like Google or Google Maps, do not match what the customer told you should exist.
How can we proactively prevent fraud from occurring at our shop?
While there’s no real way to stop people from attempting fraud, the good news is that you can educate your employees on steps to take if they’re suspicious of an order.
🎓Make your front-end teams and sales staff aware of these types of scams and communicate clearly when you or they see something suspicious.
📱When taking on a new order with a new customer, try to verify the validity of the order and/or customer over the phone. As an added bonus, if the customer is legit, they’ll likely appreciate the outreach, level of service, and relationship building.
🙃Lookout for mis-matched customer name, billing/shipping addresses and addresses submitted for the Payment Account being used.
⏲️Allow adequate time to pass after the payment was made to fulfill the order (be EXTRA careful with Suspicious ‘Rush’ order requests).
What steps has Printavo taken to prevent fraud with their embedded payment system?
Another great (and fair!) question!
While we also can’t prevent bad actors from trying bad acts, we have implemented the following fraud prevention measures behind the scenes here at Printavo:
- ACH Pre-validation services – we check the account information prior to submission to reduce instances of ACH returns. This verifies that the account information provided is an open/active account. Please note: ACH is not a real-time service so pre-validation services are subscribed to by Financial Institutions; however, not all Financial Institutions subscribe and not all records are kept up to date daily.
- Velocity thresholds – in place to monitor for bad activity and actively thwart/block high levels of bad activity prior to submission (e.g., number of payment attempts, frequency of payment attempts, etc.)
- ReCAPTCHA v3 – Recaptcha v3 uses data to validate that a visitor attempting to checkout on your store is a human, as opposed to a script or a bot. The assessment happens silently, behind the scenes, and when a script or bot is detected, they are blocked from checkout. This check is performed on every attempted checkout. Blocking scripts and bots from checking out drastically reduces the threat of automated attacks against your stores, including scripted card testing, which is an unfortunate reality in the e-commerce industry.
- Card Verification Value (CVV) – A card-specific value in the form of a 3- to 4-digit number that acts as an added layer of security when checking out.
- Address Verification Service (AVS) – a card-specific feature that attempts to mitigate fraud by matching various degrees of the paying customer’s billing information on file with the data entered into their online transaction. Please note: AVS is an opt-in security feature at Printavo. To opt in, email firstname.lastname@example.org.
Are there other scams I should be on the lookout for?
Unfortunately, yes. Here are a few that we see come up:
Overpayment/Alternative Refund Scam
🚩What it is: A fraudster “accidentally” overpays you and asks you to refund the overpayment to something other than the original form of payment (e.g., via a check or a wire transfer) claiming to have issues with their original payment source.
If you refund the payment to the fraudster and the victim of fraud disputes the original payment, you could be out up to twice as much money (i.e., what you refunded plus the disputed amount).
Due to the nature of the potential 2x money loss, the overpayment scam is especially dangerous for your business’ bottom line.
To defend against this, we recommend upholding a strict refund policy mandating that any full or partial refunds only go to the original form of payment. Add said policy to your Terms and Conditions. (In Printavo, you can set default terms and conditions to appear on all jobs under your Invoice Information settings.)
Need help writing Terms and Conditions? Check out our free guide on terms and conditions. Free Download: Sample Terms and Conditions for Screen Printing Shops | How to Write Terms and Conditions
Note: Printavo’s embedded payment system neither allows for overpayment nor for refunding to any method of payment outside of the original payment method.
🚩What it is: Friendly fraud—also known as “first-party misuse” or “first-party fraud”—occurs when a legitimate cardholder makes a purchase, but then disputes it at a later date.
There are two circumstances that lead to friendly fraud:
- An accidental dispute: In some cases, the purchaser may not recognize the transaction description on their banking statement. To help combat this in Printavo, be sure to fill out a clear DBA – Statement Descriptor when completing the payment setup.
- A deliberate dispute: In other cases, the purchaser may be experiencing a case of buyer’s remorse, or perhaps just wants to try and get a bunch of stuff for free, so after the legitimate transaction the purposefully dispute the charge they know is legitimate. While you can’t control the decisions people make, we recommend covering your bases by having clear return policies prominently displayed in your Terms and Conditions.
Note: Disputes can be a pain, but we’ve dedicated a section of our Payments FAQ dedicated to handling disputes. You can also always email us at email@example.com with any questions about handling a dispute on a transaction processed in your Printavo account.
Card testing occurs when a fraudster validates stolen credit card details through small-dollar transactions. This scam often shows itself through multiple failed payment attempts within a short timeframe.
I have more questions – what should I do?
Shoot us an email at firstname.lastname@example.org and we’ll do what we can to help you out!