Watch out for this “easy money” scam (and other types of payment fraud)

We’re sharing helpful tips from our sister company, Printavo, including this one on how to avoid scam orders and how to protect your business. Read on for more helpful information.

Have you ever received an email from a potential customer looking to order hundreds or thousands of blank garments?

Seems like easy money, right? Why not accept the order? All you need to do is order the blanks, mark it up a bit, and profit! Easy money! 🤑🤑🤑

If it seems too good to be true, it probably is. 

A tempting email awaits

There’s a common scam that plagues our industry. You get to work, check  your inbox, and find an email that looks something like this (Note: this is a real email received by one of our customers with the name and contact details removed):

Hello Sales,

Am interested in purchasing some blank t-shirts from your store to be picked up and below is the specs and quantities needed.

Brand:Jerzees/Gildan

Size:Adult small size

Quantity:300PCS

50/50% Cotton

Color

Brand:Jerzees/Gildan

Size:Adult small size

Quantity:300PCS

50/50% Cotton

Color: :White

I would like to know if you can get me pricing on this and do you take credit card through email as form of payment.

Best Regards

Mr. Andrew XXXXXXXX

Tel:XXX-XXX-XXXX

You say to yourself, “There’s a name and a phone number here” (note: we blocked out the contact information). It came in from a legitimate-enough-looking email address.”

If you take this job with your normal markup, you’re likely looking at a few hundred dollars in profit. So why not take it?

Because it’s probably bullsh*t. More on that in a minute.

Here’s another example of an email that was actually sent to the customer care team at our sister company, Printavo (with contact details removed):

I got your text yesterday about your stocks arriving available as well. 
I need Gildan 2x large all in plain blank white-500 units
I need Fruit of the Loom 1x large all in plain blank white- 500 units.
I need Gildan 1x large all in plain blank yellow- 500 units
I need Gildan 2x large all in plain blank orange- 500 units

Shipping to – XXXXXXX enterprise,

XXX XXXXXXX XXXX road

XXX, MA,XXXX

Get back to me with the grand total cost plus shipping thank you

While Printavo and InkSoft don’t print merch (we just make the software that simplifies managing your print shop and online sales),  this would certainly be an appealing order.

Order 2,500 blank garments at 100% markup and make $7,500-ish. Why not?

Again, because this isn’t a legitimate order from a legitimate customer.

So what’s the scam here?

  • Fraudster pays you with stolen information
  • Fraud victim disputes the charge as fraudulent
  • You are out any time and money you spent on this job plus the money you thought you had in the bank from the payment

But it seems so legitimate…

While the address they gave you might be a legitimate address recognized by the post office, it’s unlikely that they actually reside or do business there. Additionally, it’s improbable that the address given matches the billing address on the payment method provided.

The same is presumably true with the phone number. The number could be a legitimate phone number, but it probably does not belong to the person who emailed you.

If the shop fulfills the order, and the legitimate owner of the credit card or bank account disputes the charge, the shop is out of hundreds or thousands of dollars they thought they had as cash on hand.

Depending on the size of the order and the dispute, this could put a shop out of business.

How does the scam play out?

Given our experience, what often happens is:

  1. A shop receives a generic email from a new customer with a generic name and a generic email address (e.g., Mr. Benjamin Jones <bjones89183412@gmail.com>)
  2. The greeting of the email often doesn’t directly address an individual, but a neutral recipient or broad department  (e.g., “To Whom It May Concern” or “To the Sales Department”)
  3. The email makes a request for several hundred common garments, often in at least two sizes with no artwork (e.g., 500M and 500XL Gildan White)
  4. The email provides a legitimate mailing address and phone number, but the sender will often refuse to keep business dealings to email and off the phone.
  5. The employee who receives the email, meaning no ill will, views this as an easy-money job, so they accept the work and take payment.
  6. At this point, the scammer has no further need to communicate with the shop, so they’re dust in the wind.
  7. The shop fulfills the order and sends hundreds of blank garments to a legitimate address, where, usually, someone unsuspectingly receives a ton of shirts they didn’t order.
  8. While all of this is going on, the individual whose account information has been stolen notices a fraudulent charge (to them), which they dispute with their bank.
  9. As this actually is a fraudulent charge, the bank sides with the customer and claws back the money from your shop, leaving you out of the money you thought you had.

But how does the charge go through in the first place?

It depends on the method of payment:

  • Credit card: If the fraudster is using a credit card, they’ve likely tested it on a smaller purchase elsewhere (think a $1-$10 online purchase that easily goes unnoticed).
  • ACH or bank transfer: If the fraudster is using ACH or bank transfer, they are relying on you not to let the ACH authorization period pass before you process the order.

    In other words, the payment may clear from the customer’s end, seemingly giving you the go-ahead to produce. In reality, the 5-7 banking day bank processing window confirming the funds actually exist has not yet passed.

Here’s more information on the different types of transactions, including ACH, and how they work in InkSoft.

What are some red flags that may signify a fraudulent customer?

Great question. Here are some major (and unfortunately common) ones we hear from customers:

🚩A large order of blank or generic designs, usually in only a couple of sizes.

🚩Customer expresses unusual urgency in processing their payment, perhaps even pressing you to accept the payment outside your normal routine.

🚩Order requests that do not directly address your company or any employees when they reach out.

🚩”To good to be true” orders as the scam requires the task on your end to be easy to be successful.

🚩Anyone who overpays on an order then asks for the difference to be refunded to another account or via another method than the original payment.

🚩The “customer” requesting to use their own carrier service. They can possibly claim they never received the goods as a means of requesting a refund.

🚩Addresses, when searched on something like Google or Google Maps, do not match what the customer told you should exist.

How can we proactively prevent fraud from occurring at our shop?

While there’s no real way to stop people from attempting fraud, the good news is that you can educate your employees on how to avoid scam orders.

🎓Make your front-end teams and sales staff aware of these types of scams and communicate clearly when you or they see something suspicious. 

📱When taking on a new order with a new customer, try to verify the validity of the order and/or customer over the phone. As an added bonus, if the customer is legit, they’ll likely appreciate the outreach, level of service, and relationship building.

🙃Lookout for mismatched customer names, billing/shipping addresses, and addresses submitted for the Payment Account being used.

⏲️Allow adequate time to pass after the payment was made to fulfill the order (be EXTRA careful with Suspicious ‘Rush’ order requests).

What steps has InkSoft taken to prevent fraud with its embedded payment system?

While we also can’t prevent bad actors from trying bad acts, we have implemented the following fraud prevention measures behind the scenes here at InkSoft:

  1. ACH pre-validation services – We check the account information prior to submission to reduce instances of ACH returns. This verifies that the account information provided is an open/active account. Please note: ACH is not a real-time service, so pre-validation services are subscribed to by Financial Institutions; however, not all Financial Institutions subscribe, and not all records are kept up to date daily.
  2. Velocity thresholds -In place to monitor for bad activity and actively thwart/block high levels of bad activity prior to submission (e.g., number of payment attempts, frequency of payment attempts, etc.)
  3. ReCAPTCHA v3 – Recaptcha v3 uses data to validate that a visitor attempting to checkout on your store is a human instead of a script or a bot. The assessment happens silently, behind the scenes, and when a script or bot is detected, they are blocked from checkout. This check is performed on every attempted checkout. Blocking scripts and bots from checking out drastically reduces the threat of automated attacks against your stores, including scripted card testing, which is an unfortunate reality in the e-commerce industry.
  4. Card Verification Value (CVV) – A card-specific value in the form of a 3- to 4-digit number that acts as an added layer of security when checking out.
  5. Address Verification Service (AVS) – A card-specific feature that attempts to mitigate fraud by matching various degrees of the paying customer’s billing information on file with the data entered into their online transaction. Please note: AVS is an opt-in security feature at InkSoft. To opt in, contact your Customer Success Manager. 

Are there other scams I should be on the lookout for?

Unfortunately, yes. Here are a few that we see come up:

Overpayment/Alternative Refund Scam

🚩What it is: A fraudster “accidentally” overpays you and asks you to refund the overpayment to something other than the original form of payment (e.g., via a check or a wire transfer), claiming to have issues with their original payment source. 

If you refund the payment to the fraudster and the victim of fraud disputes the original payment, you could be out up to twice as much money (i.e., what you refunded plus the disputed amount).

Due to the nature of the potential 2x money loss, the overpayment scam is especially dangerous for your business’s bottom line.

To defend against this, we recommend upholding a strict refund policy mandating that any full or partial refunds only go to the original form of payment.  Add that policy to your Terms and Conditions. (Here’s how to set up store policies in InkSoft.) 

Need help writing Terms and Conditions? Check out this free guide on terms and conditions. 

Note: InkSoft’s embedded payment system neither allows for overpayment nor refunding to any payment method outside of the original payment method.

Friendly fraud

Friendly fraud—also known as “first-party misuse” or “first-party fraud”—occurs when a legitimate cardholder makes a purchase but then disputes it at a later date. 

There are two circumstances that lead to friendly fraud:

  1. An accidental dispute: In some cases, the purchaser may not recognize the transaction description on their banking statement. To help combat this issue, be sure to fill out a clear DBA – Statement Descriptor when completing the payment setup.
  2. A deliberate dispute: In other cases, the purchaser may be experiencing a case of buyer’s remorse or perhaps just wants to try and get a bunch of stuff for free. After the legitimate transaction, they purposefully dispute the charge they know is legitimate. 

While you can’t control the decisions people make, we recommend covering your bases by having clear return policies prominently displayed in your Terms and Conditions.

If you need additional help, check out our FAQ on handling disputes

Card Testing

Card testing occurs when a fraudster validates stolen credit card details through small-dollar transactions. This scam often shows itself through multiple failed payment attempts within a short timeframe. 

Have additional questions on how to avoid scam orders? We recommend reviewing our full set of help articles on embedded payments, disputes, and fraud prevention.