E-commerce Fraud Prevention
Use the ScamVerify™ API to prevent e-commerce fraud through URL verification, phone verification for customer contacts, and text/email analysis for support ticket screening.
E-commerce platforms face fraud from multiple angles: fake storefronts, phishing payment pages, fraudulent customer accounts, and social engineering through support channels. The ScamVerify™ API covers all four attack surfaces with phone, URL, text, and email verification.
Attack Surfaces
1. Fake Payment Pages and Phishing URLs
Fraudsters clone your checkout page and host it on a lookalike domain. Customers get tricked into entering payment details on the fake site. URL verification catches these by checking domains against malware databases, phishing feeds, and threat intelligence.
2. Fraudulent Customer Accounts
Accounts created with disposable VoIP numbers, high-risk carriers, or numbers with FTC complaint histories are more likely to be fraudulent. Phone verification at signup helps catch these before they cause chargebacks.
3. Support Channel Exploitation
Scammers submit fake support tickets via email or text containing phishing links, social engineering tactics, or impersonation attempts. Text and email analysis flags these before your support team engages.
Multi-Channel Protection
A comprehensive fraud prevention setup uses all four ScamVerify™ channels together.
class FraudPrevention {
constructor(apiKey) {
this.apiKey = apiKey;
this.baseUrl = 'https://scamverify.ai/api/v1';
}
async callApi(endpoint, body) {
const response = await fetch(`${this.baseUrl}${endpoint}`, {
method: 'POST',
headers: {
'Authorization': `Bearer ${this.apiKey}`,
'Content-Type': 'application/json',
},
body: JSON.stringify(body),
});
if (!response.ok) {
throw new Error(`API error: ${response.status}`);
}
return response.json();
}
// Verify a customer's phone number at signup
async verifyCustomerPhone(phoneNumber) {
const result = await this.callApi('/phone/lookup', {
phone_number: phoneNumber,
});
return {
approved: result.risk_score < 50,
riskScore: result.risk_score,
isVoip: result.signals.line_type === 'voip',
hasFtcComplaints: result.signals.ftc_complaints > 0,
verdict: result.verdict,
};
}
// Check a URL submitted by a customer or found in your marketplace
async verifyUrl(url) {
const result = await this.callApi('/url/lookup', { url });
return {
isSafe: result.verdict === 'safe' || result.verdict === 'low_risk',
riskScore: result.risk_score,
threats: result.signals,
verdict: result.verdict,
explanation: result.explanation,
};
}
// Screen an incoming support email
async screenSupportEmail(emailBody, rawHeaders) {
const body = { email_body: emailBody };
if (rawHeaders) {
body.raw_headers = rawHeaders;
}
const result = await this.callApi('/email/analyze', body);
return {
isPhishing: result.risk_score >= 60,
riskScore: result.risk_score,
verdict: result.verdict,
extractedUrls: result.signals.extracted_urls,
extractedPhones: result.signals.extracted_phones,
headerAnalysis: result.signals.header_analysis,
};
}
// Analyze an SMS-based support request
async screenSupportText(text, senderNumber) {
const result = await this.callApi('/text/analyze', {
text,
sender_number: senderNumber,
});
return {
isSuspicious: result.risk_score >= 40,
riskScore: result.risk_score,
verdict: result.verdict,
extractedUrls: result.signals.extracted_urls,
};
}
}Signup Fraud Prevention
The highest-value integration point is during account creation. Checking the phone number at signup catches the most fraud with the least friction.
const fraud = new FraudPrevention(process.env.SCAMVERIFY_API_KEY);
app.post('/api/accounts/create', async (req, res) => {
const { email, phone, name } = req.body;
// Step 1: Verify phone number
const phoneCheck = await fraud.verifyCustomerPhone(phone);
if (!phoneCheck.approved) {
// Log the rejection for analysis
await logFraudSignal('signup_rejected', {
phone,
riskScore: phoneCheck.riskScore,
verdict: phoneCheck.verdict,
isVoip: phoneCheck.isVoip,
});
return res.status(400).json({
error: 'Unable to verify phone number. Please use a different number or contact support.',
});
}
// Step 2: Create account with risk metadata
const account = await createAccount({
email,
phone,
name,
phoneRiskScore: phoneCheck.riskScore,
phoneLineType: phoneCheck.isVoip ? 'voip' : 'standard',
});
return res.json({ accountId: account.id });
});Marketplace URL Monitoring
If your platform allows sellers to link external websites, verify those URLs to protect buyers from phishing and malware.
app.post('/api/listings/create', async (req, res) => {
const { title, description, externalUrl, sellerId } = req.body;
if (externalUrl) {
const urlCheck = await fraud.verifyUrl(externalUrl);
if (!urlCheck.isSafe) {
await flagListing(sellerId, {
reason: 'malicious_url',
url: externalUrl,
riskScore: urlCheck.riskScore,
explanation: urlCheck.explanation,
});
return res.status(400).json({
error: 'The external URL did not pass our safety check. Please use a different URL.',
});
}
}
const listing = await createListing({ title, description, externalUrl, sellerId });
return res.json({ listingId: listing.id });
});Support Ticket Screening
Automatically screen incoming support emails and texts before they reach your team.
// Email support webhook
app.post('/webhooks/support-email', async (req, res) => {
const { from, subject, body, rawHeaders } = req.body;
const screening = await fraud.screenSupportEmail(body, rawHeaders);
if (screening.isPhishing) {
// Auto-quarantine, do not show to support agents
await quarantineTicket({
from,
subject,
riskScore: screening.riskScore,
maliciousUrls: screening.extractedUrls,
});
return res.json({ action: 'quarantined' });
}
// Safe to route to support queue
await createTicket({ from, subject, body, riskMetadata: screening });
return res.json({ action: 'routed' });
});Fraud Signal Correlation
The most powerful fraud detection comes from correlating signals across channels. A customer with a high-risk phone number who also submits support tickets containing phishing URLs is almost certainly fraudulent.
| Signal Combination | Fraud Confidence | Recommended Action |
|---|---|---|
| High-risk phone + VoIP line type | Medium | Flag for review |
| High-risk phone + support email with phishing URLs | High | Auto-block account |
| Clean phone + single suspicious URL in ticket | Low | Review the URL only |
| FTC complaints on phone + robocall detected | High | Reject signup |
| Multiple support tickets with extracted URLs all flagged | High | Suspend account and investigate |
Cross-channel lookups are counted separately. A phone lookup and a URL lookup consume one quota each from their respective channel quotas. Plan your quota allocation based on which channels you use most.
Related
- Phone Lookup API Reference for customer verification
- URL Verification API Reference for marketplace URL checking
- Email Analysis API Reference for support ticket screening
- Text Analysis API Reference for SMS support screening
Contact Center Compliance
Use the ScamVerify™ API for TCPA compliance, DNC list checking, lead quality scoring, and inbound call screening in contact center operations.
Insurance Claims Fraud Detection
Use the ScamVerify™ API to detect fraud in insurance claims through phone number analysis, URL verification for submitted links, and email analysis for phishing in claims communications.