CODfraud preventionorder management

COD Fraud Risk Scoring: Rate Orders Before You Ship

COD fraud risk scoring dashboard showing order risk levels from low to high with verification checkpoints

Between 25% and 30% of COD orders in India never convert to cash. The customer refuses delivery, gives a fake address, or simply doesn't answer the door. In tier-3 cities, that failure rate climbs to 45%. Every one of those failed deliveries costs you the product, the shipping, the return logistics, and the courier's time — with zero revenue to show for it.

Most COD merchants fight this reactively. A fake order comes in, they block that phone number. Another slips through, they add that pincode to a watchlist. It's whack-a-mole, and the moles are winning. COD fraud risk scoring is the smarter approach: assign a numerical score to every order before it ships, and let the score decide how much verification it needs.

How Does COD Fraud Risk Scoring Work?

COD fraud risk scoring assigns a numerical score to every incoming order based on how many fraud signals it triggers. Instead of treating every COD order the same — or manually reviewing suspicious ones — the system does the math automatically.

An order from a verified repeat customer shipping to a tier-1 city scores low. An order from a brand-new phone number, shipping to a pincode with 40% historical RTO, placed at 2 AM on a Saturday, scores high. The score determines what happens next: low-risk orders ship immediately, medium-risk orders get a WhatsApp confirmation, high-risk orders require OTP verification or get flagged for manual review.

The key insight: you don't need to verify every order. That kills conversion. You only need to verify the ones that look suspicious. Studies across 45,000 orders show that selective OTP verification based on risk scores cuts fraud completion by 78-84% while only reducing conversion by 4-7%.

The 8 Signals That Predict a Fake COD Order

Not all fraud signals carry equal weight. Some are strong predictors on their own. Others only matter in combination. Here are the signals worth tracking, roughly ordered by predictive strength:

  • Phone number history — Is this number linked to previous failed deliveries or blocked orders? New, unverified numbers are higher risk.
  • Pincode RTO rate — Some pincodes have 3x the RTO rate of others. If your historical data shows a pincode consistently fails, every order shipping there starts at a higher baseline risk.
  • Order value relative to average — Orders significantly above your store's AOV from first-time customers are a red flag. Fraudsters don't care about the price because they never plan to pay.
  • Address quality — Vague "landmark-only" addresses, missing apartment numbers, or addresses that don't match postal databases. Address validation alone can prevent 42-48% of address-based fraud.
  • Time of order — Orders placed between midnight and 5 AM have higher fraud rates in most COD markets. Legitimate customers buy during normal hours.
  • Order frequency — Multiple orders from the same IP, device fingerprint, or phone number within a short window.
  • Customer age — First-time customers are inherently riskier than someone who has successfully received and paid for 3 previous orders.
  • Payment method choice — A customer who picks COD when prepaid options with discounts are available is slightly higher risk than one who was never offered an alternative.

Build a Points-Based Scoring Sheet in 30 Minutes

You don't need machine learning to start. A simple spreadsheet-based scoring system works for stores processing up to a few hundred orders per day. Here's how to build one:

  1. Assign point values to each signal. Phone number previously linked to RTO: +30 points. High-RTO pincode: +20 points. First-time customer: +10 points. Order value 2x above AOV: +15 points. Vague address: +15 points. Late-night order: +10 points.
  2. Set threshold tiers. 0-20 points: ship immediately (low risk). 21-39 points: send WhatsApp confirmation before shipping (medium risk). 40+ points: require OTP verification (high risk). 70+ points: flag for manual review or auto-cancel.
  3. Add positive signals that reduce the score. Successful previous delivery to this address: -20 points. Verified phone number (already confirmed via OTP on a past order): -15 points. Prepaid partial payment made: -25 points.
  4. Track outcomes and adjust. After 2-4 weeks, check which scores actually correlated with RTO. If orders scoring 25 are completing fine, raise your medium-risk threshold. If orders scoring 35 are failing, lower it.

The exact point values matter less than having a system at all. You'll calibrate over time as your data grows.

Automate the Scoring Into Your Order Flow

A spreadsheet works for learning which signals matter for your store. But manually scoring every order doesn't scale past 50-100 orders per day. The goal is to wire scoring directly into your checkout flow so verification happens automatically.

The automation logic is straightforward: order comes in → system checks the signals → score is calculated → the appropriate verification step triggers without anyone touching it. WhatsApp or IVR order confirmation alone reduces RTO by 10-25% within weeks for most stores. Layering it on top of risk scoring means you're only adding that friction where it matters.

For Shopify COD stores, tools like EasySell let you set order limits per customer, require OTP verification on the order form, and block known bad phone numbers or IPs — which covers several of the high-weight scoring signals without custom development.

Use Pincode Data to Set Shipping Rules

Your courier partners already have this data, even if they don't share it proactively. Delivery success rates between courier partners can vary by 15-25% for the same pincode. That means your choice of courier is itself a fraud prevention decision.

Pull your last 90 days of order data and group it by pincode. You're looking for three things:

  • High-RTO pincodes — Any pincode where more than 30% of COD orders fail. These need mandatory verification before shipping, regardless of other risk signals.
  • Courier performance gaps — If courier A delivers successfully 80% of the time in a pincode where courier B only manages 55%, route orders to courier A for that area.
  • Seasonal patterns — Some pincodes spike in RTO during specific periods (festivals, end of month). Build that into your scoring calendar.

D2C brands using AI-powered logistics tools that match orders to the best-performing courier per pincode report RTO rates of 5-10%, compared to the national average of 20-30%. Even without AI, manually routing your worst pincodes to your best courier makes a measurable difference.

The Conversion Trade-Off: Where to Draw the Line

Every verification step you add kills some legitimate orders. OTP verification on every order might cut fraud by 90%, but it also turns away real customers who don't want to deal with the friction. The entire point of risk scoring is precision — applying friction only where the data says it's needed.

A well-calibrated scoring system puts roughly 60-70% of your orders in the low-risk tier (no extra verification), 20-25% in medium risk (WhatsApp confirmation), and 5-15% in high risk (OTP or manual review). If your high-risk tier is catching more than 20% of orders, your thresholds are too aggressive and you're hurting conversion unnecessarily.

Monitor two numbers weekly: your overall RTO rate and your conversion rate. If RTO drops but conversion drops by a similar percentage, you've just traded one problem for another. The sweet spot is where RTO falls significantly while conversion dips only slightly — that 78-84% fraud reduction with only 4-7% conversion loss is the benchmark to aim for.

Start With One Signal, Then Stack

Don't try to implement all 8 scoring signals on day one. Start with the two highest-impact ones for your store — usually phone number history and pincode RTO rate — and run them for 2 weeks. Measure the impact. Then add address validation. Then order value flagging. Each layer compounds on the last.

The stores that get this right aren't the ones with the most sophisticated AI. They're the ones that actually looked at their RTO data, identified the patterns, and built rules around them. A basic scoring system that runs on every order beats a perfect system that lives in a planning document.

Export your last 90 days of failed deliveries today. Sort by pincode, phone number, and order value. The patterns will be obvious — and those patterns are your first scoring rules.