address validationCODfraud prevention

COD Address Fraud: Spot Fake Addresses Before You Ship

COD address fraud detection dashboard showing flagged orders with address anomalies and geographic clusters

COD address fraud doesn't always look like fraud. Your OTP verification is working. Phone numbers check out. The order looks clean. Then your courier marks it "address not found" and you eat the shipping cost both ways.

This is COD address fraud's quieter, more expensive cousin. It doesn't come from throwaway phone numbers or obviously fake names. It comes from orders that pass your verification checks but ship to addresses that don't exist — or exist but belong to nobody who placed the order. According to Signifyd, 13% of ecommerce orders now show signs of address manipulation. For COD merchants, where every failed delivery is pure loss, that number hits harder than most fraud stats.

A single failed COD delivery costs you the product, forward shipping, return shipping, and repackaging labor. Multiply that by dozens of fake-address orders per month and you're bleeding margin on sales that were never real. In India alone, 25–30% of COD orders end up as return-to-origin — and address issues are one of the top drivers.

Why Does COD Address Fraud Slip Past OTP and Phone Verification?

Most COD fraud prevention focuses on the phone number. OTP verification, phone blocklists, SMS confirmations — these tools work well against lazy fraudsters using burner numbers. But they miss a specific fraud type: orders placed with real, verified phone numbers sent to addresses that are incomplete, fabricated, or belong to someone else.

The fraudster answers the OTP. They confirm the order on WhatsApp. Everything checks out until the courier arrives at an empty lot, a demolished building, or a house where nobody ordered anything. By then, your product is already in transit and your money is already spent.

This is why phone verification alone isn't enough — even if you've already set up phone and IP blocklists. You need to look at the address itself.

Four Address Red Flags That Signal Fraud

The four most common COD address fraud signals are systematic address progressions, geographic clustering from new accounts, order velocity spikes, and mismatched location coordinates. Once you know what to look for, you can catch most of it before the courier picks up the package.

  • Systematic address progressions. Multiple orders shipping to Flat 101, Flat 102, Flat 103 in the same building — or House 14, House 15, House 16 on the same street. Bepragma.ai's research on confirmed COD fraud cases found that fraudsters frequently create orders to different flat numbers within the same building or neighboring street addresses with sequential number progressions. Real customers don't order to every unit in a row.
  • Geographic clustering from new accounts. Five orders in two days, all shipping to the same pincode, all from first-time buyers. Legitimate sales cluster around popular areas, but fraud clusters look different — same neighborhood, different names, no order history.
  • Velocity spikes. Three or more orders placed within 60 minutes appear in 67–74% of confirmed COD fraud cases, according to bepragma.ai, compared to less than 0.8% of genuine customer activity. If you're seeing rapid-fire orders to nearby addresses, that's not a coincidence.
  • Mismatched coordinates. The address says one city, but the IP or GPS data points somewhere else entirely. Or the pincode doesn't match the city name. These mismatches are easy to check and hard for fraudsters to fake consistently.

Set Up Velocity Rules That Block Fraud Without Blocking Customers

The fastest fix is velocity controls — rules that limit how many COD orders can come from the same phone number, IP address, or delivery area within a set time window.

Rules that work well in practice:

  1. Max 2 COD orders per phone number within 48 hours. Genuine repeat buyers rarely place multiple COD orders in two days. Fraudsters do.
  2. Max 3 orders to similar addresses within 7 days. This catches the flat-number progression pattern without affecting legitimate apartment buildings where different residents order independently over time.
  3. Flag any order where 3+ COD orders originate within 60 minutes from the same IP or device. Review these manually before shipping.

Automated velocity controls like these can stop 89–93% of velocity-based fraud before anyone on your team needs to intervene. You can set these up using Shopify Flow or a dedicated fraud prevention app — the rules themselves matter more than the tool.

Use Pincode-Level Data to Identify High-Risk Zones

Not all delivery areas carry the same risk. Delhivery's data shows that Tier 3 and rural areas in India have RTO rates of 40–45%, while Tier 1 cities hover around 15–20%. Your own order data likely tells a similar story.

Pull your last 90 days of COD orders and sort by pincode. You'll probably find that 5–10 pincodes account for a disproportionate share of your failed deliveries. Once you've identified these zones, you have options:

  • Disable COD for the worst-performing pincodes. Studies show disabling COD for high-RTO pin codes can cut RTO rates by 30–40%. Offer prepaid-only with a small discount to soften the impact.
  • Require a partial payment for medium-risk pincodes. A small deposit — even 10–15% of the order value — filters out buyers with no intention of accepting delivery. EasySell lets you set up partial payments on the order form so COD customers pay a deposit upfront, which significantly reduces fake orders.
  • Add manual review for flagged zones. A quick phone call to confirm the order takes two minutes and saves you ₹200–400 in wasted shipping.

Validate Addresses Before They Enter Your System

The cheapest time to catch a bad address is before you print the shipping label. Address validation at the point of order catches typos, incomplete addresses, and outright fabrications.

What address validation actually looks like:

  • Pincode-city matching. If the customer types "Mumbai" but enters a Delhi pincode, flag the order. This is a basic check that catches lazy fraud and genuine mistakes alike.
  • Required address fields. Make apartment/flat number, landmark, and full street address mandatory for areas where courier partners report frequent "address not found" issues.
  • Map-based address confirmation. Showing customers a map pin of their delivery location and asking them to confirm it eliminates nearly all mis-routed orders. One implementation cut failed deliveries by roughly 20%.

These checks don't slow down legitimate buyers — typing a complete address takes seconds. But they make life significantly harder for fraudsters filling in forms with made-up data.

Build a Fraud Scoring System From Your Own Data

Generic fraud rules are a starting point. Your own order history is the real weapon.

Every failed delivery teaches you something. Track these data points for every RTO:

  • Pincode
  • Time of order placement
  • Whether the customer was a first-time buyer
  • Phone number (for repeat offenders)
  • Address completeness (how many fields were filled in vs. left blank)

After 60–90 days, you'll have enough data to build a simple scoring system. Orders from high-RTO pincodes + first-time buyer + incomplete address + placed between midnight and 5 AM = high risk. Orders from proven pincodes + returning customer + full address = low risk.

You don't need machine learning for this. A spreadsheet analysis of your RTO data, turned into 3–4 Shopify Flow rules, will catch the majority of address-based fraud. The merchants who actually do this analysis consistently outperform the ones buying expensive fraud tools and hoping for the best.

How Should You Handle Flagged Orders Without Losing Real Sales?

Catching suspicious orders is only half the problem. You also need a process that doesn't turn legitimate buyers into collateral damage.

A three-tier approach works well:

  1. Auto-approve orders from returning customers with clean delivery history, regardless of location.
  2. Quick verify orders that hit one red flag — send an automated WhatsApp message asking the customer to confirm their address. Most real buyers respond within minutes. Fraudsters don't.
  3. Manual review orders that hit two or more red flags. Call the customer directly. If they don't answer or the address details don't add up, cancel before shipping.

This tiered system keeps your fulfillment speed high for trusted customers while adding friction only where it's needed. The goal isn't to block more orders — it's to stop shipping products to addresses where nobody's home.

Start with your RTO data. Export it today, sort by pincode, and look for the clusters. That 30 minutes of analysis will tell you exactly where your address fraud problem lives — and the velocity rules and validation checks you set up this week will start saving you money on your next batch of shipments.