Fraud at FareHarbor
Last updated: September 19, 2023
Unfortunately, a risk in any business that processes payments will be to encounter bad actors who commit fraud. Fraud is varied and complex, and we will outline some of the basics as it pertains to FareHarbor below. There isn’t one thing that will tell us if something is fraudulent. If you think something is off, trust your gut, and please let your manager know.
Prevention: Stripe Radar
We use a service (at no additional cost to the client) called Stripe Radar, and it’s a Machine Learning system that monitors and blocks fraudulent transactions. This, of course, blocks the obvious fraud and doesn’t mean we are guaranteed full protection from fraudulent bookings. We are always monitoring these and improving the rules, so it’s a dynamic and ever-evolving process.
End User (cardholder / booker) Fraud
One type of end user fraud occurs when a booking is made illegitimately, for example with stolen credit card information. The legitimate cardholder will file a dispute with their bank which our client has to cover. This is also called true fraud.
Another example of end user fraud is a customer booking a tour with his own credit card, then after filing a dispute and claiming their card was used fraudulently. This is called friendly fraud.
We strongly suggest to read our Tips for preventing disputes | FareHarbor. This help page is for clients to avoid receiving and losing disputes.
We advise clients to refund any payments that they suspect to be made fraudulent as soon as possible. This will avoid disputes and extra work in the future.
Some suspicious transactions are blocked by Stripe Radar, a Machine Learning tool that combines a lot of information for each transaction and evaluates its risk.
Client (business) Fraud
Rogue Client (onboarded legitimately, turns into a bad actor after some time)
The vast majority of our clients are honest and legitimate businesses. However, FareHarbor has some vulnerabilities that make us at risk for bad actors to get a hold of our system. This type of fraud is tough to catch instantly, and we’ve historically caught this behavior once disputes begin happening. In order to potentially spot something and say something, it’s important to be aware of what this behavior looks like. Talk to your manager if you have a bad feeling about a client’s behavior.
Common scenarios:
- Companies that go out of business but keep an integration and online bookings open, so end users will show up to nothing or a shut down business.
- Employees that have access to bank accounts and bookings will add charges to existing bookings or create fake bookings.
What to look out for:
- Sudden increase in chargebacks
- Sudden increase in the amount of bookings
Online reviews; do they have a good rating but a recent influx of 1 star reviews?

Fake Client
Sometimes a criminal will send a demo request to onboard a completely fake company. This means all the information looks real, but is really fraudulent. In order to potentially spot something and say something, it’s important to be aware of what this behavior looks like. Talk to your manager if you have a bad feeling about a client’s behavior.
Questions to ask yourself in the Lead Generation/Sales/ OB Process:
- Was it a demo request or did Sales reach out? (Inbound demo request has a much higher fraud probability)
- Does the POC want to go live very fast, has no questions, declines or asks if he can skip a demo and/or training despite having a not good/serious looking website?
- Does the used email address match the domain of the website → Risk of impersonating another company (Does not work if they use @gmail or other generic services)
- How complex is the desired integration? Does he not ask for things that are typical for the business type, like waivers, deposit custom fields, age acknowledgements, etc.?
- How long have they been in business?
- Do they have a Google My Business Page and if not ask them about it?
- Do they have social media? If so, take a look at their engagement, follower count, reviews and when did they join or when was their first post?
- What is their address? Once you get it, Google Map it and go to the street view.
- Does the address match the business type? E.g. a garage or yard for a car rental business, marina for a watersport business etc.
- Are they unwilling to do a video call?
Tools to help identify possible Fake Businesses:
- https://web.archive.org/. This tool archives websites over time. If the URL for the possible fraudulent account doesn’t have any history, this is another thing to consider.
- www.whois.com/whois – Use Whois to see when the domain was purchased, and who the Registrar is. If the Registered On date is recent and/or close to the Demo Request date, this doesn’t mean they are a bonafide fraudulent lead, but is another thing to consider.
- Google Image backward search: Are pictures on their website mostly or only stock pictures?
Again, there isn’t one thing that will tell us if something is fraudulent. If you think something is off, trust your gut, and please let your manager know.