🎉 Now live — a high-converting checkout that cuts RTO & lifts prepaid. Start free →
HomeBlog › COD Fraud Detection: How to Spot Fake and Bot Orders Before Shipping
RTO & Delivery

COD Fraud Detection: How to Spot Fake and Bot Orders Before Shipping

Not every COD order is a customer — some are pranks, competitors, or bots, and each one you ship costs you two-way freight for a sale that was never real.

Kwikfy · 2026-07-08 · 10 min read

Key takeaways

COD fraud detection is the practice of identifying orders that were never placed by a genuine buyer intending to pay — before you spend money shipping them. Cash-on-delivery removes the one thing that filters intent: an upfront payment. That makes COD the default channel for prank orders, competitor sabotage, and automated bot floods, all of which end the same way — an undelivered parcel, two-way freight, and blocked inventory. For Indian D2C brands where COD can be the majority of orders, fraud detection is not optional; it is margin protection.

The good news is that fraudulent and low-intent orders leave fingerprints. They cluster in time, reuse fake identities, and come from the same devices. This guide breaks down the fraud types, the specific signals that expose them, and how blocklists, a cross-store network, and risk-based gating turn those signals into automatic protection.

The types of COD fraud

Each type shares a tell: the order is cheap to place and costly for you to fulfil. Detection is about spotting the tells before the parcel moves.

Signal 1: Velocity

Legitimate customers place one order at a time. Fraud comes in bursts. Velocity checks look for an abnormal number of orders sharing an attribute in a short window — the same device fingerprint, IP address, phone number, or delivery address placing multiple COD orders in minutes. A single address receiving ten COD orders in an hour is almost never ten real customers.

Signal 2: Fake and repeated phone numbers

The phone number is the spine of COD, because it is how the courier confirms delivery. Fraudulent orders routinely use invalid numbers (wrong length, impossible patterns), obviously fake sequences (repeated or sequential digits), or numbers with a history of RTO. A number that has never taken a successful delivery, or one flagged across the network, is a strong risk signal. This is exactly why OTP-based COD verification is so effective — a fake number cannot receive the code.

Signal 3: Gibberish names and addresses

Fraud and low-intent orders are placed carelessly. Names like asdf, test, or random keyboard mashing, and addresses that are placeholders or nonsense, are reliable indicators. Gibberish detection scans the name and address fields for entropy patterns that do not resemble real Indian names or addresses and flags them for the risk engine. It pairs naturally with the address completeness scoring covered in our address verification guide.

Signal 4: Disposable and low-quality email

When email is collected, its quality is informative. Disposable or temporary email domains — the throwaway inboxes designed to expire — correlate with orders placed by people who do not want to be contacted or traced. A disposable email on a high-value COD order is a meaningful risk flag, especially combined with a fresh device and a weak address.

Signal 5: Device and IP fingerprinting

A device fingerprint is a stable identifier derived from the browser and device characteristics. It lets you recognise that ten different customers are actually one device, or that an order comes from a device previously tied to RTO. Combined with IP reputation (data-centre IPs, mismatched geolocation, known abusive ranges), fingerprinting is what unmasks bot floods and competitor sabotage that otherwise disguise themselves with varied names and addresses.

SignalFraud it catchesStrength
Order/address velocityBot floods, competitor sabotageHigh
Fake / repeated phonePrank orders, fake identitiesHigh
Gibberish name/addressCareless prank & bot ordersMedium
Disposable emailUntraceable buyersMedium
Device / IP fingerprintBots, repeat abusers in disguiseHigh
Cross-store historySerial RTO abusersVery high

Block fake COD orders before they cost you freight

Kwikfy's Fraud Shield scores velocity, fake numbers, disposable emails, and device fingerprints on every order — automatically.

Start Free →

Blocklists and the cross-store RTO network

Signals catch fraud you can infer from a single order. Two more layers catch fraud you would otherwise only learn about after being burned.

Blocklists

A blocklist stops orders from phone numbers, addresses, devices, or emails you have already identified as fraudulent. Once a serial abuser is caught, they should never cost you again. Kwikfy maintains per-store blocklists and lets you add offenders manually or automatically as their orders resolve to RTO.

The cross-store network

The most powerful signal is behaviour on other stores. A serial RTO abuser who is brand new to your store is not new to the ecosystem. Kwikfy's cross-store RTO network shares hashed, privacy-safe repeat-RTO signals across stores, so a phone or address with a pattern of refusing deliveries elsewhere is flagged the first time it reaches you. This is how you catch a first-time fraudster before their first parcel ships — something no single-store system can do.

Turning signals into action: risk-based COD gating

Detection is only half the job; the response must protect genuine buyers. Risk-based COD gating applies friction proportional to risk, using the same green/yellow/orange/red tiers as the wider RTO score:

The prepaid pay link is elegant because it is self-filtering: a genuine buyer will pay and you keep the sale, while a fraudster simply disappears — and either way you never ship at a loss. Applying friction only to flagged orders means your good customers keep the fast, frictionless checkout experience that drives conversion.

How Kwikfy's Fraud Shield ties it together

Kwikfy's Fraud Shield runs all of these checks at the point of checkout: velocity across order, address, and device; fake-number and gibberish-name detection; disposable-email screening; device and IP fingerprinting; per-store blocklists; and the cross-store network. The output feeds the unified risk score alongside the AI RTO prediction model, so fraud and general RTO risk are handled in one decision. No single signal blocks an order on its own — the strength is in combining them.

The takeaway: every fake COD order you catch at checkout is pure saved margin, because you never paid to ship it. Fraud detection is not about being suspicious of customers — it is about making sure the orders you do fulfil are the ones that will actually pay. For the complete strategy, see our guide to reducing COD RTO in India.

Frequently asked questions

What is COD fraud?
COD fraud is any cash-on-delivery order placed without genuine intent to pay — prank orders, competitor sabotage, and bot floods. Because COD needs no upfront payment, these orders are cheap to place and costly to ship.
How do you detect fake COD orders?
By combining signals: order and address velocity, fake or repeated phone numbers, gibberish names, disposable emails, and device/IP fingerprints, plus blocklists and cross-store history that expose repeat offenders.
What is a cross-store RTO network?
It shares hashed, privacy-safe repeat-RTO signals across many stores, so a phone or address that habitually refuses deliveries elsewhere is flagged the first time it reaches your store — catching first-time fraudsters.
How do I stop fraud without blocking real customers?
Use risk-based COD gating: allow low-risk orders with no friction, require OTP for moderate risk, push prepaid for elevated risk, and block COD only for high-risk orders — offering a prepaid pay link instead.

Ready to run a tighter, more profitable store?

Join Indian D2C brands streamlining their entire operation on Kwikfy.

Get Started Free →