I have a suggestion for you. It helps crack down a large number of fake orders. It will take some time, but it is worth it.
On your order form, make sure to collect the user's browser's information and IP address. The first thing that you want to do is search in your web site's access logs to see if they browsed around your web site. Most fake orders will go directly to your order form and order. If you see that they went to several of your web pages, it is a better sign.
Next, you want to get to a unix shell. Type "traceroute IPADDRESS". This should give you a good idea of where the user is coming from. Try to depict what the user's host is. Go to that host's web site. See how good of a host it is. E.g. if it is a free host, that's more of a bad sign.
Next, you'd want to go to www.internic.net
and do a WHOIS on the domain name that they want. It will show which whois server to use. Go to that web page and run another WHOIS. If the owner information is the same as the one who sent in the order, that's a good sign. If it's not, that's a bad sign.
Finally, here is the most important part. It will take a good 5-10 minutes of your time, but it is well worth it. Give the person who ordered the account a call. Just talk to them. Say "Hi, I'm just double checking your order with us, etc". See, when your credit card billing company checks the credit card with AVS, it has to match the address and phone number. Sometimes people will fill in a fake order with the phone number of a person who's credit card they stole, hoping you won't call. Sometimes, the person who you are on the phone with will wonder who the hell you are. Then I would suggest you read of a few of the digits on the credit card. If they are correct, say someone submitted an order with their credit card and you are now denying it.
One more resource you can use is www.anywho.com.
Look up the person, and see if they are listed in the phone book. That's usually a plus.
And one more thing. If you DO get a fake order, go to that user's ISP and send a letter to their abuse department. Tell them that this IP address submitted this order at this time. If you can get their account disabled, that most likely will be the last time they'll mess with you.
Hope this helps.