| 3:11 am on Sep 10, 2008 (gmt 0)|
What country are you in? My advice to most USA commerce sellers is to start domestic. Get your feet wet and gradually expand to Canada, then Western Europe/some Asia, and then PERHAPS, beyond.
Depends on your product offerings. Rookies can get killed shipping internationally. And most likely you won't gain much real business abroad.
For low risk products within the USA there's little reason to reject orders where the ship and bill are different.
|Currently I have it setup where they can only ship to the same billing address of the credit card |
Start by excluding about 40 countries altogether. Learn to reject unusually large orders. Online crime is a very minor problem if you're not greedy and have developed a nose for the stench of fraud.
|What is the best way to protect yourself? |
| 9:24 am on Sep 10, 2008 (gmt 0)|
Depends on your market - we are B2B.
So for international orders we only accept electronic transfer directly into a bank account.
That account is used for nothing else, as soon as a payment comes in it's moved to our main account, so if someone were to try to reverse the transfer they would find no funds.
If you are extra careful (paranoid?) make sure that account is at a different bank to your main one!
Finally no goods are shipped until we are happy the funds have cleared.
As mentioned above its a good idea to blacklist certain countries, and carefully monitor the size of the orders.
We have less problems with export orders than domestic ones, but again I guess it depends on the products and market you serve.
| 2:17 pm on Sep 10, 2008 (gmt 0)|
We have been selling domestically for quite some time on the web. We also sell to Canada, Mexico and other nearby countries. I would like to expand to Europe and Asia, I get so many requests from there.
I just want to be safe. I dont want to charge someones credit card, ship them my product, than have them dispute the charge or decline the charge alltogather. I would prefer money orders, but it seems that alot want to use credit cards on smaller orders.
| 3:18 pm on Sep 10, 2008 (gmt 0)|
Years ago this group often discussed fraud prevention. The subject comes up less and less with general agreement that fraud is now just a minor annoyance for experienced sellers. Our losses are virtually nonexistent. Fraud deterrent isn't even that time-consuming for us either. We do look at IPs of questionable orders which can provide useful info. People in Iowa rarely use ISP's in Nigeria.
Parts of Canada are actually hotbeds of organized fraud transplanted from West Africa. If your experience with online fraud is good, then I think you're safe to expand to Europe and Asia. Just watch out for unusually large orders. They're a huge red flag.
Which countries to avoid has been discussed often years ago on WebmasterWorld.
| 3:42 pm on Sep 10, 2008 (gmt 0)|
Another idea I had was to capture IP addresses and display them during the entire checkout process. This way it may give some deterrence if a fraudulent web user sees the IP is being captured.
Does anyone have a list of countries that they do not accept orders from. For example, North Korea, Iran, Nigeria, etcc.....
| 3:52 pm on Sep 10, 2008 (gmt 0)|
Try this list [google.com]
| 3:57 pm on Sep 10, 2008 (gmt 0)|
|This way it may give some deterrence if a fraudulent web user sees the IP is being captured. |
Most likely, it will give the fraudsters a chuckle, since they may be going through a proxy. Or they're using AOL dialup along with several million others people. Or they're not technically savvy enough for that, then they probably wouldn't know enough to worry that you're capturing their IP address.
It might make a few pause before continuing. But more likely you'd get complaints from privacy freaks who object to your "tracking" them.
| 4:19 pm on Sep 10, 2008 (gmt 0)|
Where do you find an index or a list of the countries the different
IPs address eminate from?...KF
| 4:29 pm on Sep 10, 2008 (gmt 0)|
It may give them a chuckle or it may also help me. For example, say they are using a proxy. I see the order comes in from an IP based in Russia, but the ship to and bill to are in a different country. Under those circumstances, capturing the IP would be beneficial.
| 4:47 pm on Sep 10, 2008 (gmt 0)|
Ah, but more likely they would be going through a U.S.-based proxy.
| 4:48 pm on Sep 10, 2008 (gmt 0)|
I always chuckle when I see our competitors listing such countries in their ship-to drop-down lists, along with several uninhabited Islands (Bouvet Island, for example)
Generally, there's no way to delivery a package to such places (see USPS site for details). Norway sends an ice breaker to Bouvet maybe once a year to service the unmanned weather station there, just north of Antarctica, in the South Atlantic.
My experience is that west African scam attempts can be easily detected by looking at IPs. While we don't export, we do get fraudulent overseas-originated orders to be shipped into the US. They're alway big and very easy to spot.
I suspect that business in the internet cafes of Lagos has slowed greatly in recent years.
| 5:27 pm on Sep 10, 2008 (gmt 0)|
So if they are going through a US based proxy and shipping out of the US than it would be easily detectable.
| 6:34 pm on Sep 10, 2008 (gmt 0)|
So what if they are using a U.S.-based proxy and shipping to their U.S.-based comrade, who it turn ships it to the original fraudster? :)
You have to remember- these guys are devious SOBs and make a living doing what they do. It will definitely be worth your time to review the numerous threads in this section about the different attempted (and successful) scams that other e-tailers have come across (or fallen for).
[edited by: LifeinAsia at 7:15 pm (utc) on Sep. 10, 2008]
| 9:01 pm on Sep 10, 2008 (gmt 0)|
That is once possible scenario that can happen. What they tend to do now is to have you ship it to a freight forwarded or like you said, there U.S based comrade. In that case, I would not accept a international credit card where the shipping address is in the United States.
I also feel that on order over #*$!x that one should just require a money transfer only.
I also have thought up the idea to encourage wire transfer, something along the lines of a wire transfer discount or such.
| 9:21 pm on Sep 10, 2008 (gmt 0)|
You might want to take a look at Is Wire Transfer 100% Secure? [webmasterworld.com] and wire transfer fraud - incoming money from international buyers [webmasterworld.com] as well as some other wire transfer-related threads.
| 9:35 pm on Sep 10, 2008 (gmt 0)|
I have spoken to many of my bankers and it seems there is no risk involved with accepting international money wires.
Even if they have your account number, they can not wire money out without them calling me or 1 other person who is authorized and knows the code to transfer money.
The only risk is with AHC which I have disabled on my account so it is impossible for someone to set up auto withdraw from my account
| 1:50 am on Sep 11, 2008 (gmt 0)|
|I have spoken to many of my bankers and it seems... |
"bankers" these days usually means a 22 year old girl making $11 an hour at a job she's held for 6 months that mostly involves working the drive thru window.
I doubt you spoke to an international banking corporation's head of legal. The few people who really know about this stuff aren't often chatting with ordinary customers.
Commit your question to paper and ask your bank for a written signed opinion as to reversibility.
Be very careful. Heck, half the megabanks in the USA can't even run their own operations intelligently.
| 1:59 pm on Sep 11, 2008 (gmt 0)|
Thanks, but I was not dealing with a 22 year old banker. I was dealing with the President of the bank. It is the same bank my family has used for over 20 years, so I know I got a straight answer. It did all make sense what he said. Think of it this way, you write checks to people. On that check is your routing number and your account number. So whoever you send a check to has your routing number and account number. BUT, they cant do anything with it because before money is wired out they call for confirmation (at least my bank does)
| 3:49 pm on Sep 11, 2008 (gmt 0)|
Maybe your corner community bank that your family has been using for over 20 years does that, but not all banks do. (Oh, and just wait until your friendly community bank gets bought out by Big Monster Bank- all the friendliness and bending over backwards customer service goes out the window. Although the individuals at the bank, if they are even still around after the buyout/merger, may want to help you, but they are now constrained by new corporate policies.) I would venture to say that very few do. I have been doing international wire transfers for years (2-4/month), and I have *NEVER* received a call from the bank asking for authorization.
With the proliferation of online banking, there is no way banks can call to verify every single transaction. For a lot of banks, a stolen password for a person's online banking account is the only step required to completely drain the account.
Here is a possible scenario. Fraudster steals the password for victim's account. Fraudster makes a big order on your site and does a wire trasfer from victim's account. You're happy- you just sold a $1000 widget and send it out. A few days later, victim discovers the problem and contacts his bank. Victim's bank notifies your bank that the transaction was fraudulent. I'm not absolutely clear on the specific laws involved, but my understanding is that your bank *can* send the money back to the victim's account (although they may not always be legally obligated to do so). So now you no longer have the $1000 to cover the cost of the widget (which the fraudster has received) and shipping, and you have little recourse.
Now, if your banker president contact will guarantee in writing that this will never happen to you, then I would say that you are probably okay, as long as you only use that bank and the bank president remains there. The day he leaves or the bank gets bought by another bank, I'd say all bets are off.
[edited by: LifeinAsia at 3:51 pm (utc) on Sep. 11, 2008]
| 3:52 pm on Sep 11, 2008 (gmt 0)|
|before money is wired out **they** call for confirmation |
Okay, so the "they" is probably a 22 year old part timer. I know some Nigerians conned a bank into wiring out MILLIONS a few years ago.
Read the thread LifeinAsia linked to. This is complex arcane stuff. I wouldn't take the word of a bank president. I am a lawyer, by the way. My law school Commercial Law instruction in bank transfers probably lasted 5 minutes. (and was probably one of those "this won't be on the final exam" things)
People don't get to be bank presidents by knowing how to protect depositors' money. Every time there's one of these bank bubbles we learn they only thing banks care about is growth and pocketing a fast buck before the music stops, again.
| 4:04 pm on Sep 11, 2008 (gmt 0)|
|Now, if your banker president contact will guarantee in writing that this will never happen to you, then I would say that you are probably okay |
I see we doubled, LifeInAsia.
It's possible that the itty bitty print in your banks Depositor Agreement (written by the bank, never the depositor, of course) protects the bank even in that case. Or banking regulations override his guarantee
| 5:06 pm on Sep 11, 2008 (gmt 0)|
I actually just got back from my bank (its down the street). I met with the President and the 45 year old lady who handles wire transfers.
1. NO you can not recall money from an account. You can attempt to, but they would never send anything out without my authorization
2. AHC should always be disabled. It is on my account and the bank does not allow any AHC to be used
3. It does not matter if I give people my account number and routing number. They said that this information is allready on any check I sign. They said the only risk is someone creating a counterfeit check with my account information on it. However, that would be covered under FDIC.
4. I also asked, say a fraudster wires me money internationally from an account that is not theirs and I get the wire and send out the product. They said the international bank would put a request through to get the money refunded, but they would not refund the money unless an international investigation was opened and that they had a contact at the FBI who was handling it. In addition, it would need my approval before any funds are wired out.
5. The President of the Bank told me the only problem he has ever heard with wires (out of their 15 branches) is people will put requests through to wire money out. He said they have strict policies in place that do not allow that. For example, they HAVE to call me at a certain number and I then verbally give them a password to wire money out.
| 5:16 pm on Sep 11, 2008 (gmt 0)|
"AHC should always be disabled."
What is AHC?
| 5:36 pm on Sep 11, 2008 (gmt 0)|
I think he meant ACH (Automatic Clearing House). Sending and receiving payments by "check" without the paper.
| 6:41 pm on Sep 11, 2008 (gmt 0)|
Yes, that is what I meant, my error. It is sorta like doing a e-check
| 9:01 pm on Sep 11, 2008 (gmt 0)|
Ummm....just my $.02:
Your bank president can say what he pleases, but unless Ben Bernanke and my local Fed. bank pres. signed off saying no one would ever mess with my account, I wouldn't be too sure. As honest and reliable as your bank pres. may be, he isn't the final say-so...
I'd look to other sources to cover myself; you are, after all, dealing with international money orders. What if the bank on the other end tells your bank pres. right where he can stick it, they don't need to comply with U.S. regulations? I mean, we are talking about protection in instances where devious, most likely intelligent and experienced, individuals are doing their "best" to steal from you...
For what its worth, I'd investigate TeleCheck (its a First Data company...I'm imagining you are aware of and may already work with First Data). A quick search on G will get you tons of information and bring you right to their doorstep.
I know we use them and I don't hear any grumbling around my office about fraudulent checks, money orders, etc. But truthfully, I am not personally involved in that area of our business, so my exposure is minimal. I have zero idea if their warranty covers international payments. Still...it might be worth an investigation on your part.
TeleCheck's explanation of themselves and their services:
|With most TeleCheck® payment solutions, merchants have the option to select either a verification or warranty service in accepting a customer's check. The check verification service helps merchants expedite the processing and handling of checks and reduce fraud. The warranty service gives merchants more flexibility and an increased level of protection. With the warranty service, TeleCheck manages the entire check collections process, helping you streamline operations and giving you more time to focus on your customers. |
| 9:33 pm on Sep 11, 2008 (gmt 0)|
I have heard of TeleCheck before.
However, I would imagine international customers would rather just deal directly with their bank wiring the money instead of paying a intermediary who then will issue a check for the correct amount. What happens if that check gets canceled? They cant get their money once its wired to me.
| 9:34 pm on Sep 11, 2008 (gmt 0)|
I wouldn't use Telecheck, although we used to think about using them years ago every time we got a large bad check. Banks themselves have done a good job lately in policing new checking accounts. Bad checks are much rarer than years ago.
TC used to charge about 2% to verify or guarantee checks; even in our worst days our losses were half that.
I doubt TC covers international checks anyway.
Why would anyone need a costly outside credit warrantor when stopping online fraud is easy if you follow a few simple rules. And if you sell ultra high risk products, TC probably won't deal with you.
| 11:18 pm on Sep 11, 2008 (gmt 0)|
Lightguy1, I think your bank president probably hasn't had to deal with this issue much. I talked to someone in international transactions at my bank, which only has a little branch here; it is a national bank with jillions of offices. I had to call the corporate office to nail down an answer to a question about an international money instrument. I would not trust my local bank president to know the answer to something like that. It's too arcane.
You're concerned about someone getting your routing and account number and churning out phoney checks, but that's not the issue here. For one thing, your banker should have told you that wire transfers use a different routing number than checks do. Yes, anyone can all up your bank, ask them what the wire routing number is, and together with your account number, request a funds transfer, and they won't get it if you say no. BUT. The problem is that if someone uses fraudulent means to wire you money, and your bank is contacted by that bank with evidence it was fraud, and that bank is part of a network to which the vast majority of banks in the world belong to, your bank is obligated to return that money to that bank. It's the agreement they enter into with each other. The FBI and laws have nothing to do with it. And do you think your bank is just going to eat that money, even if you, for instance, do like one person suggested, which is to have a wire-transfer-only account where you remove the money immediately? No. They will come after you for that money. They're a bank. And that means they have all the lawyers and whatnot to do it. So that is the issue.
The best thing is to go with your gut. If it feels too good to be true, it is. I got ripped off one time by someone with an international transaction. It wasn't even a wire transfer. That was hopefully the last time. I do accept international transactions and I am not going to give that up just because some people out there are ripoffs. But I just don't do any business with some countries, and I go with my gut. If my spider sense tingles even a little bit, I do what I need to do to get reassurances about the transaction or I just don't go through with it.