homepage Welcome to WebmasterWorld Guest from 54.226.180.86
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Visit PubCon.com
Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

This 43 message thread spans 2 pages: < < 43 ( 1 [2]     
I got burned by a stolen card
dickbaker




msg:4052727
 11:42 pm on Jan 1, 2010 (gmt 0)

I take every precaution (or I thought I did) to guard against fraud. I do name and address verifications on every credit card transaction, even if it's $30.

I had one a couple of weeks ago for $500. The card holder's name, address and phone all checked out. He wanted the item shipped to him in another state. I should have checked to see what association that other address had with him (second home, workplace, relative, etc), but didn't. I just assumed that it was ok, because everything else checked out.

Wrong. His card was stolen, and the thieves charged thousands of dollars of merchandise all over the internet.

I have an address the item was shipped to, and confirmation that it was delivered. That's it. I'm out $500.

Grrrrrrr.

 

Lightguy1




msg:4061641
 8:43 pm on Jan 15, 2010 (gmt 0)

This has been happening to me alot frequently. You have to flag in your system the orders that do not match the CC address. This is a huge problem and I have been burned thousand and thousands of dollars this year by this. Visa and MC offer no help at all. NEVER NEVER NERVER happens with AMEX.

incrediBILL




msg:4062117
 7:32 pm on Jan 16, 2010 (gmt 0)

I take every precaution (or I thought I did) to guard against fraud. I do name and address verifications on every credit card transaction, even if it's $30.

Did your online store get the CVS code from the CC and process it?
If not, you're going to be an ongoing target.

Did you confirm the GeoIP and phone #?

Typically the fraudsters IP address will be for a different city state or country.

Thanks to cell phones and many people opting out of land lines these days it's harder than it used to be to match a phone # to a physical address.

Then next problem cell phones cause is if they order off their cell phone the GeoIP is always the same coming from the cell company itself.

What will have to be required in the near future is that the credit card company can validate that the CC belongs to a specific phone number.

Phone #s are now portable and everyone has caller ID so there's really no reason not to start using the inbound phone # in the same way AVS is used today.

The fact was that your customer answered the phone and confirmed the order, have you ever tried that phone number again?

dickbaker




msg:4062182
 11:18 pm on Jan 16, 2010 (gmt 0)

There were two numbers. One was a land line (the one that verified), and the other was a cell. I called the "customer" on the cell, which is now not in service.

My shopping cart doesn't process the card. I do, after verifying the customer. My mistake in this order was to not check the cell phone and the shipping address.

incrediBILL




msg:4062187
 11:40 pm on Jan 16, 2010 (gmt 0)

My shopping cart doesn't process the card. I do, after verifying the customer.

Then I take it your answer to using the CVS on the CC is no because you aren't allowed to store that number so manually post processing the charge opened you up to another vulnerability.

You should always allow your cart to do a minimum of pre-auth of the sale because there are some criteria such as CVS, IP, email address and ship-to address abuses they may catch which won't happen when you manually process a charge.

At a minimum, if they used the card in multiple places, your pre-auth might've triggered another fraud charge to be rejected elsewhere and then it would refuse to book the sale when you tried to complete it.

Sometimes we can easily out smart ourselves by simply not letting the system do it's thing.

zoltan




msg:4062341
 9:25 am on Jan 17, 2010 (gmt 0)

What about those prepaid debit cards that can be used one time only? How can you verify these?

trooperbill




msg:4063419
 9:24 am on Jan 19, 2010 (gmt 0)

In the UK theres a few things you can check. Heres our list

Is the order via telephone?
they do this to avoid the 3rd man security service like mastercaresecurecode or verified by visa

Is the order from someone with a nigerian accent?
in the 12 months we've been trading, approx 96% of fraudulent buying attempts have been from nigerian sounding people

Do they order large volumes?
They tend to chance too much by ordering 8 or 9 items at a time

Do they care what theyre ordering?
We get people calling asking to buy a bed... they have no idea what they want

will they only give you a mobile number?

If you call them back can they recite the details back to you without umming and erring

If deliverng elsewhere have you used 192 to check delivery address information?

if in doubt use 192 to find a landline number for the cardholder and give them a call

dickbaker




msg:4070614
 5:25 pm on Jan 29, 2010 (gmt 0)

Well, I just had another one. This order was from early this month. The billing address and shipping address were the same. I verified the name and address with the CC company. I did a reverse address search on one of the online phone directories, and the customer name matched the address.

The phone number was a cell phone. However, the person who answered identified himself using the correct name.

Yesterday I received the "request for document transaction" paperwork. The charge is being disputed as fraud.

I called my card processing company and was told that, if the customer says he didn't order it, there's nothing I can do, including get back my merchandise.

I thought the merchant could at least get back what was shipped?

bwnbwn




msg:4070665
 6:51 pm on Jan 29, 2010 (gmt 0)

dickbacker how mcuh was the order for.

Off topic
We just lost a 1k customer because he didn't want to sign for the package but FedEx won't leave a package if the insurance amount is over 500.00. This guy just didn't understand and blamed us for him having to go 20 miles to pick it up.
I told him there were other options but it was over. Oh well he will find the same thing from another merchant that tries to ship 1k in products to a home address without a signature.

Back on topic;
reason I ask is if it was over 500.00 they had to sign for the package.

dickbaker




msg:4070680
 7:24 pm on Jan 29, 2010 (gmt 0)

This one was for $180.

I had an order yesterday for a $518 item. The billing address was a business, and the email address was a person at that business. However, the card holder has a different address. Supposedly the card holder is the owner of the business.

So, I called the credit card company and asked them to contact the card holder. No call back from him so far.

I got a call this morning from someone else at the company. He said he'd send a copy of their business license. I said that didn't make a difference, and asked that he have the card holder call the CC company. He said the owner was out of town and couldn't be reached. (C'mon, give me a break). I then suggested that someone else at the company put the item on his or her card. He said that would be against company rules.

Finally I just told him that I couldn't do the sale.

It almost seems as though I'm being targeted because I slipped up once. Maybe it's the same people. Or maybe there's a website for thieves that lists soft targets. ;)

HRoth




msg:4070970
 12:02 pm on Jan 30, 2010 (gmt 0)

They do seem like they come in bunches. I have wondered if there was some website like this also. In the past, though, there was a guy in Indonesia who tried on and off with me for years. I could always tell by the bogus email address he would enter. He was very fond of the letter "a." This guy actually had the nerve to contact me and ask why he didn't get his order. I said, "Because you are a thief." He said he was proud to be a thief.

You cannot make this stuff up.

dpd1




msg:4071116
 6:32 pm on Jan 30, 2010 (gmt 0)

It does seem like this stuff comes in waves... No problem for months, then a whole week of problems. I would not be surprised at all if there was some sort of organization behind these things... When you look at organized crime groups like "the travelers"... I wouldn't be surprised if groups did keep track of their successful scams, and then target them more. But I would recommend DB, just be careful to try and not let it affect your overall handling of customers. I know that's hard to do sometimes though.

HRoth




msg:4071598
 9:35 pm on Jan 31, 2010 (gmt 0)

Totally true about not letting it affect how you handle other customers. I had a spate of jerks some years back and found myself really snappy with customers afterwards, suspecting them of everything. Then one customer was so nice and it made me realize that I was giving people like that a hard time too.

dickbaker




msg:4071636
 11:22 pm on Jan 31, 2010 (gmt 0)

Right now I'm looking at every customer as a potential criminal, but I'm trying to still be pleasant. It's difficult when the crooks are coming out of the woodwork.

This 43 message thread spans 2 pages: < < 43 ( 1 [2]
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved