homepage Welcome to WebmasterWorld Guest from 54.227.40.166
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld
Visit PubCon.com
Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

    
How can I reduce credit card fraud on my ecommerce site?
Sunwukong




msg:4149449
 7:37 am on Jun 9, 2010 (gmt 0)

I work for a business that sells small high value electronics online with credt card payment that is often the target of credit card fraud.

We use worldpay for processing payments and this gives us security checks such as cvv, AVS and a few others. For suspicous transactions we also call the telephone number giving in the billing details and ask for photos of ID and credit card.

All this helps but we still have too many chargebacks from credit cheats. Part of the problem is we have manty genuine customers who want their order shipped to an address different from the billing address and many orders in countries where AVS is not used.

There are problems with these methods such as
-telephone number in billing details may not be the real number so a phone call would not work
-name in billing address may not be real so photos of ID and credit card may not work

I've search this forum and read a few threads that had some very good ideas but I'm still after suggestions and advice on what can be done to deal with the problems of our current security checks and reduce fraud with out losing genuine customres.

I would really appreciate hearing how the more experienced members mimizie fraud and any advice they have to offer.

 

curlykarl




msg:4149496
 9:47 am on Jun 9, 2010 (gmt 0)

Insist on delivering to the registered card address, you will loose some sales, but it should cut down on a lot of charge backs.

bwnbwn




msg:4149858
 6:16 pm on Jun 9, 2010 (gmt 0)

I'm still after suggestions and advice on what can be done to deal with the problems of our current security checks and reduce fraud with out losing genuine customres.
I know what your saying but in my experience (12 years) I have yet to have a
genuine
ever leave me because I did a little checking on the purchase.
I bet we have called 1000's requesting more information to verify the purchase and not 1 has had a problem with it. In fact most feel better we called and looked into it. This does give you a chance to communicate to them your a real company with real people and I do really think this has brought us many return customers.
Never be afraid to call your customer.

How many times have you been asked to show id when writing a check or now most ask for the cc when doing a charge at a store and you got upset.

Check verify call do whatever it takes to stop fraud and your
geniune
customers will take it in stride.

Never insist on anything this is a sure fire way to lose them.

sleepy_eye




msg:4149940
 8:14 pm on Jun 9, 2010 (gmt 0)

Since alot of times people using stolen cards place orders all over the net, they sometimes can't remember what they order.
On suspicious orders we call we sometimes read back what they ordered wrong. Most people will correct you right away and get anxious or at least ask their husband/wife ..etc if what they are being told is correct. I would bet since you sell high value items they would rember a major purchase alot more than a smaller one. I know when I got my wide screen my wallet remembered it for a long time.
Not fool proof but with other bad points tipping the scale this has worked for us.

dickbaker




msg:4150152
 2:25 am on Jun 10, 2010 (gmt 0)

I verify name and address on all credit card orders. If the shipping address is different, I look for a connection, such as it being the person's office.

If something doesn't feel right, I'll have the credit card company contact the customer to verify that he/she authorized the transaction. That gets the company on record with the purchase.

If I call the card company to get a name and address verification, and the phone number matches, or if there's a phone number for the name and address at an online phone directory, I'll call that number to ask if the customer ordered the item.

Nobody's ever gotten upset. Many customers have thanked me for taking the precautions.

wyweb




msg:4150157
 2:33 am on Jun 10, 2010 (gmt 0)

Many customers have thanked me for taking the precautions.

And they should. Card number thefts, identity thefts in general are rampant these days.

I buy a lot online. If I could get groceries and dog food delivered to my house through online purchasing, I'd probably never leave. Any company that calls me or in whatever fashion requests additional verification from me in order to complete a CC purchase is likely a company I'll be doing business with again.

It's an inconvenience but I like it anyway.

wesmaster




msg:4150226
 5:37 am on Jun 10, 2010 (gmt 0)

OK, this is a way outside of the box idea, but what if you mailed (FedExed?) a special code to the credit card billing address that the customer had to enter on your website to initiate the actual shipping? If the CC owner did not make the purchase they will either contact you or never enter the code. All orders where the code is not entered in 30 days are refunded to the cards. Obvious delays come from this, but you asked for ideas, even though this one's "out there".

Sunwukong




msg:4150237
 6:12 am on Jun 10, 2010 (gmt 0)

Thank you every one for your commenets and suggestions.

curlykarl - Insist on delivering to the registered card address, you will loose some sales, but it should cut down on a lot of charge backs.


A good suggestion. The problem is the address listed in billing information is often not verified and we don't know the registered card address. Sounds like this is just a problem with world pay.

bwnbwn - I know what your saying but in my experience (12 years) I have yet to have a genuine ever leave me because I did a little checking on the purchase.
I bet we have called 1000's requesting more information to verify the purchase and not 1 has had a problem with it. In fact most feel better we called and looked into it. This does give you a chance to communicate to them your a real company with real people and I do really think this has brought us many return customers.
Never be afraid to call your customer.


I agree with you so often ask customers to provide photos of ID and credit cards. This helps alot but a scammer could use some one elses credit card to make payment then use their own information in billing details and send an image of their credti card.

What information do you use to verify their purchase?

sleepy_eye -Since alot of times people using stolen cards place orders all over the net, they sometimes can't remember what they order.
On suspicious orders we call we sometimes read back what they ordered wrong. Most people will correct you right away and get anxious or at least ask their husband/wife ..etc if what they are being told is correct. I would bet since you sell high value items they would rember a major purchase alot more than a smaller one. I know when I got my wide screen my wallet remembered it for a long time.
Not fool proof but with other bad points tipping the scale this has worked for us.


Definitely thinking out side the box and a useful check I can add to our methods. Thanks.

dickbaker - If something doesn't feel right, I'll have the credit card company contact the customer to verify that he/she authorized the transaction. That gets the company on record with the purchase.


A very effective method for checking orders. I don't know though how to do this. I called the bank of America yesterday to verify an order. The first time i've tried this method. Spent 40 minutes on the phone, transferred 5 times only to be told that the cardholder is the only one that can they can give information to. Very frustrating.

How to you contact the credit card company and arrange for them to do that?

dickbaker




msg:4150521
 3:10 pm on Jun 10, 2010 (gmt 0)

A very effective method for checking orders. I don't know though how to do this. I called the bank of America yesterday to verify an order. The first time i've tried this method. Spent 40 minutes on the phone, transferred 5 times only to be told that the cardholder is the only one that can they can give information to. Very frustrating.


Visa and Mastercard have a number you call to get the phone number of the issuing bank. American Express and Discover let you verify name, address and phone number information on their automated systems.

Generally, customer service at the issuing banks will do the verification. Every so often it has to go to the fraud department. In about 1% of my verifications I'll come across a bank that won't do the verification unless the customer is on the line, in which case I'll call the customer and ask to conference in.

Months ago someone suggested checking IP's as well. I'll do that if an order is somehow unusual, but more often than not the IP points to an ISP that's on the east coast.

There's a few red flags that will cause me to do more than verify name and address. One, of course, is a shipping address that's different from the billing address. That's usually easy to clear up.

Others are a request by the customer to not require signature verification, phone numbers that are from markedly different areas than the billing address, any order over $500, orders where the recipient name is different than the card holder name, and a few others.

I got burned out of $1400 last January, which was the first time in almost a year I'd gotten burned. I just got lax about security. For my little store, $1400 is nearly two weeks of profits.

HRoth




msg:4150754
 8:31 pm on Jun 10, 2010 (gmt 0)

Holy cow, that must have hurt big time.

Sunwukong




msg:4151053
 7:39 am on Jun 11, 2010 (gmt 0)

dickbaker - Visa and Mastercard have a number you call to get the phone number of the issuing bank. American Express and Discover let you verify name, address and phone number information on their automated systems.

Generally, customer service at the issuing banks will do the verification. Every so often it has to go to the fraud department. In about 1% of my verifications I'll come across a bank that won't do the verification unless the customer is on the line, in which case I'll call the customer and ask to conference in.


Thanks for the information Dick.

So according to worldpay, calling banks for verification is very hit and miss. I'll keep using this method for a while and see how I go.

Sorry to hear about that $1400 you were stung for. Always a kick in the guts to work for sales and make a profit only to lose so much to a scammer.

[edited by: lorax at 10:12 am (utc) on Jun 11, 2010]
[edit reason] no email snippets pls [/edit]

sleepy_eye




msg:4153208
 8:51 pm on Jun 15, 2010 (gmt 0)

@Sunwukong
What information do you use to verify their purchase?

We use all the above to check the orders, AVS, calls to banks, Ip Geolocation, calling customer, common sense, ..etc
But theres one thing we do might not have been mentioned, the cart compares text fragments we find on frequent fraud orders against current orders, ex, jatim java, fastermail, 23401 ..etc These are things we have noticed are common to many fraud orders and add them to our cart.
No method is fool proof, but using a balancing scale method to decide and with practice, you can nearly get all the fraud ones. There are fraudsters out there tho that are very good at what they do, if you can study or find common tactics or errors in those orders, you add to your experience.
Its been about 6 months since a fraud chargeback for us, hope that keeps going :)

Sunwukong




msg:4153996
 5:58 am on Jun 17, 2010 (gmt 0)

sleepy_eye - We use all the above to check the orders, AVS, calls to banks, Ip Geolocation, calling customer, common sense, ..etc
But theres one thing we do might not have been mentioned, the cart compares text fragments we find on frequent fraud orders against current orders, ex, jatim java, fastermail, 23401 ..etc These are things we have noticed are common to many fraud orders and add them to our cart.
No method is fool proof, but using a balancing scale method to decide and with practice, you can nearly get all the fraud ones. There are fraudsters out there tho that are very good at what they do, if you can study or find common tactics or errors in those orders, you add to your experience.
Its been about 6 months since a fraud chargeback for us, hope that keeps going :)


Thank you Sleepy-eye, very good points for reducing fraud.

dickbaker




msg:4154182
 1:54 pm on Jun 17, 2010 (gmt 0)

Sleepy_eye, I'm not understanding what you mean by those text fragments. Could you please elaborate?

lgn1




msg:4154297
 4:45 pm on Jun 17, 2010 (gmt 0)

We ship by Ground (5-7 days) and by Air (1-2 days). All our fraud orders are air shipments.

I guess fraudsters are a very impatient bunch.

We only do minimal checks on ground orders, but customers that order by air, and for over $200, get the full anal probe.

sleepy_eye




msg:4154464
 10:51 pm on Jun 17, 2010 (gmt 0)

Hi dickbaker
It would look like this:



Mumbo Jumbo
123 Any Street
Jakarta ID, 12344

bob_vip_store@example.com

... and on through the cc#

Parts of text that have appeared on many fraud orders.

[edited by: buckworks at 3:16 pm (utc) on Jun 18, 2010]
[edit reason] Plese use example.com - it will never be owned [/edit]

dreamcatcher




msg:4154589
 5:41 am on Jun 18, 2010 (gmt 0)

A client of mine has seen a vast reduction in fraudulent transactions since we implemented Maxmind.

dc

l00py




msg:4155104
 12:37 am on Jun 19, 2010 (gmt 0)

Visa and Mastercard have a number you call to get the phone number of the issuing bank.

I just tried this today. It's asking me for an "account number" -- where do I get the account number?

I tried entering the last 4 digits of the buyer's credit card, but that failed. Visa's customer support won't give me any information unless I have the FULL credit card number; which I do not, otherwise I would be violating the PCI agreement.

Nikhil Narayan




msg:4156624
 8:02 am on Jun 22, 2010 (gmt 0)

This is really very sensitive thing to handle. You can give a try using PayPal or Google Checkout which expects the buyers or customers to fill in their appropriate credit/debit card details and get registered there and then only they can transfer the amount to the sellers account. So, half of your head-ache is gone.

[edited by: bill at 9:13 am (utc) on Jun 22, 2010]
[edit reason] see sticky [/edit]

George




msg:4173350
 2:14 pm on Jul 20, 2010 (gmt 0)

We do a couple of extra things over and above these mentioned. We Used Secure Trading to start with, and we get an address match and the 3D Secure (is that a UK only thing?) a code of 222YY means that the Credit card company will honour the transaction... in theory.

Then, if we are stillsuspicious, then we send a trust letter to the card holders address, saying please contact us with a unique code to verify the transaction. Amazing how that catches fraud to a different delivery address. Also, it warns the real card holder their card is being used. Morally, I like that. So does the card holder. Might be a customer later on.

The other way, is we don't take the full amount of the order, but a small amount. (say 1.73) The customer can then verify the amount. (in 2-3 working days). It means they have access to the account, not just the card. Fraudsters run a mile at that. Honest folk do not mind.

The last one, is we ask them to pay directly into our account, as we cannot verify the credit card. Once a customer is "trusted" then it does not matter.

The one thing you have to watch there, is someone who orders a small item, possibly not on a stolen card, then comes back, changes the delivery, and orders big on a stolen card.
Yes it is traceable to a degree, but there are plenty of ways round that if you are a smart fraudster.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved