homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

Declines: What to do with those that keep trying?
5-10x w/ same card; I'm paying for each decline!

 8:38 pm on Jul 13, 2010 (gmt 0)

I'm seeking suggestions in regards to how other shops handle this issue.

How do you handle those people who continue to enter the same CC# over and over; only to keep getting a decline? I get charged $0.30 per decline!

Right now, I get an email alert for every decline, so I can watch for patterns with the same IP declining under different names; so I know to ban any orders from this person. But, since I am not allowed to store a CC# by PCI standards, I can't really log a CC# even temporarily to prevent this type of activity.

I do have an alert that shows beneath the "Your card has declined - please DO NOT keep trying with this card; use a different one" but no one ever listens.

How do you handle this type of situation?



 5:00 am on Jul 14, 2010 (gmt 0)

I'm not sure if PCI allows you to store an MD5 of the card number, but that is one route you could consider. Storing a one-way encryption of the card. Maybe only temporarily for a few days or a week.

I don't even know if my processor charges for declines. The merchant statement is confusing.


 5:23 am on Jul 14, 2010 (gmt 0)

If you have a return (decline) and you are already returning a "card declined" set a cookie on the browser to 403 your site for 24 hours... You can check your own cookies!


 1:39 pm on Jul 14, 2010 (gmt 0)

well brokaddr first of all I would get with the company that does my processing and get a better deal. That amount is horrible and I would call another processor get a quote and then either move or get me a better deal. If your paying that much for a decline I am scared to ask what your being charged to process the orders.

If I see a person has tried the same card 2 times I call them and see if I can help. There really is no other way unless as above for a short period of time.


 1:47 pm on Jul 14, 2010 (gmt 0)

I'm with bwnbwn on this one, start looking around for a better processor, I can't imagine being charged for declines, is there anyone else here being charged for declines?


 4:48 pm on Jul 14, 2010 (gmt 0)

We allow declined charges to come into our order system as "pending" - this way we can contact the customer directly and save as many sales as possible. We wait until the next day to re-try the charge; if it does not go through, they are contacted. If they call and it STILL does not go through, we require alternate cc info.


 7:23 pm on Jul 14, 2010 (gmt 0)

This is a payment processor issue and it is not right. You should be looking for alternatives.

You can do all kinds of coding and validation before sending the data to the processor (IP blacklists etc) but you shouldn't need to for this matter. Because it could be a bot behind. Ask the gateway about it if they don't have a solution get someone else.


 8:00 pm on Jul 14, 2010 (gmt 0)

We allow declined charges to come into our order system as "pending"

That's actually a really good idea, and would save the customer a lot of grief, for things as simple as a billing-address typo, or CVV typo.


 8:18 pm on Jul 14, 2010 (gmt 0)

New processor - I'd say - I have never paid for declines - that doesnt' seem right.



 8:39 pm on Jul 14, 2010 (gmt 0)

I think we all pay for declines it is a part of doing business on the net. I pay for all processing be if a decline or approval, but I don't pay .35 I pay .18 per decline/approval. Then I think 1.9% processing fee.


 10:26 am on Jul 15, 2010 (gmt 0)

I get charged 30 cents for each AVS attempt, whether the transaction is approved or not. So yeah, I get charged for declines. Normally I don't get people trying over and over unless it is someone clearly engaging in fraud and trying a series of cards. I can ban their ip address in authorize.net's fraud suite so it doesn't happen again, and in fact, since I have set that up and blocked the ips of certain countries, it hasn't happened. But most of the time, the person gets declined once or twice or occasionally, like yesterday, three times. I don't contact the person, because I would not like to be contacted if it were me. Usually they come back with a different card. I do think it's a cost of doing business. It's a fee I deduct under fees on my taxes.


 10:50 am on Jul 15, 2010 (gmt 0)

I get charged for declines

I still think it's payment processor dependent. With PP for example if a transaction fails to go through nothing happens.

But... I don't know about AVS because that goes to the bank of the consumer, a different service but that happens after all cc details are validated by the processor. So that might be the loophole, not sure if the OP was talking about this case.

It will be too late by the time you see it and block the IP.


 8:30 pm on Jul 15, 2010 (gmt 0)

enigma1, are you using standard PayPal or Website Payments Pro? WPP has a $0.30 fee for each authorization/decline.
As I understand, it's a norm in the credit card industry to charge for this.

For now, I scripted a database to copy the last 4 digits of the declined card along with the buyers first & last name (to try and circumvent the possibility of 2 unrelated cards clashing); on each purchase attempt, a query is executed to check for a previous decline. If one is found, it shoots them to an error page; blocking any information sent to the gateway.
It's resulted in more customers contacting me to arrange alternative methods - prior to this, I'd NEVER hear back from a declined card.

Those of you who aren't charged for declines, what processor are you using? I imagine with myself being located outside of the United States, my options are far more limited in finding one that doesn't nickel and dime me to death.


 9:17 pm on Jul 15, 2010 (gmt 0)

this thread has had me shuffling through papers I hadn't seen in years. turns out that our gateway (authorize.net) does charge us .10 for charges, refunds, voids and declines. I was thinking only about the merchant account and gave no thought to the gateway, but they do charge and we do pay for declines.


 12:10 am on Jul 16, 2010 (gmt 0)

I scripted a database to copy the last 4 digits of the declined card along with the buyers first & last name...

How do you handle declines where the name and card number were correct, but the CVV was simply typed in wrong? ... or the ZIP code was typed in wrong?

You can stash the last-4 digits, but not the CVV.


 12:18 pm on Jul 16, 2010 (gmt 0)

are you using standard PayPal or Website Payments Pro? WPP has a $0.30 fee for each authorization/decline.

We are talking about your store having a cc form that is submitted to the payment processor. There is no issue about the other methods because the customers enters his info in the processor's site

The fee you are talking about is when you receive money ie the transaction goes through (regardless of if there is a red flag but there is validation; money are moved from one account to another) plus the percentage. Not when you do not receive anything right? Unless you have another service.

To give you an example, if you enter a cc 4111111111111111 in your site with some random address/name and let it be processed by the processor do you pay a transaction fee?

Lets be sure we are on the same page because you maybe paying due to the authorization filters that flag a transaction bad. What filters you have active from your processor's cpanel?

I believe you pay the transaction fee because the processors contacts the bank, the bank validates and returns back ok, puts the funds on hold and then the processor based on what filters you setup shows the transaction. So I think you have a valid transaction through and you pay the charge regardless if you setup some filter to decline it.


 5:46 pm on Jul 16, 2010 (gmt 0)

jwolthuis - The CVV is not taken into account at all (nor is it stored). Once they've gotten 1 decline from that card - it's blocked. If they know what they did wrong and try to use it again - blocked.

Before implementing this script I've been having the declines sent to my inbox (a breakdown of their name, IP, timestamp); I've NEVER had a single order placed from someone who kept hammering the same card. They try 3-10 times (most do it 3 tries) before simply moving on. So I never felt the need to consider the CVV as a possibility for the decline. In my experience: once a decline, always a decline.

enigma1 - I have absolutely no filters set up on the gateway. All of the filtering occurs within my website through custom coding. I'm sure the gateway has their own filters in place that I do indeed get screwed on.
For example: I know Paypal has some un-editable filters that trigger declines one would otherwise accept - I've seen people mention it in this very forum. I suspect it has to do with the stringent AVS requirements.

I am charged for any order attempt. Be that a decline or a voided order. The $0.30 is also deducted for a successful payment (along with a % of the final sale).
Anytime a customer fills the CC, hits submit - I pay $0.30 no matter what.


 6:51 pm on Jul 16, 2010 (gmt 0)

brokaddr, something isn't right, you may want to check on the PP developers forum and ask the specific question. From similar things reported here is a document that includes a discussion see the last couple of posts. About item-3


There really isn't a way of verifying the AVS or CVV2 without doing an auth and being charged a fee for that auth

Are there other fraud tools we could use instead so that if it fails, we won't be charged the transaction fee?

If you are using fraud filters and you have it set up reject based on the AVS and CSC responses, if it is getting rejected then you will not be charged for transaction.

It may help you to setup the filters if necessary and perhaps avoid the transaction charges for declines. You can also ask them about it directly. From what I read it seems you have an option not to be charged for the declines.


 7:00 pm on Jul 16, 2010 (gmt 0)

Good post, enigma1.

The very last post in the pdf I find interesting:
There would be a temporary hold placed on the funds, as the card is not being declined
by the card issuing bank. They are actually approving it and placing the funds on hold,
and sending the response back to PayPal. PayPal then looks at the response and your
filters settings, and rejects it if that is what you have it set up to do. It will keep it from being
captured, but does not remove the hold placed on the card by the bank since they approved
it. The transaction that is rejected though because of your settings, will not be a transaction
you are charged for.

I have spoken to PayPal's merchant support and they told me:
An additional $0.30 is added to your monthly billing when one of the following occurs on a pending authorization:

Live auth transaction has NOT been successfully captured

Live auth transaction attempt was unsuccessful/declined

Declined sales transaction

All successful authorizations NOT captured within 29 days

Seems to be a significant mix-up of information.
I have also asked for AVS requirement to be removed (the source of all problems, as far as I am concerned), they told me my account does not qualify for AVS being disabled.


 7:58 pm on Jul 16, 2010 (gmt 0)

Block the customer's IP address?

I haven't found any payment gateways that support the new Visa $0.00 authorization transaction for AVS/CV2 verification.

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved