| 2:23 pm on Jul 21, 2010 (gmt 0)|
are you doing the auth and capture together? i do capture on ship, so they're separate. i wonder if the usefulness of your cart (if simultaneous auth + capt) as a test for stolen cards is why they've chosen you...
| 3:43 pm on Jul 21, 2010 (gmt 0)|
|*We think one reason why they would use the same shipping as billing is that they are placing these somewhat small ticket orders to verify a working card. |
That would be my guess.
It's a long shot, but if you capturing the browser's user agent (if not, then start), do some analysis and see if it's the same one (or a group of ones) being used. That might indicate the same person/group doing all of these. If so, maybe you can flag orders with matching user agents for manual follow-up.
Similarly, use some analytics and try to determine how the fraudulent order users are coming to your site. Chances are, they may have bookmarked your site as an easy site to use for testing. So you could flag those orders for manual follow-up. Note- if it's a returning customer who bookmarked your site, then it shouldn't automatically raise a red flag.
We had some fraud orders a few years back that apparently came from a link in a Hotmail account (the referrers for all the orders came from a link used for reading a message in Hotmail). Any orders with similar referrers now go under a microscope before processing.
| 4:50 pm on Jul 21, 2010 (gmt 0)|
perhaps you website is listed as a cardable site, check the site referrers
do you provide to the customer a response if the card is declined
| 6:13 pm on Jul 21, 2010 (gmt 0)|
What do you mean by this?
| 6:18 pm on Jul 21, 2010 (gmt 0)|
Nevermind, I found the answer myself. I suspected that is what you meant but I was not aware of the term.
|Carding is a term used for a process to verify the validity of stolen card data. The thief presents the card information on a website that has real-time transaction processing. If the card is processed successfully, the thief knows that the card is still good. The specific item purchased is immaterial, and the thief does not need to purchase an actual product; a Web site subscription or charitable donation would be sufficient. The purchase is usually for a small monetary amount, both to avoid using the card's credit limit, and also to avoid attracting the card issuer's attention. A website known to be susceptible to carding is known as a cardable website |
| 11:24 am on Jul 22, 2010 (gmt 0)|
|It's a long shot, but if you capturing the browser's user agent (if not, then start), do some analysis and see if it's the same one (or a group of ones) being used. That might indicate the same person/group doing all of these. If so, maybe you can flag orders with matching user agents for manual follow-up. |
That's an interesting idea - if they are using a limited number of machines you could do some fingerprinting [arstechnica.com] using all the information that the browser will give you.
| 4:53 pm on Jul 25, 2010 (gmt 0)|
|they use the correct name and address on file, correct cvv code, and oddly enough same shipping address as billing*. Worst of all they go as far as using IP addresses geographically near the home of the person it was stolen from |
They may hijacked these systems so you may not be able to distinguish anything. And so they can then test the cards as already mentioned and then find ways of actually converting credit into cash. I don't know what tools you are using but in such cases they won't identify anything. You need to retrieve information from the IP and go from there. Some of these tools correlate the geo-location with the billing/shipping address which maybe inadequate in this case.