homepage Welcome to WebmasterWorld Guest from 54.81.170.186
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld
Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

    
I'm Seeing Fraudulent Orders Going Through The Roof
Is it just me or are others getting hit with a huge increase
bwnbwn




msg:4295575
 6:36 pm on Apr 11, 2011 (gmt 0)

This past couple of months has been a record for fraud orders. It has been so bad I am at a point of doing something else with my time. The orders have verified correct billing but when checked deeper since they are red flagged we are finding 90% of our orders are fraud.
Spend all our time verifying bad orders, paying merchant services for a bad order, and it is getting old. I know we haven't sent any out that were bad, and it just makes me wonder why so many are fraud now. I could see if we were sending them out and put on an easy hit list but that isn't the case. We are getting 8-10 a day now and this is just past being a problem. So far today we have gotten 6 and it has been like this now for a couple months.

 

mattb




msg:4295605
 7:06 pm on Apr 11, 2011 (gmt 0)

We have not seen a large increase. However, we found that most of the fraud comes from IP Addresses outside of our normal market (USA & Canada). Using GeoIP we block all the other countries from using the checkout. Works better than CVV and AVS.

tangor




msg:4295670
 7:49 pm on Apr 11, 2011 (gmt 0)

There is no doubt that fraud is increasing... and not always against webmasters... sometimes they Do Evil...

Pity the poor guy who bought a very cheap external hard drive in China, only to find that there was nothing inside but a seemingly cleverly configured 128MB USB Flash key.

The sad Russian's story, relayed by Hardmac, is a salutatary one about paying the right price for things.


[reghardware.com...]

Realbrisk




msg:4295672
 7:49 pm on Apr 11, 2011 (gmt 0)

You might try to Google yoursitename cardable or yoursitename cardez

HRoth




msg:4295867
 11:54 pm on Apr 11, 2011 (gmt 0)

IME, sometimes some individual out there battens on your site and doesn't let go. I had a guy in Indonesia who tried for years to order using various stolen cards. Then it switched to some individual in Ghana who would even call me up. Could it be someone like that with you? Or maybe you have come to the attention of a particular group.

StoutFiles




msg:4295876
 12:01 am on Apr 12, 2011 (gmt 0)

What are the IP's of the flagged orders? If in an odd country, I'd have it blocked.

bwnbwn




msg:4295878
 12:07 am on Apr 12, 2011 (gmt 0)

I see them coming from the US right now. I have checked many of them usually the first thing I do and I would guess 80-90% are within the US. I think the game has changed and they are setting up operations within shipping areas of the sites. The really bad part without a manual check all or most of these orders would have passed most verification process.

Realbrisk nothing. I know we can't be on a list haven't had a chargeback in almost a year.

Realbrisk




msg:4295925
 2:36 am on Apr 12, 2011 (gmt 0)

Google wont really help you since they nixed them from the results, I would try yahoo

we have one of our keyword domain names listed and we get hit white allot of fraud orders and yes they come in cycle's just like HRoth noted they will send emails and will even call to follow up, never tell them that the card got declined
they dont need the products (at least in our line) all they want to know is that the transaction was successful

Never rely on the ip address as a pass
*firstly they use Us data centers
*or sometimes they will be using ip address belonging to isp like Comcast,Cablevison my guess is that they rent someone infected pc to Ssh tunnel

You should look for for a browsing pattern, allot of the work is done by bots

StoutFiles




msg:4295961
 4:20 am on Apr 12, 2011 (gmt 0)

You should look for for a browsing pattern, allot of the work is done by bots


If done by bots, wouldn't a captcha solve that?

jecasc




msg:4296009
 6:49 am on Apr 12, 2011 (gmt 0)

Are you really sure all the orders are fraud? Maybe there is something wrong with your fraud management and you flag to many orders?

I have ordered several times in the US and nearly all my orders seem to have been flagged as suspicious by the merchants since I had to send all kinds of additional information like copy of identity card when using my credit card or use another payment option like bank-transfer. Some merchants didn't know that AVS wasn't available in most countries, some where suspicious only because shipping and billing address didn't match. Left me with an impression of paranoia.

What makes you think the orders are fraud? Have you tried offering another payment option like COD (Collect on Delivery) when you considered the order to be fraud?
Or if you are sure that the orders are fraud - could you make a change to your website that discourages fraudsters, for example using a shipping service like USPS "restricted delivery"?

bwnbwn




msg:4296091
 12:12 pm on Apr 12, 2011 (gmt 0)

jecasc yes I verify with the issuing bank phone number of the customer on record. Been doing this for 12 years guys it has never been this bad. Usually it is an easy check address zip doesn't match, but the ones coming in now billing matches and it takes much more time to veify these orders. Oh and the orders aren't large either most under a 100 shipping to a US address, some to Fl. some to Ohio, some to NC, some to Calif and so forth. Use to be they would all be going to Miami Fl a dead give away but not anymore.

bwnbwn




msg:4296176
 2:35 pm on Apr 12, 2011 (gmt 0)

Just to add answers to your questions jecasc I have pay by money order, check, Google and checkout by amazon as payment options.

Name and billing match the oreders are all being shipped to a different address why the red flag and detailed verification.

If your using an automated checking then your probably sending out bad orders if not kicked out and verified by the bank phone number of record on the card holder.

no way in the world this is bots impossible for a bot to select several different products enter them into a cart fill the required data card number exp date different shipping address, select a shipping method, and checkout.

jecasc




msg:4296200
 3:06 pm on Apr 12, 2011 (gmt 0)

If you are really sure that the orders are fraud and it is so bad perhaps you could insist customers use "Verified by Visa" or "MasterCard SecureCode" when paying.

mattb




msg:4296205
 3:13 pm on Apr 12, 2011 (gmt 0)

You could also limit web orders to ship to the billing address only. If they need to ship to another address then maybe they have to call those orders in. Most of our orders ship to the same billing address. You might also check into 3rd party verification tools. Maxmind (maker of geoip) has fraud prevention tools. We've never had the need to use them so I can't say how effective they are.

Seems like there has to be a better way than calling for verification on all your orders...

bwnbwn




msg:4296218
 3:38 pm on Apr 12, 2011 (gmt 0)

jecasc mattb reason I did this post was a warning to all I am seeing a really well implemented fraud going on right now that is not something I have ever seen on this scale before. Some hacker got it all and is selling it to a bunch of different folks that have what looks like some ship houses set up to take the goods.

Realbrisk




msg:4296262
 4:56 pm on Apr 12, 2011 (gmt 0)

If done by bots, wouldn't a captcha solve that?

would you mess with it when you shop online

Are you really sure all the orders are fraud? Maybe there is something wrong with your fraud management and you flag to many orders?

yes we verify them

no way in the world this is bots impossible for a bot to select several different products enter them into a cart fill the required data card number exp date different shipping address, select a shipping method, and checkout.

we still have (for short time) a dumb Cgi shopping cart
and we require initials and almost always get filled with some random number, my guess its the cvv

How we spot them

The name looks generic something like daniel greats
The email address would be Mrbrown@expl.com when the persons name is daniel greats
Capitalization is not consistent like first name lower case last name uppercase
Phone number area code doesn't match
plus our site navigation is alphabetical and always it will be the first few of each letter

We check them by
Using our analytics we can see first time the computer visited was from Gahana , User language, referrer url, browsing habits
Doing reverse lookups on white pages
Verifying with billing address at phone number listed in whitepages
Bank verification (never to helpful)
The bombardment of orders

Somehow after a while you get the vibes

bwnbwn




msg:4296273
 5:06 pm on Apr 12, 2011 (gmt 0)

Realbrisk this is what I am trying to tell you the ip's are not from China, Guam, or anyother country but from the good ole USA. I don't ship outside the US so IP's outsside the US except an APO is toast. This has been a real easy fix and one we can catch very fast and easy. This new deal IP's are from USA home IP's. We can pretty much rule it fraud if their billing is from Ca. but the IP is from Ohio. Although you just really arn't sure so we check the phone of record.

The name looks generic something like daniel greats
I have told ya already they are using the correct billing this is the correct name on the card.

The email address would be Mrbrown@expl.com when the persons name is daniel greats
Who doesn't use a yahoo msn google email to do orders just common pratice and in now way should ever be seen as a bad order because of the email address. I look at them but this has no factor in the order being process or flaged
Capitalization is not consistent like first name lower case last name uppercase
Been there seen that these are not even close to that they are out to get as much as they can as fast as they can before the cards are canceled.

[edited by: bwnbwn at 5:16 pm (utc) on Apr 12, 2011]

StoutFiles




msg:4296279
 5:10 pm on Apr 12, 2011 (gmt 0)

If done by bots, wouldn't a captcha solve that?


would you mess with it when you shop online


If I filled out an entire form and then had a small captcha at the end, would I abandon all the time I just put into the order? No.

Realbrisk




msg:4296325
 6:29 pm on Apr 12, 2011 (gmt 0)

Realbrisk this is what I am trying to tell you the ip's are not from China, Guam, or anyother country but from the good ole USA. I don't ship outside the US so IP's outsside the US except an APO is toast. This has been a real easy fix and one we can catch very fast and easy. This new deal IP's are from USA home IP's. We can pretty much rule it fraud if their billing is from Ca. but the IP is from Ohio. Although you just really arn't sure so we check the phone of record.


Thats why I say That ruling by ip is worthless

The email address would be Mrbrown@expl.com when the persons name is daniel greats


I am not referring to free email providers as the fraudsters can register their own domain name

but if your name is daniel greats your email should not be Mrbrown123 this is my observation

bwnbwn




msg:4296390
 8:28 pm on Apr 12, 2011 (gmt 0)

Real gotta ya on that. I am just so frustrated with this I am moving in another direction anyway and the time I have to spend with the ecommerce stuff just isn't cutting it now. Decided to just go ahead cut this so I can spend the time more productive in an area I am/have decided to go. 12 years is a long time to give up but looking at the sales going down due to economy, gas prices, wanna bes moving in for a short period then gone with their low low prices I have cut the ability to buy on the site. Fraud orders arn't the reason I just need to free up time and put it in an area that will be more productive. Hey the experience of being in this is something I have. Nothing is better than having been in the trenches.

sleepy_eye




msg:4296418
 8:54 pm on Apr 12, 2011 (gmt 0)

We see alot of fraud from people using proxies. Easy to spot though, states don't match or ISP's. That doesn't automatically mean fraud though.
One thing maybe bwnbwn if you advertise online check see if your adds are not displayed in high fraud countries.

bwnbwn




msg:4296438
 9:18 pm on Apr 12, 2011 (gmt 0)

Don't advertise online. I do have a good serp's in a good number of other countries due to my link profile. Maybe a reason but the IP's the orders are coming from are not proxie but home based Ip's within the USA. I can use Google to look at the house. Reporting them is a waste of time been there dont that.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved