| 6:39 pm on Jun 20, 2011 (gmt 0)|
We don't provide the customer with the response
| 6:47 pm on Jun 20, 2011 (gmt 0)|
I get this periodically. Last week someone tried to place an order from a server in Iraq, then one in the UK two minutes later, then back to Iraq, six attempts in a row, all going to places like Dubai, Jordan, UAE, etc. Then two weeks ago I had a $650 order from someone with a billing address in Chile, shipping address a Miami forwarder, ordering from Canadian ip, and calling from cellphone in CA. This person actually called me repeatedly as well, wanting to know if I would accept (phoney) money order or Western Union or would I overnight it or could she come and pick it up in person (from 500 miles away). And then there are the "I will like to order" emails. I could create a fraud filter just based on the phrase "I will like to order." I often write back "I will like to know why you will like to steal from me."
| 11:29 pm on Jun 20, 2011 (gmt 0)|
lol... I know, it's funny. All the effort they make... You'd think proper English would be first on the list, but I guess not.
| 1:50 pm on Jun 21, 2011 (gmt 0)|
|We don't provide the customer with the response |
olimits7, Realbrisk said something important here.
if they are submitting over and over again with different card numbers, rest assured they're using your cart as a test bed for their stolen cards.
| 4:41 pm on Jun 21, 2011 (gmt 0)|
I know that on my shopping cart you can make a limit of, for example, three declined attempts, before that user will be unable to submit again for a designated period of time (say, 15 minutes).
You should see if your ecommerce platform has something similar.
| 8:56 pm on Jun 21, 2011 (gmt 0)|
Thanks for the replies!
I don't provide my customer with a detailed reply of why their credit card was declined (no avs/ccv response); all my website responds with is something like "the credit card used was declined, please try a different payment method"...which I think is the norm with most websites.
That's a good thing to look into; does anyone know if Authorize.Net offers a feature like this to limit the number of declined attempts from the same user or is this something my shopping cart needs to have in place?
| 9:05 pm on Jun 21, 2011 (gmt 0)|
Did you check out Authorize.Nets Fraud detection suit
| 9:31 pm on Jun 21, 2011 (gmt 0)|
Hi, yes...just got done talking to them and i can have this feature by adding the AFDS; which is great!
| 9:49 pm on Jun 21, 2011 (gmt 0)|
|I recently noticed this one guy who tried to place the same order 8 times in a row, and each time with a different credit card number. The order kept getting declined because each order he tried to submit came up with "no match on street or zip code". |
I've seen some nasty order attacks and you pay a fee for each attempt. Customers get a cut-off at about 10-15 attempts so they don't bankrupt me with transaction fees and 5 card # changes gets the axe as well.
I also pre-screen transactions and test the IP against the address and if the country doesn't match I dump it before calling the gateway. The GEO-IP services work OK for most IPs but obviously fails miserably on wireless broadband transactions.
Just a couple of tricks to play to save some fees
I don't provide the decline reason either, I offer them Paypal ;)
| 5:20 am on Jun 22, 2011 (gmt 0)|
Also, one thing about the cart I use also has recaptcha set up on a velocity filter, so if they keep switching from IP to IP (and they aren't being tracked by cookies), if enough declines by any customers come in within a predefined time, then the recaptcha kicks in for like ten minutes or so.