Id never fax my CC statement to someone id just cancel the order.
CC fraud is a big problem but I dont lose any sleep over it, if yoususpect a card is a fraud then ask them to send you a cheque.
I currently accept credit cards through Paypal and if the address is unverified I send them a polite email saying that it's against company policy to ship to an unverified address. 7 times out of 10 they verify their address. I know it doesn't protect me fully from chargebacks but it helps.
Make sure you require a signature on delivery, get the 3 digit secutiry code from the back of the card, make sure the address verifies and that's about all you can do. You can still get nailed by fraudsters even with those in place, but it the best way to go short of making them fax in an authorization, which will kill your conversion rates.
Most banks will verify the phone number along with the rest of the address. They'll only give a 'yes' or 'no' answer so you have to get the phone number from the customer.
But the thing is that my company is based in the USA though I only deal with customers from outside the USA.
So paypal or cheque is out of the question, card # verification only works with visa and mastercard with my particular merchant-gateway account.
I know its a tough one and just want to make sure I do the best I can not to get nailed.
We run into a lot of international fraud on a e-commerce site we manage.
Even though you can only do CIDs on Visa/MC with your processor, DO THEM. It will cut a significant amount of fraud out. We also have a client that will only ship international to the billing address: No exceptions. I don't know if that is doable for your business, but it's something to consider.
And, this goes without saying, but make sure you're verifying the full billing address instead of just the number/expiration.
Thank you for that info,
I actually spoke to my merchant account rep and was told that the AVS checking system does not always work properly for International addresses as some foreign banks don't support it. So that kind of cuts that out. The card verification # is indeed a valuable tool.
Was wondering if any of yu have experience making phonecalls to the alledged International card holder to verify?
In our experience (we have a lot!). Most fraud attempts are made using stolen/hacked credit cards issued by a US bank for shipment to a developing country. It is extremely useful if your payment gateway will let you know whether the country of the invoice country matches that of the country of the issuing bank.
We have lost so much sleep over this that we now use Worldpay with their guarrantee scheme against chargebacks. it costs 1% extra and another fee at 20 GBP per month. Althougth our chargeback rate is less than 0.5% now, we felt that it is well worth it.
Call the customer and ask them for their credit card details if you don't already have them.
Ask them to flip over the card and give you the customer service telephone number too. (or you can figure it out from the first 6-digits if you're smart) :) Call the bank and tell them you want to do an address / telephone verification.
I know most UK banks will not do this. Mexico and many other countries do, it all depends I guess. Once they verify the phone number is accurate you can be pretty sure that when you call that number you're talking to the real credit card holder.
If they won't verify it for you, tell your customer their bank won't allow you to verify it and they'll have to come up with other payment arrangements.
Or you can charge them 2 random amounts between $0.01 and $1.00, and have them verify with their bank the amounts they were billed. That way the only way to get it right by fluke is a 1/10,000 chance :)
|In our experience (we have a lot!). Most fraud attempts are made using stolen/hacked credit cards issued by a US bank for shipment to a developing country. It is extremely useful if your payment gateway will let you know whether the country of the invoice country matches that of the country of the issuing bank. |
That's a good one. Checking the issuing bank location and IP address of the customer can also help weed out bad orders.
Sometimes a US citizen has valid reasons for having an overseas address, but many times, you can weed out fraudulent orders.
Also, just sending an email asking for verification helps as well. When an order is suspect, I send out a standard form email asking for verification of the address (saying we couldn't verify it). Honest people respond, fraudsters do not.
Also, even though the fees are higher, maybe you want to PUSH for AmEx. At least it's only one place to call for verification. It's not like you're staying up until midnight to call Europe during business hours or something. AmEx does have a flat fee billing plan, I think it's $5 a month if you're processing less than $X,XXX AmEx. I don't remember exactly.
I make a small-business e-com site in Canada and we're also trying to deal with fraud attempts.
So far, they're not too difficult to tell, most follow the same pattern: large orders, overseas, different shipping and billing adresses and hotmail or yahoo account... But we're getting more and more.
We want to establish a special policy for overseas orders. Requesting a fax copy and signature may hurt the conversion rate, but we would apply this only to overseas orders and offer the choice of using Paypal instead. Requesting a signature at delivery also looks like a good idea.
We don't use real-time processing, because it doesn't seem to do much in terms of covering the merchant. I understand that it helps a lot in reducing the number of fraud attempts that you get in the first place. But you still have to validate orders and certainly cancel some of them. Isn't it even more troublesome because you're then dealing with a transaction already processed at the bank / credit card company?
Thank you born2drv!
Your suggestion to charge two small amounts and have the customer verify that amount is an excellent idea!
I feel that that is the most simple and effective way to verify and order.
|We don't use real-time processing, because it doesn't seem to do much in terms of covering the merchant. I understand that it helps a lot in reducing the number of fraud attempts that you get in the first place. But you still have to validate orders and certainly cancel some of them. Isn't it even more troublesome because you're then dealing with a transaction already processed at the bank / credit card company? |
When you set your gateway preferences, you have a choice between authorization only or authorization AND simultaneous settlement. With auth only the charges are in a "pending" phase until you manually settle them. That's were you can weed out fraudulent orders. If you have authorization AND charge, then, you'd have to void those transactions before the batch settles (if done automatically) or before you settle the batch.
I just stumbled on this page, try it
Thanks Night Hawk,
that is a great tool. Will look at it more in-depht when I get a little more time today and put it to the test!
HI TAKE A GUESS WHY IM HERE!? I'LL TELL YOU- SOMEBODY FROM WEBMASTER WORLD STOLE MY CC# TO PURCHASE A ONLINE CASINO-GAMBLING SITE! WELL IN THE HUNDREDS! WISH I RUN INTO HIM/HER!