homepage Welcome to WebmasterWorld Guest from 54.166.110.222
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

    
Need help regarding Fraudulant Activities - C.C. Decoder
Currently use Miva Merchant as my Shopping Cart
jtmoney77




msg:645543
 2:55 pm on Nov 10, 2004 (gmt 0)

Hi,
Around the end of August, our site was hit by someone using a credit card decoder. This person tried making over 30,000 transactions in a matter of a day. One transaction every 5 seconds. According to Wells Fargo, our bank, we owe $10,000 due to all the transactions ($.30 a transaction even if they did not go through)

Anyway, we may now have to go to court regarding this matter. We would like to find the person responsible for this. We looked through our stats but did not see any activity that really seemed to help me figure out where it came from. Has anyone else been through this and could give some ideas on what to do next.

We are not sure what steps to take. We currently use Miva, ValueWeb (host), Authorizenet (processor) and Wells Fargo.

We thank you for your time!

 

Voxman




msg:645544
 3:32 pm on Nov 10, 2004 (gmt 0)

That's one of the reasons we do not use 'live' to the bank processing. We batch overnight then submit which allows for you to 'catch' fraudulent transactions easier (and in your case saving a fortune) Another reason is you are not supposed to really take the money (in the US) before shipment takes place (which using a live system simply doesn't allow for that).

Hope this helps

FraudAdvisor




msg:645545
 6:02 pm on Nov 10, 2004 (gmt 0)

jtmoney77

I would be asking your payment processor what in heck it's velocity checking was doing - taking a nap?

Alas you've been stung by an all to familiar activity - merchants have lost their processing accounts due to this kind of activity.

Without knowing the precise details it's difficult to give you any pointers on what to do to prevent this happening - sticky me and we can explore in more detail.

Overnight batching or real time auth isn't really the issue - so long as you don't submit for payment before the goods leave you you are OK with real time auth - although overnight batching may have helped you ID the problem and bin the 30,000 requests.

Get in touch and we'll see what we can do for you.

chodges84




msg:645546
 7:06 pm on Nov 10, 2004 (gmt 0)

woah,

that sounds bad. I'm no expert, but shouldn't authorize.net have some way to pick up on this. 1 order every 5 seconds? you may have that many anyway, but from one person?

you must have some kind of case against them surely?

but I'm no expert.

mdean




msg:645547
 2:37 am on Nov 11, 2004 (gmt 0)

Wow, that's awful!

We use Miva too and I think I've seen a Miva module at MVCool that prevents a transaction attempt after so many tries. I believe it blocks them by their IP address...so they can't even use different card numbers. So many tries on the same computer and their done....I think.

Rubylily




msg:645548
 10:02 am on Nov 11, 2004 (gmt 0)

That's a real nightmare. I don't know how CC processing works in the US but here in the UK I use pre-auth (with WorldPay and my own merchant account) and I don't get charged a penny until I post-authorise the transaction. Huge fraudulent transactions (usually for ŁK's at a time) were costing me dear before I switched to pre-auth, as I was paying for the authorisation, which I then had to refund etc etc. and if my memory serves me correctly I think I was paying a charge for the refunds too.

Corey Bryant




msg:645549
 1:51 pm on Nov 11, 2004 (gmt 0)

Basically since you work with Authorizenet.com (which is the gateway - not the processor) and I am assuming Wells Fargo is the merchant account provider (MAP), both companies are probably dinging you for transaction costs - something like $.10 for authorizenet.com and $.20 maybe from Wells Fargo.

Now are all of these just transaction costs or did you also get hit with a lot of chargebacks?

You should call both companies & speak with them. Since both companies are separate, it might be difficult, but perseverance should pay off.

-Corey

jtmoney77




msg:645550
 7:35 pm on Nov 11, 2004 (gmt 0)

This site was built for a client of mine so they have been dealing with the bank (Wells Fargo). Since the bank will not discuss any info with me, I only know what my client tells me what they have to say. It seems they are not being to cooperative. The last thing they said was they will only make him pay for half the charges (that is still $5,000)

I think they should not make him pay for anything. I know some banks would not charge anything if this were to happen.

Anyway, I have emailed Authorizenet regarding issue. They said their engineers are trying to find the source of the activities. To answer the last question, I believe the fees are only for the transactions, not chargebacks.

Ill keep u all updated....

Thanks,
J

lgn1




msg:645551
 7:47 pm on Nov 11, 2004 (gmt 0)

Personally, I would not pay Wells-Fargo or Authorize.net a single cent. I would write them a nice little letter, explaining it is the responsibility of Wells-Fargo and authorize.net to spot and shutdown such an obvious security violation. A security flag should have been setoff. Threatening to go to the media, is also a good incentive.

As a precaution, I would also switch to a different bank and processor, so they cannot unilaterially grab your funds.

If these companies don't have security measures to detect this type of thing, you don't want to be dealing with them anyways.

jtmoney77




msg:645552
 8:08 pm on Nov 11, 2004 (gmt 0)

Threatening to go to the media, is also a good incentive.

Good idea!

Corey Bryant




msg:645553
 8:17 pm on Nov 11, 2004 (gmt 0)

The only problem - not paying the company could possibly put you on the TMF list & then you run the risk of not being able to get another merchant account. Some processors will work with you on opening up a new account if you have kept great records but you have to look into that aspect also.

-Corey

lgn1




msg:645554
 12:45 am on Nov 12, 2004 (gmt 0)

Thats why it is important to switch merchant accounts before this gets out of hand 'ie. while you are still negoatiating with Wells-Fargo.

I actually have two merchant accounts. In this business I can't afford to lose my ability to process credit cards. it cost me about $60 more a month, but it is well worth the peace of mind.

Its also a lot cheaper than setting up a new shell company, incase you find yourself on the TMF list.

Corey Bryant




msg:645555
 2:09 am on Nov 12, 2004 (gmt 0)

You still run the risk of the processor terminating you when they find oyu on the TMF list. It might not be as bad but there are always some problems. Also make sure that you do not have an exclusivity agreement with your processor. Some processors add this to their contrcts as well.

-Corey

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved