| 3:32 pm on Nov 10, 2004 (gmt 0)|
That's one of the reasons we do not use 'live' to the bank processing. We batch overnight then submit which allows for you to 'catch' fraudulent transactions easier (and in your case saving a fortune) Another reason is you are not supposed to really take the money (in the US) before shipment takes place (which using a live system simply doesn't allow for that).
Hope this helps
| 6:02 pm on Nov 10, 2004 (gmt 0)|
I would be asking your payment processor what in heck it's velocity checking was doing - taking a nap?
Alas you've been stung by an all to familiar activity - merchants have lost their processing accounts due to this kind of activity.
Without knowing the precise details it's difficult to give you any pointers on what to do to prevent this happening - sticky me and we can explore in more detail.
Overnight batching or real time auth isn't really the issue - so long as you don't submit for payment before the goods leave you you are OK with real time auth - although overnight batching may have helped you ID the problem and bin the 30,000 requests.
Get in touch and we'll see what we can do for you.
| 7:06 pm on Nov 10, 2004 (gmt 0)|
that sounds bad. I'm no expert, but shouldn't authorize.net have some way to pick up on this. 1 order every 5 seconds? you may have that many anyway, but from one person?
you must have some kind of case against them surely?
but I'm no expert.
| 2:37 am on Nov 11, 2004 (gmt 0)|
Wow, that's awful!
We use Miva too and I think I've seen a Miva module at MVCool that prevents a transaction attempt after so many tries. I believe it blocks them by their IP address...so they can't even use different card numbers. So many tries on the same computer and their done....I think.
| 10:02 am on Nov 11, 2004 (gmt 0)|
That's a real nightmare. I don't know how CC processing works in the US but here in the UK I use pre-auth (with WorldPay and my own merchant account) and I don't get charged a penny until I post-authorise the transaction. Huge fraudulent transactions (usually for ŁK's at a time) were costing me dear before I switched to pre-auth, as I was paying for the authorisation, which I then had to refund etc etc. and if my memory serves me correctly I think I was paying a charge for the refunds too.
| 1:51 pm on Nov 11, 2004 (gmt 0)|
Basically since you work with Authorizenet.com (which is the gateway - not the processor) and I am assuming Wells Fargo is the merchant account provider (MAP), both companies are probably dinging you for transaction costs - something like $.10 for authorizenet.com and $.20 maybe from Wells Fargo.
Now are all of these just transaction costs or did you also get hit with a lot of chargebacks?
You should call both companies & speak with them. Since both companies are separate, it might be difficult, but perseverance should pay off.
| 7:35 pm on Nov 11, 2004 (gmt 0)|
This site was built for a client of mine so they have been dealing with the bank (Wells Fargo). Since the bank will not discuss any info with me, I only know what my client tells me what they have to say. It seems they are not being to cooperative. The last thing they said was they will only make him pay for half the charges (that is still $5,000)
I think they should not make him pay for anything. I know some banks would not charge anything if this were to happen.
Anyway, I have emailed Authorizenet regarding issue. They said their engineers are trying to find the source of the activities. To answer the last question, I believe the fees are only for the transactions, not chargebacks.
Ill keep u all updated....
| 7:47 pm on Nov 11, 2004 (gmt 0)|
Personally, I would not pay Wells-Fargo or Authorize.net a single cent. I would write them a nice little letter, explaining it is the responsibility of Wells-Fargo and authorize.net to spot and shutdown such an obvious security violation. A security flag should have been setoff. Threatening to go to the media, is also a good incentive.
As a precaution, I would also switch to a different bank and processor, so they cannot unilaterially grab your funds.
If these companies don't have security measures to detect this type of thing, you don't want to be dealing with them anyways.
| 8:08 pm on Nov 11, 2004 (gmt 0)|
|Threatening to go to the media, is also a good incentive. |
| 8:17 pm on Nov 11, 2004 (gmt 0)|
The only problem - not paying the company could possibly put you on the TMF list & then you run the risk of not being able to get another merchant account. Some processors will work with you on opening up a new account if you have kept great records but you have to look into that aspect also.
| 12:45 am on Nov 12, 2004 (gmt 0)|
Thats why it is important to switch merchant accounts before this gets out of hand 'ie. while you are still negoatiating with Wells-Fargo.
I actually have two merchant accounts. In this business I can't afford to lose my ability to process credit cards. it cost me about $60 more a month, but it is well worth the peace of mind.
Its also a lot cheaper than setting up a new shell company, incase you find yourself on the TMF list.
| 2:09 am on Nov 12, 2004 (gmt 0)|
You still run the risk of the processor terminating you when they find oyu on the TMF list. It might not be as bad but there are always some problems. Also make sure that you do not have an exclusivity agreement with your processor. Some processors add this to their contrcts as well.