| 6:35 pm on Nov 19, 2004 (gmt 0)|
There are stacks of perl and php scripts with GeoLocator dbs to be attached (for a price) out there - try Google.
With specific regard to your problem one simple solution would be don't ship where the billing address is not even on the same continent as the shipping address ;)
IMHO IP blocking has limited use other than removing casual fraudsters... the heavies know how to on-ramp via a local provider to make it seem they are connecting from a local IP range.
The devil is in the ship-to address. If you're selling anything remotely desirable to poorer countries (from experience auto parts, printer toner cartridges, PC's or PC kit) then you may want to consider a "delivery only to validated addresses" caveat on your order page and use Bank AVS and/or third party scoring to help you make a decision.
Hope this helps
| 7:06 pm on Nov 19, 2004 (gmt 0)|
Here's what we did. In our shopping cart we removed offending countries like Nigeria so there was no way they could order.
Hope this helps
| 7:09 pm on Nov 19, 2004 (gmt 0)|
Wow Voxman, that is such a simple solution, yet so effective. Sometimes reading this board really highlights what a bright bunch you all are.
| 7:29 pm on Nov 19, 2004 (gmt 0)|
We did that too. Works like a charm.
On rare occasions we'll get a dim Nigerian who still tries, and the city and country come in as 'Lagos, Sweden'.
| 7:32 pm on Nov 19, 2004 (gmt 0)|
We never had Nigeria on our ship-to drop down form. Still, occasionally we get orders to be shipped to "Lagos, Nebraska" or the like. Hard to stop them.
Only problem is that those huge fraudulent orders sometimes mess up our stats program.
Otherwise I kind of like 'em. I know that some of our competitors DO fall for those obvious scams.
| 11:01 pm on Nov 19, 2004 (gmt 0)|
No you guys aren't understanding me. I don't ship to any suspicious countries. But they still are ordering with addresses such as...
jhkjhkj, CA 99999
Or even the stolen card owners real USA address. They are doing this for no reason other than to be annoying. I wish I could see these people face to face to end it real quick.
The only IP service company I found was quovo. Any ideas? I have IP ranges of these fraudsters.
| 5:49 am on Nov 20, 2004 (gmt 0)|
We get some fraudulent orders from Nigeria to be shipped to real addresses in the U.S. In some cases the Nigerian will attempt to have UPS reroute the shipment in transit to another address. These are pretty obvious because the orders are always huge.
Why kind of cart are you using? Perhaps they are testing it. I really doubt they are playing games merely to bother you.
I do know that Nigerians will "mark" bulletin boards with code phrases to indicate they have "harvested" the email addresses on the board. They want other Nigerian fraudsters to stay away. Those emails are used in Nigerian Letter Scams.
| 6:38 am on Nov 20, 2004 (gmt 0)|
Ah, this jogs a memory - we had an order that went through fine without a warning flag: billing address match, zip code match the whole deal. It was to be shipped to another address, but it was a valid US address - so no problem there.
Then a couple of months later, the real cardholder charged it back - it was a stolen card. No wonder the billing address was okay.
Here's the rub: the ship to address was a mail-forwarder business. They receive packages and send them out again. I don't remember the name of the business, but their website claim that many of their customers live abroad and would like to be able to get packages in the US.
Wonder how many of their customers are scammers...
| 6:54 am on Nov 20, 2004 (gmt 0)|
The subject of freight forwarders has come up several times here. There are many of them in major port cities, especially Miami. Usually you can determine whether it is a forwarder by searching for the address in Google. Many forwarders have websites. I'm not an expert on their riskiness, but I know that they are often used for legitimate reasons. It's a tough call.
| 10:36 pm on Nov 22, 2004 (gmt 0)|
You can block access from entire countries quite easily using the FREE maxmind geoip download.
Install mod_geoip and configure your httpd.conf (or .htaccess) with :-
#To block Nigeria
SetEnvIf GEOIP_COUNTRY_CODE NG BlockCountry
Deny from env=BlockCountry
| 7:58 pm on Nov 30, 2004 (gmt 0)|
Does anyone know if the IP database offered by [ip2location.com...] is highly accurate? I want to make sure I wont be blocking any legit traffic by using it. Anyone know?
| 10:26 am on Dec 1, 2004 (gmt 0)|
|No you guys aren't understanding me. I don't ship to any suspicious countries. But they still are ordering with addresses such as... |
jhkjhkj, CA 99999
Have exactly the same problem every week, drives me nuts. Nearly all the IPs resolve to Lagos, funnily enough...
| 10:49 am on Dec 1, 2004 (gmt 0)|
i suspect they are just testing how your cart works, going through the checkout process to see how the pages fit together, that kind of thing, there could be all kinds of reasons to do this - they could be trying to inject sql code to try and bypass your filters or run queries on your database.
one of the main guards against fraud (in any country) is that if an order seems too good to be true, then it probably is.
| 12:36 pm on Dec 1, 2004 (gmt 0)|
You could be right topr8, which is not a pleasant thought, although I have always assumed they are testing card numbers.
| 7:12 pm on Dec 2, 2004 (gmt 0)|
My hosting provider will block ranges of IP addresses for me. I nuked most of China about a year ago because of some really obnoxious activity on the web site (not necessarily fraudulent orders).
The danger is that you *might* end up blocking more than you intended, but it's a minor price to pay. I can't imagine any reason someone in Nigeria needs to even *see* my web site, let alone place an order on it.
| 8:03 am on Dec 7, 2004 (gmt 0)|
As for China...I bet that it was hacking attemps which we figured a much better way of thwarting..but I can't for obvous reason publicize how it was done...company secret..It's an awfully big market to just ignore...
| 8:05 am on Dec 7, 2004 (gmt 0)|
Testing card numbers and sometimes a competitor just testing your cart system. For the former... batch don't go live to the bank...for the latter...nothing you can do...I mean you test your competitors systems don't you? Lol
| 4:16 pm on Jan 7, 2005 (gmt 0)|
This just in for your amusement- I just received this eMail and I find it so absurd from the getgo, I simply had to share, as one of the more ridiculous examples of the genre. I can't believe he expects it to have even the slightest chance of success. Good for a larf anyway:
Am intrested in buy some items in your store,but i want to confirm if you ship international by credit card.In the maintime i will like to know if you are going to ship to my warehouse,Pls send me your website so i can order for the items am really intrested in so you can send me total cost plus shippment to my warehouse.
plot 22,o____ street
off l____ access road,
west africa 23401
am looking forward to read from you soon
| 4:25 pm on Jan 7, 2005 (gmt 0)|
LOL! You must have a really hot product for him to want to buy a large quantity sight unseen and having no idea what it actually is!
| 8:09 pm on Jan 7, 2005 (gmt 0)|
The big mystery is why all this fraud originates primarily out of Nigeria. Why not Mali? Why not Chad? Why not Burkina Faso, Madagascar, Somalia or Equitorial Guinea? I mean, did a foresighted Nigerian government embark upon a 5-year plan to make Internet fraud the national enterprise and dominate the field? Did they grant scholarships to all the top Nigerian universities to offer advanced degrees in (inept) online fraud, or what?
| 7:11 am on Jan 9, 2005 (gmt 0)|
luckychucky, I received a very similar email this week, fortunately I was on my game that day and did not sent my entire stock to the emailers warehouse hoping he would pay me upon receipt. ;)
| 12:01 pm on Jan 10, 2005 (gmt 0)|
We get lots of orders from Nigeria and Indonesia too. Very irritating.
What we did was 3 things.
First have the data base from Geo targeting redirect any one from a list of chosen countries sent to a page on our site which says our site is down. This way they will think something is wrong with our site and not come back. It seems to work as there is less trafic now from those countires.
Second, when we prosses an order, all the info from Geo Targeting is included in the order. This way we can reject the order if a few fraudsters have sliped by. Also since we ship world wide, its nice to compare if the countries are correct. Example, an order from Sweden but comes from Peru. In that case of course we don't ship.
Lastly, from the 'submit a question' boxes on our site, the Geo Targeting info is included. So if someone asks a question about a product on our site and they are from Indonesia, we know not to reply.
Hope that helps
| 8:07 pm on Jan 13, 2005 (gmt 0)|
We did exactly what Sleepy said there. I bought the IP geo DB from ip2location and send all traffic from offending countries to a mock 404 page. Works like a charm. Still not perfect, but highly effective. The countries we block are...
| 10:32 pm on Jan 17, 2005 (gmt 0)|
We do the same using the ip2location db (which we are happy with accuracy of) except instead of a 404 we redirect all Nigerian traffic the the FBI's Internet Fraud Complaint Center, just for fun.
| 9:21 am on Jan 24, 2005 (gmt 0)|
Glad to see other people using the same exmaple.
| 3:53 pm on Jan 24, 2005 (gmt 0)|
Why Nigeria? I'll give you a little background:
Nigeria boasts one of the most corrupt governments in the world. With this, and other economic factors, they are debt ridden and many people are unemployed or make very little.
This is what makes theft such a lucrative industry. Not to mention that Nigeria has one of the more profitible black markets for items purchased from the US. It is believed that 70% of all imports into Nigeria is done so illegally.
There is also nothing that can stop any of this from taking place. Although the government has claimed to hammer down on such crimes, there is little enforcement. Those that are enforced receive a slap on the wrist and never result in jail time.
Blocking IPs won't stop this completely. They are smart enough to nab credit cards, and they are smart enough to switch IP addresses. They will typically place 3-4 orders at once from multiple IP addresses around the globe.
The best security is a solid verification system. Besides basic address verification, throw up flags for individuals making large orders, originating from free e-mail address, suspect vowel count, and anything else suspicious.
These should be followed up with phone calls, and you'll find 99% of these orders will have fake phone numbers attached.
| 8:13 pm on Jan 24, 2005 (gmt 0)|
Yes, in Nigeria, you can get a associates or bachelors in E-con-merce. ;)
In the past, we've had alot of trouble with Nigerian orders. We've had many an order from Lagos, Sweden. But we purchased an annual service from StoreIQ to block a list of countries that we specify. Haven't had a single Nigerian order since. Plenty of scam e-mails though. I have a Yahoo store so it was easier for me to have someone else take care of this.
We haven't been hit with the freight forwarder as ship-to scam yet. But we don't deal in expensive or hard goods either. Can't see them going to too much trouble for a pretty woman's shirt. Actually, it's extremely rare that anyone orders more than one of an item. Any more than that and we get the "fraud sniffer" out.
[edited by: lorax at 9:17 pm (utc) on Jan. 24, 2005]
[edit reason] generalized biz name [/edit]
| 9:16 pm on Jan 24, 2005 (gmt 0)|
Welcome to WebmasterWorld desertjedi!
| 11:52 pm on Jan 24, 2005 (gmt 0)|
"he big mystery is why all this fraud originates primarily out of Nigeria. Why not Mali? Why not Chad? Why not Burkina Faso, Madagascar, Somalia or Equitorial Guinea?"
In terms of population, Nigeria is a very large country - just like China in Asia. On that basis alone, a fraudster is more likely to come from Nigeria than any other African country. Large countries are also harder to police effectively.
| This 32 message thread spans 2 pages: 32 (  2 ) > > |