homepage Welcome to WebmasterWorld Guest from 23.20.149.27
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Website
Visit PubCon.com
Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

This 34 message thread spans 2 pages: < < 34 ( 1 [2]     
Credit Card Fraud
Why don't banks and merchant account providers care and what can we do?
joestern




msg:648007
 12:51 am on May 22, 2006 (gmt 0)

We repeatedly get fraudulent orders attempts on our website, and some make it through. Generally, these orders are for several hundred dollars worth of merchandise, often in the low thousands.

When we spot them (we do miss some, but we get most) we generally try to call the issuing bank to report the fraud. We can lookup the bank information on our merchant account website by entering the first six digits of the credit card number at issue.

Generally, when we do this, the company simply tells us that the purchase must be bad. We ask them to notify their security department, and they say that's the customer's responsibility. So then we try to get our merchant bank involved. They tell us to call the police. Of course, the police will take a report, but we have to do it locally, and the fraudster is generally thousands of miles away. So, it's all a big waste of time.

Why isn't there some organization that cares? Why don't customer's banks want this info so that they can mitigate their losses? Easy answer is: they simply charge them back to us, the merchants, so they couldn't really care less. They pull the money back from us, plus a charge for the service, and pop out a new account number and card for the customer.

As merchants, we need a better system. We see the same fraud attempts repeatedly from the same IP address, and to the same shipping address. We need some central location where all merchants can report this information and blacklist these shipping addresses (generally stores like Mailboxes Etc. and other drops). Email addresses are easy to change, but often these orders originate from the same IP address - or overseas IP addresses.

 

RailMan




msg:648037
 8:22 am on May 31, 2006 (gmt 0)

If your only shipping to the billing address you are way behind. You cannot run a successfull e-commerce sites with restrictions like that. People send gifts, people travel and they're going to want to ship items to other locations.

the vast majority of products sold are not sold as gifts so no need to use a separate delivery address (which makes AVS etc worthless) - only use a separate delivery address if you really need it - flowers are likely to be sent as a gift - car parts are not - just good old common sense
and if you use a separate delivery address, be careful - if the order looks like someone buying flowers for mum's birthday and the delivery address is "local" then likely to be ok - but something like mr jones placing an order for delivery to a warehouse 1000 miles away looks dodgy - again, common sense prevails
the problem comes when merchants think they should always have a separate delivery address in case someone wants to send a gift ............

You [ the merchant ] are just the dirtbag out there shilling on the Internet. Your job is to give them [ card issuers ] their "share" of your revenue (and even their "share" of your refunds).

if that's how you feel, why be in business?

I gave up years ago reporting fraud. No one cares, not Visa, not MasterCard, not our acquirer, not our online processor, not the FBI, not local police.

and why should they? at the end of the day, it's your job as a merchant to handle (cancel / ignore) the frauds - most of the time they are easy to spot - accepting a fraudulent transaction is one of incompetence, ignorance or greed ........ why complain when it's charged back?

The reason why no one cares but you and me is this: you and I pay for fraud, no one else.

sounds like you're not running your business properly. large department stores budget for theft - the costs of theft (and security systems / tagging equipment / security guards etc etc) are all built in to the sale price of their products. you should be doing the same - passing on all costs to the customer, not taking the costs out of your own pocket.
but then again, why should i be telling you this? maybe it's in my interests if your business fails .........?

Ben_Graham




msg:648038
 11:29 am on May 31, 2006 (gmt 0)

RailMan:

if that's how you feel, why be in business?

I don't like the way that Visa and MasterCard do business, and the way that they treat merchants. I don't believe I have to close up shop and lay people off to prove that point.

accepting a fraudulent transaction is one of incompetence, ignorance or greed ........ why complain when it's charged back?

sounds like you're not running your business properly. large department stores budget for theft - the costs of theft (and security systems / tagging equipment / security guards etc etc) are all built in to the sale price of their products. you should be doing the same - passing on all costs to the customer, not taking the costs out of your own pocket.
but then again, why should i be telling you this? maybe it's in my interests if your business fails .........?

Just to clarify, you've called everyone that has accepted a fraudulent transaction incompetent, ignorant, or greedy. Then, you've suggested that I'm not running my business properly because I think that Visa and MasterCard should work with merchants to reduce fraud instead of just pushing costs back to them.

Oh, and just because a store works the cost of theft into prices doesn't mean they don't care when people shoplift. Having your property stolen, directly or through fraud, is not a good feeling. Having to put resources against monitoring your transactions for fraud is expensive, and trying to find a better way is a worthy goal for all online merchants.

Thank you, RailMan, for your well-thought and carefully prepared responses. They have been extremely helpful and are a tremendous contribution to this archive of knowledge.

fraud master




msg:648039
 4:52 pm on May 31, 2006 (gmt 0)

"the vast majority of products sold are not sold as gifts so no need to use a separate delivery address (which makes AVS etc worthless)"

I guess if you run a small e-commerce site you may not see a lot of orders not shipping to the billing address but the company I work for outsources 60 different sites everyone from Zales.com to Timberland.com to RadioShack.com which are high risk to low risk sites like Linens N things and PBS.

Point being we take as a whole 10's of thousands of orders a day during slow times. Out of theres a lot of valid orders shipping to a different address. If we only had people ship to their billing we would lose millions of dollars. Theres ALL types of reasons to ship items to a different address

-send gifts to son or daughter at college
-birthdays
-traveling on business
-holidays

Your really limiting yourself if you deny orders that do not ship to the bill to.

RailMan




msg:648040
 7:46 am on Jun 1, 2006 (gmt 0)

think that Visa and MasterCard should work with merchants to reduce fraud instead of just pushing costs back to them.

errr ..... visa and mastercard have brought out verified by visa and mastercard securecode .... they also do real time AVS and CVV checks .... they have provided the tools to identify fraud etc

but then the merchants don't bother using the tools ........

or they accept a transaction and find the billing address etc matches, but ship the goods to lagos or wherever, then complain about fraud .....

what can visa or mastercard do if the merchants don't use the tools provided, or don't use common sense? (the answer is nothing)

the overwhelming majority of fraudulent transactions can be identified / prevented by using the tools provided and using a little bit of common sense - that's all there is to it ....

Having to put resources against monitoring your transactions for fraud is expensive, and trying to find a better way is a worthy goal for all online merchants.

using real time processing / AVS / CVV / VbV etc etc etc is not expensive - and in any case it's a cost that's built into your pricing and passed on to the shopper

the biggest reason for NOT using real time processing and the anti-fraud tools is that merchants complain about the cost - they all want the lowest possible transaction fees - and like i said, the costs (like any other business costs) have to be passed on to the shopper

This 34 message thread spans 2 pages: < < 34 ( 1 [2]
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved