One of my companies (ecommerce) has been getting hit hard with fraudulent orders for almost a year.
We use all of the popular sophisticated tools and 3rd parties to check the order for flags in real time before it's processed. That stops about 3/4 of the transactions however the other 1/4 go through. Some weeks there's only a few dozen while others there are thousands processed.
For those that do get through they use the correct name and address on file, correct cvv code, and oddly enough same shipping address as billing*. Worst of all they go as far as using IP addresses geographically near the home of the person it was stolen from. There's nothing else we can do to stop these orders from going through without causing a problem for legitimate customers. There's too many per day to call and verify.
*We think one reason why they would use the same shipping as billing is that they are placing these somewhat small ticket orders to verify a working card.
Some of the people at my company have tried working with law enforcement including the FBI and government agencies. Maybe they aren't getting through to the right person because these groups have never followed up.
Because of this fraud we've accumulated a large amount of data on these people. Everything is logged and recorded. You would think that some agency out there would be interested in a group that has the true identities and credit cards for tens of thousands of people (likely more). A friend with another ecommerce company has the same issue and they are a little larger ($60M/year). They have taken these same measures and are not sure what else to do. They have had no success with reporting to the government agencies as well.
Anyone out there with unusual and helpful information about this type of problem?
Thanks if you can provide any, PM if necessary.