Welcome to WebmasterWorld Guest from

Forum Moderators: buckworks

Message Too Old, No Replies

How to prevent fraud for service purchases



3:22 pm on Aug 6, 2006 (gmt 0)

10+ Year Member

If you ship goods, you can use address verification, and make sure that the shipping address matches the credit card address. But, I don't ship goods, I provide a service on my site, so I can't confirm the shipping address.

What can you recommend to prevent people from using stolen credit card numbers?

I already do the following:

-- Block orders out of US/Canada
-- Check address verification
-- Check the cvv code

I get too many orders to verify by phone. Somebody using AOL has been using stolen credit cards on my site for several months, resulting in a few chargebacks, and it is very frustrating that even though I know it is the same person doing this over and over I can't stop him (I can't just block the AOL ip). He deletes his cookies, and always knows the correct address and cvv on the cards he uses.

Can anyone recommend anything else? Do you think AOL would do anything if I complain?

fraud master

11:01 pm on Aug 6, 2006 (gmt 0)

5+ Year Member

look for patterns in the bad orders. what about those orders stood out compared to any of them. His ip is AOL what are his e-mail addresses? Especially when its the same person, many times there will be one or two constant variables that stand out.

use public searches to connect the name and address to the billing phone. If you can identify the difference between a bad looking order and a good order, than only call to verify on the ones that look off.


11:29 pm on Aug 6, 2006 (gmt 0)

Collect a phone number with the order without telling them. A fraudster is very unlikely to list the number of the card holder. Check the number in Google to see if it matches the address. Check the IP address on the order to see if the location matches the billing address, check the phone number to see if it matches the city on the billing address. Call the number to see if the name or business is on the answering machine. Speaking to someone on the other end of the phone is useless (if its the fraudster they will lie). Not having the time to do the research is probably not solvable, you will have to dtermine whether it is worth your time financially.


3:27 am on Aug 7, 2006 (gmt 0)

10+ Year Member

Thanks for your suggestions.

ispy, on some fraudulent orders, they use the correct billing phone, but on others, they provide nonsense phone numbers. I will start checking those more carefully. It's not worth my time to call around (hundreds of orders daily), but maybe checking the area code will give an extra "red flag".

Fraud master, I did try doing some behavioral profiling to see if I could dig out other fraudulent transactions. One thing that can be great is to check the password -- a lot of scammers reuse the same password over and over. (The email addresses this particular scammer uses are all AOL, but don't follow any other particular pattern)

I tried the following as a behavioral search. I searched for people who placed an order within 30 minutes of their first ever visit to our website, never logged into the account again, and used a free or aol email address. The result was very promising -- it caught several orders I had already identified as fraud by other means. With a little more refinement this could be a big help.


4:12 am on Aug 7, 2006 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member

I found that by simply logging their ip address and showing that the ip address is being tagged deterred alot of them...

On the phone number issue, we found that most use cell phones and it's very hard to find info on those numbers and today with all the throw away ones .. ie go phones and such.

Last year we had a guy that was actually having items shipped to the confirmed billing address of the card holders. He would then wait for our email with the tracking number information and actually wait outside their houses for the package!


1:05 pm on Aug 7, 2006 (gmt 0)

10+ Year Member

If he is using an AOL ip address that geolocation says is in the US, does that mean he's in the US?

ie, does anyone know if there's any way for people overseas to use aol ip addresses as a proxy? I think aol is offered overseas, but I don't know how the ip addresses show up for those people.

If this guy is in the US, it might be worth pursuing legally.

Corey Bryant

1:12 pm on Aug 7, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

You might ask for the issuing bank on some and then check to see if those match. Most hackers are still not privvy to this information yet - even though it is simple to find. It might ward them off for awhile



2:27 am on Aug 8, 2006 (gmt 0)

10+ Year Member

Hello Corey Bryant,
I appreciate the input -- but how does one go about checking the issuing bank? Should this be available through my merchant account website somehow, or would I have to call my credit card processor?

fraud master

2:09 am on Aug 9, 2006 (gmt 0)

5+ Year Member

visa = 800.847.2750 option 2, enter cc and get the # to the issuing bank

can't remember mastercards off the top of my head. let me know if you want it an I will look it up next time im at work.

fraud master

2:10 am on Aug 9, 2006 (gmt 0)

5+ Year Member

oh also Amex's automatic verification # is 800.528.2121


12:31 pm on Aug 9, 2006 (gmt 0)

10+ Year Member

Thanks, I never knew about that. I don't know if I want to start asking everyone for the issuing bank since it is nonstandard and I don't want to scare people away from my ordering form, but I may start using it for certain types of orders.


3:17 pm on Aug 9, 2006 (gmt 0)

10+ Year Member

Are all the chargeback reason codes realted to fraud.

Many times merchants think the chargeback is fraudulent when in fact its "services not rendered," which is non-related to a fraudulent reason code.


1:28 pm on Aug 10, 2006 (gmt 0)

10+ Year Member

Hello Morocco,
No, it was definitely fraud -- reason was listed on the documentation from my cc processor as "Fraudulent transaction -- card not present"

When people are upset about services, they usually seem to call our customer service number listed on their credit card statement and we get it straightened out. But when they have their card stolen and see 20 unauth'd charges on their statement, they don't bother contacting the merchants, and we get hit with a chargeback without any chance to refund them first.

I bet whoever gets my $30 chargeback fee loves that -- somebody gets a card stolen, submits 20 chargebacks, and they suddenly get $600 for free. It has always seemed a little ridiculous to me that credit card companies should make a profit when a card gets stolen. No wonder nobody prosecutes credit card theft.


2:15 pm on Aug 10, 2006 (gmt 0)

10+ Year Member

If the chargebacks are related to fraud you need to implement VbV and MCSC.

VbV will eliminate your liabilty for fraud for all your Visa transactions regardless of cardholder enrollment.

MCSC only protects on enrolled cards but it helps out somewhat.

Combined they'll drop your fraud by probably 60%

Please note I'm speaking from a US merchant perspective. I understand the coverage ranges depending on your region outside of the US.


Featured Threads

Hot Threads This Week

Hot Threads This Month