Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: buckworks
What can you recommend to prevent people from using stolen credit card numbers?
I already do the following:
-- Block orders out of US/Canada
-- Check address verification
-- Check the cvv code
I get too many orders to verify by phone. Somebody using AOL has been using stolen credit cards on my site for several months, resulting in a few chargebacks, and it is very frustrating that even though I know it is the same person doing this over and over I can't stop him (I can't just block the AOL ip). He deletes his cookies, and always knows the correct address and cvv on the cards he uses.
Can anyone recommend anything else? Do you think AOL would do anything if I complain?
use public searches to connect the name and address to the billing phone. If you can identify the difference between a bad looking order and a good order, than only call to verify on the ones that look off.
ispy, on some fraudulent orders, they use the correct billing phone, but on others, they provide nonsense phone numbers. I will start checking those more carefully. It's not worth my time to call around (hundreds of orders daily), but maybe checking the area code will give an extra "red flag".
Fraud master, I did try doing some behavioral profiling to see if I could dig out other fraudulent transactions. One thing that can be great is to check the password -- a lot of scammers reuse the same password over and over. (The email addresses this particular scammer uses are all AOL, but don't follow any other particular pattern)
I tried the following as a behavioral search. I searched for people who placed an order within 30 minutes of their first ever visit to our website, never logged into the account again, and used a free or aol email address. The result was very promising -- it caught several orders I had already identified as fraud by other means. With a little more refinement this could be a big help.
On the phone number issue, we found that most use cell phones and it's very hard to find info on those numbers and today with all the throw away ones .. ie go phones and such.
Last year we had a guy that was actually having items shipped to the confirmed billing address of the card holders. He would then wait for our email with the tracking number information and actually wait outside their houses for the package!
ie, does anyone know if there's any way for people overseas to use aol ip addresses as a proxy? I think aol is offered overseas, but I don't know how the ip addresses show up for those people.
If this guy is in the US, it might be worth pursuing legally.
When people are upset about services, they usually seem to call our customer service number listed on their credit card statement and we get it straightened out. But when they have their card stolen and see 20 unauth'd charges on their statement, they don't bother contacting the merchants, and we get hit with a chargeback without any chance to refund them first.
I bet whoever gets my $30 chargeback fee loves that -- somebody gets a card stolen, submits 20 chargebacks, and they suddenly get $600 for free. It has always seemed a little ridiculous to me that credit card companies should make a profit when a card gets stolen. No wonder nobody prosecutes credit card theft.
VbV will eliminate your liabilty for fraud for all your Visa transactions regardless of cardholder enrollment.
MCSC only protects on enrolled cards but it helps out somewhat.
Combined they'll drop your fraud by probably 60%
Please note I'm speaking from a US merchant perspective. I understand the coverage ranges depending on your region outside of the US.