Welcome to WebmasterWorld Guest from 22.214.171.124
Forum Moderators: buckworks
Types of Suspicious Behavior
·Customer doesn't know the Cardmember ID (CID) found on the back of the Card, indicating that they don't have the actual Card
·Customer asks that you try lower dollar amounts when a decline message is received
·Customer instructs you to try different expiration dates when initial attempts fail
·Customer hesitates, or has a long pause, when asked for personal information
·Customer repeatedly sends e-mail messages requesting confirmation of shipment
·New customer attempts to make a very large credit card transaction
·Customer attempts to place a large order using several credit cards to obtain the total authorization amount
·Customer requests that sales be split up to avoid paying "import taxes" and/or "duty fees"
·Customer attempts to purchase large quantities of a single item
·Customer seems overly concerned about delivery time frames to overseas destinations
·Customer offers the phone number to an authorization center to speed up the credit card approval process
·Customer has little regard for price
·Customer purchases several large-ticket items, which do not go together, e.g., appear random
·Customer calls a few minutes before closing and wants several large-ticket items
·Customer shows little or no concern for return policies, manufacturer warranties and/or rebates when purchasing in large quantities
-Customer calls same day of order wanting status or repeated calls within 24-48 hours.
-Customer wants to use their own shipping account number.
-Customer is in indonesia (although since the tsunami we have had no requests)
-IP address shows different general location
-Customer sends a postal money orders (there has been a rash of fake ones and you can call the post office to verify the number)
-Credit card checks (these are often stolen)
-Discover Cards.. did you know if you do not CALL Discover and verify verbally that the billing address is valid that you are not covered for any potential charge back... no matter what your billing address confirmation shows.
We do ship internationally and to be frank .. the most frauds outside the US have been from Canada and England (no offense guys). Indonesia and Nigeria are a give-in.
Oh and if you do ship out of the US do not use Fedex.. they do not collect the duty fees and you can get a bill for their taxes if they dont pay (after the delivery they send the customer a bill.. they usually do not pay).
Also with Fedex make sure your fedex account states that the customer CANNOT change the shipping desitination. Some frauders are actually shipping to the confirmed billing address then calling fedex and having it re-routed. Not only will you get ripped off, but you will have a destination change fee on top of it.
most of the standard red flags have been listed above. watch out for weird ordering patterns. For example, someone who places multiple orders in one day or even one order each day. This stands out because usually by doing this they have to pay more in shipping which is a red flag. CAPS and lowercase are definitely a red flag, this usually indicates someone is entering multiple orders repeatedly on various sites. Fraud is a numbers game. They expect a certain amount of orders to be cancelled so the more they place the more chance they have of some shipping.
Geo location with the ip addy is of course helpful. I think everyone knows by now whatt he bad countries are. I've noticed A LOT of fraud orders with satellite ip addresses. Be very leery of those. If their using a proxy/anonymizer that is also a red flag. There are some firewalls that incorporate anonymizers and also just paranoid people who use them but its kind of like someone going into a store with a mask on. They are hiding their identity/location for some reason. Could be paranoia and security but its more likely for other reasons.
As stated above, the merchandise definitely plays a big part. Books or DVDs are very low risk. Freight shipped items like treadmills or basketball goals are low risk due to the hassle of delivery. Hard to stay udner the radar having a freight truck unload a huge item. Billing phone #'s not associated with the billing state are a red flag. Odd domain names that do not have a site up or just an udnercontruction splage. Orders with ip addresses to earthlink or AOL but the customer uses a freemail like gmail or another freemail service.
List of suspicious e-mail domains seen on a lot of fraud orders:
And I see a lot of fraud w/ gmail. I've been doing this for a while now, and I work for a very large company, only second to Amazon so if you all ahve any Q's, let me know!
Keep in mind it can happen anywhere. There are oganized crime groups involved with most of the fraud going on. They will set up a "temporary" apartment to receive goods, then abandon the place after they have stolen enough to make it worth while. Then move on to the next location. <this is the method the use in the USA and Canada it seems>
Unfortunately, Nigeria and Indonesia are "no ship" places for us too.
However, I am worry about the tremendous amount of fraud that has occurred and would like to know more input and information so I can prevent this from happening to my company.
Thanks to all the information that everyone has provided, additional information is always appreciated.
Not at all.
Our fraud attempt breakdown is about 85% West Africa , 5% West African names in other places, 5% Indonesia. 2% Nigerian wannabees. 3% others, including USA transshipping scam attempts.
I can't recall a single scam attempt from Canada.
BTW, we haven't lost a penny to online fraud in years. It's really a minor, but interesting, issue.
I can however it was encouraged by me. I was playing along with a Nigerian scam to waste their time during our slow season. They actually Fed Ex'd a bogus $65 000 cheque which came from a Canadian address. I think the scammers in Nigeria simply have "franchisee's" here in North America to do their bidding.
Good Times :-)
Again, none taken.
My experience (UK ecommerce site) the breakdown is 90% of fraud attempts are shipping to London, 10% to Amsterdam (though it's actually been a while since we had one from Amsterdam).
I've never had a fraudulent attempt from a UK location outside London (yet).
Then again, I work for a small company, so others in the UK may have a different take on things.
2) Reject any transaction where AVS = N. Has virtually eliminated fraud.
3) Provide your int'l customer a tracking number and hold your outgoing package a few days. If the int'l customer immediately places another order, most likely fraud.
Monitor the IP address, but ask for country of residence and nationality.
Also get the card holders address (same as card registration).
The check on the email address (unique mail, other then hotmail etc.)
If all matches order can be valid.
As I mentioned in other threads, all customers CAN dispute sig. not present payments, regardless of amount.
This means that potentially ALL online purchases pose a liability (where no sig. has been received).
Even payments where the order has been shipped to the customers doorstep, can be disputed.
Travel: Airlines are hard hit. The booker utilizes the ticket, he/she can dispute and will win!
^^you will lose a lot of legit business by doing that. AVS should always be considered but there are many circumstances that an order could fail AVS and still be good. The customer may have moved and their issuing bank did not update with visa/mc or maybe they updated but there was a data entry error.
Last month we got hit for 2 fraud orders both had the correct information for billing both were around 125 both had them sending the order to another address.
Differeent weeks both American expresss cards.
We have now begun checking the phone numbers as well as they were incorrect on them so they had all the billing but no phone number.
Crooks are going after smaller orders but I would bet more of them shippping at the same time so in effect they slip under the radar but get just as much but dont get caught as often so in effect really get more.
Also, consider using a Web Service that evaluates fraud risk for you. Try a Web search for "Credit Card Fraud Detection Web Service" to find one.
You may be right. We do have a phone number so some customers do call us when they run into this issue.
When I did not have AVS = N, criminals would use my shopping cart to test out credit card validity. While its not a big cost for my payment gateway service, it was laborious to void fraudulent transactions.