Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: buckworks
I had one a couple of weeks ago for $500. The card holder's name, address and phone all checked out. He wanted the item shipped to him in another state. I should have checked to see what association that other address had with him (second home, workplace, relative, etc), but didn't. I just assumed that it was ok, because everything else checked out.
Wrong. His card was stolen, and the thieves charged thousands of dollars of merchandise all over the internet.
I have an address the item was shipped to, and confirmation that it was delivered. That's it. I'm out $500.
I take every precaution (or I thought I did) to guard against fraud. I do name and address verifications on every credit card transaction, even if it's $30.
Did your online store get the CVS code from the CC and process it?
If not, you're going to be an ongoing target.
Did you confirm the GeoIP and phone #?
Typically the fraudsters IP address will be for a different city state or country.
Thanks to cell phones and many people opting out of land lines these days it's harder than it used to be to match a phone # to a physical address.
Then next problem cell phones cause is if they order off their cell phone the GeoIP is always the same coming from the cell company itself.
What will have to be required in the near future is that the credit card company can validate that the CC belongs to a specific phone number.
Phone #s are now portable and everyone has caller ID so there's really no reason not to start using the inbound phone # in the same way AVS is used today.
The fact was that your customer answered the phone and confirmed the order, have you ever tried that phone number again?
My shopping cart doesn't process the card. I do, after verifying the customer. My mistake in this order was to not check the cell phone and the shipping address.
My shopping cart doesn't process the card. I do, after verifying the customer.
Then I take it your answer to using the CVS on the CC is no because you aren't allowed to store that number so manually post processing the charge opened you up to another vulnerability.
You should always allow your cart to do a minimum of pre-auth of the sale because there are some criteria such as CVS, IP, email address and ship-to address abuses they may catch which won't happen when you manually process a charge.
At a minimum, if they used the card in multiple places, your pre-auth might've triggered another fraud charge to be rejected elsewhere and then it would refuse to book the sale when you tried to complete it.
Sometimes we can easily out smart ourselves by simply not letting the system do it's thing.
Is the order via telephone?
they do this to avoid the 3rd man security service like mastercaresecurecode or verified by visa
Is the order from someone with a nigerian accent?
in the 12 months we've been trading, approx 96% of fraudulent buying attempts have been from nigerian sounding people
Do they order large volumes?
They tend to chance too much by ordering 8 or 9 items at a time
Do they care what theyre ordering?
We get people calling asking to buy a bed... they have no idea what they want
will they only give you a mobile number?
If you call them back can they recite the details back to you without umming and erring
If deliverng elsewhere have you used 192 to check delivery address information?
if in doubt use 192 to find a landline number for the cardholder and give them a call
The phone number was a cell phone. However, the person who answered identified himself using the correct name.
Yesterday I received the "request for document transaction" paperwork. The charge is being disputed as fraud.
I called my card processing company and was told that, if the customer says he didn't order it, there's nothing I can do, including get back my merchandise.
I thought the merchant could at least get back what was shipped?
We just lost a 1k customer because he didn't want to sign for the package but FedEx won't leave a package if the insurance amount is over 500.00. This guy just didn't understand and blamed us for him having to go 20 miles to pick it up.
I told him there were other options but it was over. Oh well he will find the same thing from another merchant that tries to ship 1k in products to a home address without a signature.
Back on topic;
reason I ask is if it was over 500.00 they had to sign for the package.
I had an order yesterday for a $518 item. The billing address was a business, and the email address was a person at that business. However, the card holder has a different address. Supposedly the card holder is the owner of the business.
So, I called the credit card company and asked them to contact the card holder. No call back from him so far.
I got a call this morning from someone else at the company. He said he'd send a copy of their business license. I said that didn't make a difference, and asked that he have the card holder call the CC company. He said the owner was out of town and couldn't be reached. (C'mon, give me a break). I then suggested that someone else at the company put the item on his or her card. He said that would be against company rules.
Finally I just told him that I couldn't do the sale.
It almost seems as though I'm being targeted because I slipped up once. Maybe it's the same people. Or maybe there's a website for thieves that lists soft targets. ;)
You cannot make this stuff up.