Welcome to WebmasterWorld Guest from 126.96.36.199
Forum Moderators: buckworks
I had one a couple of weeks ago for $500. The card holder's name, address and phone all checked out. He wanted the item shipped to him in another state. I should have checked to see what association that other address had with him (second home, workplace, relative, etc), but didn't. I just assumed that it was ok, because everything else checked out.
Wrong. His card was stolen, and the thieves charged thousands of dollars of merchandise all over the internet.
I have an address the item was shipped to, and confirmation that it was delivered. That's it. I'm out $500.
At the opposite end of the money spectrum, here's a story about how much of an effort someone will go through to steal a lousy $10 from a merchant. This just happened within the last couple weeks:
Customer orders widget. Billing & shipping addresses are the same and all verified (normal practice). Billing name was different than shipping name (even though same address). Order ships and is delivered. Customer then calls ranting about a charge from us on her card and claims to have never ordered anything, denies knowing the billing name, and demands refund. She's outrageously rude (which is normal behavior for scammers trying to bluff). Call ends. Five minutes go by - we receive another call. This time she suddenly discovers the she has received merchandise and now begins a new cussing rant about the widget itself. We indicate that returning it for refund is no problem. Hangs up. We receive the package marked "returned to sender" which bills postage to us on a non-Priority package. We open the package... no widget (probably because the widget had already been opened and used).
Our summary is that the customer was calling and attempting to bluff her way to a refund... even though the card was not stolen and the transaction was not fraudluent. All that effort for 10 bucks. Sadly, few things are surprising anymore when it comes to how people plan to rip you off.
I once had a week that provided surprises in the mail each day. I received weight-loss programs, stop-smoking patches, male enhancement products, magazine subscriptions and a dozen other items all under $50.
Some scammer had got my credit card information and signed me up for all sorts of stuff. The product was all shipped to my billing address. I could never exactly figure out why it was done, what the scammer had to gain from it. VISA credited me back everything (even though it was less than $50 per item).
Same thing as happened to me so we won't ship until cardholder has been contacted...
I think we have caught 3-4 of these the last couple months. The fraud order has all the correct info but when we contact the card owner we find out it wasnt placed by them.
I really hate to call customers but, with this being the third time in two years that I've been burned, I guess I'll have to do that if the shipping address doesn't directly correlate to the customer's name.
...guy calls up and wants a bunch of ram fedexed...
None of the below behaviors are surprising, but over the last decade or so, we find that orders by scammers usually include some of the following:
1. Ship to different address
2. Ship expedited even if the price is outrageous
3. If comments are allowed on order, there is often a note about urgency
4. Often, there are follow-up emails expressing the urgency and/or notes about compromise just to get the order shipped
5. Communications often include rude or abrupt patterns
6. Something about their order is irregular. Sometimes it's the quantity of an item, combination of items, something selling out of season, etc. Something is breaking a pattern.
Some of these like #1 & #2 are part of regular everyday legit customers though, so it makes it tough to catch them. If we take #1-6 as a collection, we find they can work together to try to profile a scammer.
Aside from actual authorization security measures, I think #6 can be helpful on its own though for attempting to prevent a fraudulent order from shipping. For us, it's partially about our being familiar with our customers' shopping habits. Knowingly or not, experience at order acceptance and fullfillment has profiled a store's customer and sometimes instinct can tell you when something isn't right.
All that being said, we still get burned now and again, but I think experience has helped us keep the monetary loss minimized (especially on a per occurence basis).
Don't ever go out of your way to avoid customer contact. Most people appreciate it to know you're taking care of them.
Either you find out it is a good charge or fraud.
It won't be the scammer because you contacted the bank the card is drawn from and confirmed the cc phone number in the banking files and call only that number to ask the above question.
i'm pretty sure that my auth.net reports just tell me "Visa", not the bank. are you saying you can call Visa, without a full card number, and verify the card holder's phone number?
i was guessing you all meant you called to catch the obvious scammers, the one who either listed the actual owners phone or a dummy phone number.
Recently, for instance, I had a large order with a Canadian billing address shipping to Glasgow. Okay, that's within the realm of possibility. But:
The ip address was of a mobile phone in England.
The phone number of the billing address was located at a different address in Canada and under a different name.
No such person as the billing person seemed to exist in that city.
The shipping address on Google Earth was of a curry shop.
There was a delivery failure on the notifying email address--no such address.
So I figured that one was probably bogus. You might ask why I did not call the phone number given in the billing address. Because a) it wasn't located at the billing address and even if it was a cell phone, b) none of us has any assurance that the phone number given in the billing address actually belongs to the person who owns the card. As soon as you call a thief and ask "Is [customer's billing name] there?" they know they have a dupe on the line. One thing I have noticed. Thieves do not usually contact me about where their order is--only at the beginning, when they want it shipped now now now. Another giveaway. Sometimes I will hang on to an order like this just to see if the customer will contact me and what they say.
I end up wasting a lot of time checking this kind of thing. I wish there were some easier way, but with my setup, not that I know of. It is kind of frightening just how much "fraud prevention" is just plain gut instinct. Why aren't people with cards enraged about this?
joined:Dec 10, 2005
Why aren't people with cards enraged about this?
You can bet that if the credit cards were held liable for the costs, they would move VERY quickly to put better safeguards in place.
I am sure you can get the numbers call authorize.net and ask and then let me know.
Holy smokes I called them myself and yep your correct you can't get the numbers. How in the world can you do business like that. authorize.net is nutin but a go between you and the cc processor.
I can't see why someone would want to use a go between when you can get a merchant ID and go to the cc processors yourself.
I should add that I have it set up to authorize only. Then I decide whether I want to capture or not. That allows me time to decide if I think it's bogus or not. When I had it set to capture, I did get screwed a couple times.
[edited by: HRoth at 7:24 pm (utc) on Jan. 14, 2010]
Well, First Data looks like a payment gateway. They have a gateway charge, which authorize.net does also, depending on your processor. It looks like First Data incorporates the processors into themselves rather than standing separate, like authorize.net does. All this stuff is like one big shell game, IMO. :) Like a bunch of leeches.
You did used to be able to see the whole card number on authorize.net. Then it got so you could only see it if you downloaded a tab file. Then they got rid of that. It was a bother for me when I used to get recharges. Now I figured out how to do that on authorize.net, so I don't care.:)