It all depends on what you are selling.

If you receive an order and it makes you feel funny, do more testing. A lot of them want the product now, now, now! They order a lot in hopes that people will get greedy.

Email the customer. Did it come back with somewhat the same IP address? For example, we had a hosting client sign up. The IP address was issued to an ISP in the UK. When he replied back, that IP address was issued to a company in Canada (within about 10 minutes). Now I am the world's worst on geography, but I do know that you cannot make it from the UK to Canada in 10 minutes.

Maybe ask them to fax the credit card number to you along with an ID? Also, does the biling address match? Are you shipping the products to the same address? Does the IP address match the address? Does the phone number match the address?

-Corey

For foreign cards, I use Maxmind. It has a paradigm that calculates the probability of fraud. I think it is a bit lax, but it has helped, and it's free.

If I still feel suspicious, I ask them for the bank phone number off the back of the card. If they give it to me, I usually process the order. Sometimes I actually call the bank or I will go online and look to see if the phone number matches that of the bank. Depends on how big the order is. I have one for $300 right now that I will be calling on, although I am pretty sure it is okay.

For US cards, I use authorizenet's fraud suite, which is overpriced but cuts out those idiots who sit there and input random numbers. I have my settings so that much goes through that others might reject, like no match on Avs. If no match, I look at the order. Certain items attract thieves. I have gradually been getting rid of those items. If a no-match is for a thief-attractant or comes from an email address that uses so-called haxor lettering or reads like something made up by a teenaged boy who considers himself a badass, I usually send them a boilerplate email about how the billing address they have given does not match the billing address the bank has on file for this card and they should contract their bank, sorry for the inconvenience but I must void this transaction, etc., etc. I get a lot from a person's screen-name.

If the avs is no match, it looks like a real person and is not for suspicious items but I still feel suspicious, I will check the info they have given in the White Pages. Bad thing about that is it takes a lot of time and they don't have cell numbers plus half the time it just doesn't work right. If I get no matches there or contradictory information, I have to decide if I want to put the charge through anyhow, just void it with a boilerplate email, or ask them for the 800-number off the back of the card. I do that sometimes, but actually I put most no-matches through and have had no chargebacks (no evil eye) for two years now. People often get suspicious when I ask for the 800-number, and so I will explain to them exactly why I need to do it. I don't feel there is any alternative.

I have gotten to the point where I don't mention overnighting anywhere on my site and I discourage it if people ask for it. I usually only do it if it is a business.

Lately I have been getting more and more emails that are more sophisticated than the usual "I want your products do you overnite to Lagos?" I have mentioned some of them here.

The most recent was a fellow wanting to know if I could send him a large order to the Bahamas if he wired me the money through Western Union. I told him I had to call Western Union and check because I did not have a business account with them and that I would call him back. I didn't call him back and have not heard from him again. So from now on, all people who want to use Western Union will set off an alarm for me. In fact, I have had only two people use it in four years, both in Italy.

Also of course I do not accept foreign money orders or foreign check even if they are in US dollars. This is actually because my bank charges me a $12 fee to cash them, which I have on the site, but it also cuts down substantially on fraud. For foreign orders that want to use a money order, I take only Western Union money orders. I have not heard about any fraud with their mos.

I don't accept any wire transfers to my bank.

I do have foreign customers who send cash in US dollars (I even used to take any kind of cash before my bank got all cranky about it). If someone is from another country so I can't use AVS and they sound iffy, I tell them that they can pay in cash by registered mail.

You should be suspicious when you recieve order for very expensive offer of large amount, without proper billing address etc, also you should have general awarness from those geographical areas from large fraud orders are being originated.

However I think by adding a message on your site that “We screen diligently for credit card fraud" may be enough to cut fraud attempts atleast fifty percent.

I usually send them a boilerplate email about how the billing address they have given does not match the billing address the bank has on file for this card and they should contract their bank, sorry for the inconvenience but I must void this transaction, etc., etc.

If I decide something is fraud, I will just ignore it. (providing that an actual card isn't charged.)

This way, it eats up more of the thief's time and brain power - checking on the order, waiting on the order, wondering about the order, writing about the order. If someone writes, I respond to it. Fraudsters typically don't write to find out why their fraud order didn't go through.

This is a good idea but few chances is there probably you miss few “genuine orders” if particular customer is really an ignorant one.

We insist on wire transfers for international orders that are large or suspicious.

We set up a bank account only to receive wire transfers. There's no checks, overdraft, or any of that on there. We immediately transfer out any money we receive into the account leaving no more than $25 to keep it active.

This is a good idea but few chances is there probably you miss few “genuine orders” if particular customer is really an ignorant one.

Agreed.

It's a better idea if you're selling cheap widgets and can only spend a little time on each one. A fraud order and an ignorant customer can both be costly timewise. (especially if you're selling something like hosting, or other digital service.)

Oneguy, "If you consider an ignorant customer can be costly timewise". I simply don't agree with you, as far as on my experience, most of the customers are entering to this business from the age of 13 or say below 18, they're obviously much ignorant, if you consider they're costly timewise, most of the people will not agree with you.
Can you shed some light on this quotation from Gandhi, people are thinking now that he was also a top marketing consultant as well.
"A customer is the most important visitor on our premises. he is not dependent on us. We are dependent on him. He is not an interruption in our work. He is the purpose of it. He is not an outsider in our business. He is part of it. We are not doing him a favor by serving him. He is doing us a favor by giving us an opportunity to do so."

It's an opportunity cost issue. I don't really care how old people are. I have X hours per day to find a way to feed myself. If customer Y is paying me $5.00 per day and takes 8 hours of work to support, it wouldn't be a good deal for me. Ghandi, I'm not.

I don't accept any wire transfers to my bank.

This is one I'd really like to understand.
Why not?
If a wire arrives into your bank account, the money's irretrievably, irreversibly yours as cash, right? Sender can never get it back. In other words, could someone please clarify what possible dangers could exist in accepting wire transfers for payment?

Regarding Nigeria, Indonesia, Singapore, et al:
One step we took was to simply eliminate these from the country scroll-list for creating a new account. Nigeria's just not an available option. I have zero regrets for any honest Nigerian or Ghanaian business I might be leaving behind on the table by doing so...

We also advise during checkout, when credit card info is entered, that addresses are verified and that a mismatch of credit card billing address vs. ship-to address may cause rejection. So far so good. Only one chargeback in 2 years, despite high $ volume. And that chargeback was a domestic USA fraud involving members of the same family, using auntie's card without authorization.

The best ways to detect fraud are to ask a lot of questions in your online order process. These people are liers and we need to try to catch them in a lie, catch them making mistakes; and then flag it as fraud or suspicious order.
Secondly They will generally try one card and if that fails, move on to another card, check it from a call center decline code, as this generally means the card account they used has been closed for fraud hence no further order attempts from that person should be allowed.

However we should work together and share information to combat online fraud.

A wire transfer is not irreversibly yours, even if you remove the money from your account. Consider it to be the same as a check. The bank will always get their money first. They don't give a damn about you or the guy who sent the fraudulent wire (or bad check). They are out the money, and they will make you pay for it, because the other guy is long gone, so they can't get it from him, and the other bank is going to demand the money from your bank. Your account will go into overdraft, for a start. If you have other accounts with them, they will remove it from there. If you don't, they will wreck your credit and take you to court. And it doesn't matter if you wait, either. I have seen time lapses of 3 months with the originating bank then turning around and demanding the money back because the transfer was based on something fraudulent. I spoke to my bank about this at length and decided against accepting wire transfers for this very reason. There is just no guarantee. Not worth it.

If I were dealing with large amounts generally and with established companies, then it would be a different matter. Even then, though, I would have to ensure to my own satisfaction that the account the money was being sent from and/or the company itself had been in existence for some time. Too many ripoffs have found wire transfers to be an easy way to scam people.

[webmasterworld.com...]
See above for a discussion on this. Our bank says the money cannot be taken back. Why do you say this? Where on the net (an article, etc.) can you show me that this is true? I'm not challenging you in a mean spirited way - just trying to find out the truth so I can adjust my policies if you are right. We set up a separate account just for wire transfers - then when we feel someone is trying to scam us or we are just not sure we ask them to wire the money. This has saved us from losing many sales - we get a few per month and have not had any takebacks *yet*

Okay, I read that thread. Only one person spoke to the situation of the sending bank trying to recover funds that were sent due to a fraudulent instrument, like a bogus money order or phoney cashier's check, and that individual posted a warning. Everyone else was talking about normal wires. Nobody on the thread had actual personal experience of receiving a fraudulent wire. I have seen posts on here from people whose accounts ended up thousands of dollars overdrawn because they had received a fraudulent wire transfer and their bank wanted the money back, but I cannot find them because the search doesn't work. It would be good if someone who has had the actual experience of receiving a fraudulent wire could post in this thread.

Originally I asked my bank about wire transfers because I was concerned about my recourse if I paid for something by wire and they didn't give it to me. The bank said they could ask the receiving bank for the money back, but the receiving bank was not obliged to repay it. So far this fits with what the thread mentioned above says.

BUT, according to my bank, if someone paid me with a fraudulent instrument, it was a different story (because of what I think of as "the devil take the hindmost" principle). The recipient bank would have to refund the money to the sending bank, because banks always take care of each first and their customers second. How else could they do business? They are in a network, and they can't do anything that would mean they were shunned by that network, unless they are planning to go out of business (or they are crooked offshore banks that are on the fringes of the network anyhow). The recipient bank would want to get their money back, and the only way that would happen is to get it from the person who had received actual cash - you (the hindmost in this case). Even if you took the money out of your account and spent it immediately, you would still have to give it back to your own bank. Why should you get the benefit of a fraud, even if you sent merchandise out on account of it? Do you get the money back if you accept counterfeit money for a transaction? Do you get the money back if you accept a bad check? Do you get the money back if you accept a phoney money order? The bank is never going to be out the money, period. Their words to me were: "The bank always pays itself first." Second it pays other banks. We customers are dead last.

I am in the US. My bank is a national bank. This is what they told me. It could be that other US banks have a different practice, but I doubt it. Anyway, I hope some people who have had the misfortune to receive a fraudulent wire will post about it here. I would like to get some verification either way.

Yes, has anyone receive a fraudulant money transfer? I have talked to the first line customer service employees and of course they say I keep the money but I wonder what someone in upper maqnagement would say is the real truth. My freshly minted sister in law is a bank manager at a major bank - I'll ask her the next time I see her and report back to this thread :-)

I couldn't wait - I called and asked her. She said that there is no way for someone to take back the money unless you the recipient authorize it. The exception to the rule would be the U.S. government such as the IRS. Now this is her bank so you never know...