Welcome to WebmasterWorld Guest from 50.19.160.72

Forum Moderators: buckworks

Message Too Old, No Replies

Fraud Order Attempts!

     
4:09 pm on Jun 20, 2011 (gmt 0)

Preferred Member

5+ Year Member

joined:May 10, 2006
posts:591
votes: 0


Hi,

It just amazes me how many fraudulent attempts I receive from people trying to submit fraud orders on my website.

I use authorize.net as one of my payment methods, and I can see how many orders get declined due to fraud attempts.

I recently noticed this one guy who tried to place the same order 8 times in a row, and each time with a different credit card number. The order kept getting declined because each order he tried to submit came up with "no match on street or zip code".

Do you guys experience the same thing with fraud order attempts?

I really wish there could be something done to put a stop to this; I wish Dateline did a special on "how to catch an online ecommerce fraudster"...haha.

olimits7
6:39 pm on June 20, 2011 (gmt 0)

Junior Member

5+ Year Member

joined:Apr 18, 2007
posts:115
votes: 0


We don't provide the customer with the response
6:47 pm on June 20, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 23, 2005
posts: 1076
votes: 0


I get this periodically. Last week someone tried to place an order from a server in Iraq, then one in the UK two minutes later, then back to Iraq, six attempts in a row, all going to places like Dubai, Jordan, UAE, etc. Then two weeks ago I had a $650 order from someone with a billing address in Chile, shipping address a Miami forwarder, ordering from Canadian ip, and calling from cellphone in CA. This person actually called me repeatedly as well, wanting to know if I would accept (phoney) money order or Western Union or would I overnight it or could she come and pick it up in person (from 500 miles away). And then there are the "I will like to order" emails. I could create a fraud filter just based on the phrase "I will like to order." I often write back "I will like to know why you will like to steal from me."
11:29 pm on June 20, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:June 25, 2007
posts:1062
votes: 0


lol... I know, it's funny. All the effort they make... You'd think proper English would be first on the list, but I guess not.
1:50 pm on June 21, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:June 20, 2006
posts:1878
votes: 5


We don't provide the customer with the response

olimits7, Realbrisk said something important here.

if they are submitting over and over again with different card numbers, rest assured they're using your cart as a test bed for their stolen cards.
4:41 pm on June 21, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member planet13 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:June 16, 2010
posts:3796
votes: 28


I know that on my shopping cart you can make a limit of, for example, three declined attempts, before that user will be unable to submit again for a designated period of time (say, 15 minutes).

You should see if your ecommerce platform has something similar.
8:56 pm on June 21, 2011 (gmt 0)

Preferred Member

5+ Year Member

joined:May 10, 2006
posts:591
votes: 0


Thanks for the replies!

I don't provide my customer with a detailed reply of why their credit card was declined (no avs/ccv response); all my website responds with is something like "the credit card used was declined, please try a different payment method"...which I think is the norm with most websites.

That's a good thing to look into; does anyone know if Authorize.Net offers a feature like this to limit the number of declined attempts from the same user or is this something my shopping cart needs to have in place?

olimits7
9:05 pm on June 21, 2011 (gmt 0)

Junior Member

5+ Year Member

joined:Apr 18, 2007
posts:115
votes: 0


Did you check out Authorize.Nets Fraud detection suit
9:31 pm on June 21, 2011 (gmt 0)

Preferred Member

5+ Year Member

joined:May 10, 2006
posts:591
votes: 0


Hi, yes...just got done talking to them and i can have this feature by adding the AFDS; which is great!
9:49 pm on June 21, 2011 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14624
votes: 88


I recently noticed this one guy who tried to place the same order 8 times in a row, and each time with a different credit card number. The order kept getting declined because each order he tried to submit came up with "no match on street or zip code".


I've seen some nasty order attacks and you pay a fee for each attempt. Customers get a cut-off at about 10-15 attempts so they don't bankrupt me with transaction fees and 5 card # changes gets the axe as well.

I also pre-screen transactions and test the IP against the address and if the country doesn't match I dump it before calling the gateway. The GEO-IP services work OK for most IPs but obviously fails miserably on wireless broadband transactions.

Just a couple of tricks to play to save some fees

I don't provide the decline reason either, I offer them Paypal ;)
5:20 am on June 22, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member planet13 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:June 16, 2010
posts:3796
votes: 28


Also, one thing about the cart I use also has recaptcha set up on a velocity filter, so if they keep switching from IP to IP (and they aren't being tracked by cookies), if enough declines by any customers come in within a predefined time, then the recaptcha kicks in for like ten minutes or so.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members