Welcome to WebmasterWorld Guest from 54.167.175.107

Forum Moderators: buckworks

Fraud Order Attempts!

   
4:09 pm on Jun 20, 2011 (gmt 0)

5+ Year Member



Hi,

It just amazes me how many fraudulent attempts I receive from people trying to submit fraud orders on my website.

I use authorize.net as one of my payment methods, and I can see how many orders get declined due to fraud attempts.

I recently noticed this one guy who tried to place the same order 8 times in a row, and each time with a different credit card number. The order kept getting declined because each order he tried to submit came up with "no match on street or zip code".

Do you guys experience the same thing with fraud order attempts?

I really wish there could be something done to put a stop to this; I wish Dateline did a special on "how to catch an online ecommerce fraudster"...haha.

olimits7
6:39 pm on Jun 20, 2011 (gmt 0)

5+ Year Member



We don't provide the customer with the response
6:47 pm on Jun 20, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I get this periodically. Last week someone tried to place an order from a server in Iraq, then one in the UK two minutes later, then back to Iraq, six attempts in a row, all going to places like Dubai, Jordan, UAE, etc. Then two weeks ago I had a $650 order from someone with a billing address in Chile, shipping address a Miami forwarder, ordering from Canadian ip, and calling from cellphone in CA. This person actually called me repeatedly as well, wanting to know if I would accept (phoney) money order or Western Union or would I overnight it or could she come and pick it up in person (from 500 miles away). And then there are the "I will like to order" emails. I could create a fraud filter just based on the phrase "I will like to order." I often write back "I will like to know why you will like to steal from me."
11:29 pm on Jun 20, 2011 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



lol... I know, it's funny. All the effort they make... You'd think proper English would be first on the list, but I guess not.
1:50 pm on Jun 21, 2011 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



We don't provide the customer with the response

olimits7, Realbrisk said something important here.

if they are submitting over and over again with different card numbers, rest assured they're using your cart as a test bed for their stolen cards.
4:41 pm on Jun 21, 2011 (gmt 0)

WebmasterWorld Senior Member planet13 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



I know that on my shopping cart you can make a limit of, for example, three declined attempts, before that user will be unable to submit again for a designated period of time (say, 15 minutes).

You should see if your ecommerce platform has something similar.
8:56 pm on Jun 21, 2011 (gmt 0)

5+ Year Member



Thanks for the replies!

I don't provide my customer with a detailed reply of why their credit card was declined (no avs/ccv response); all my website responds with is something like "the credit card used was declined, please try a different payment method"...which I think is the norm with most websites.

That's a good thing to look into; does anyone know if Authorize.Net offers a feature like this to limit the number of declined attempts from the same user or is this something my shopping cart needs to have in place?

olimits7
9:05 pm on Jun 21, 2011 (gmt 0)

5+ Year Member



Did you check out Authorize.Nets Fraud detection suit
9:31 pm on Jun 21, 2011 (gmt 0)

5+ Year Member



Hi, yes...just got done talking to them and i can have this feature by adding the AFDS; which is great!
9:49 pm on Jun 21, 2011 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



I recently noticed this one guy who tried to place the same order 8 times in a row, and each time with a different credit card number. The order kept getting declined because each order he tried to submit came up with "no match on street or zip code".


I've seen some nasty order attacks and you pay a fee for each attempt. Customers get a cut-off at about 10-15 attempts so they don't bankrupt me with transaction fees and 5 card # changes gets the axe as well.

I also pre-screen transactions and test the IP against the address and if the country doesn't match I dump it before calling the gateway. The GEO-IP services work OK for most IPs but obviously fails miserably on wireless broadband transactions.

Just a couple of tricks to play to save some fees

I don't provide the decline reason either, I offer them Paypal ;)
5:20 am on Jun 22, 2011 (gmt 0)

WebmasterWorld Senior Member planet13 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



Also, one thing about the cart I use also has recaptcha set up on a velocity filter, so if they keep switching from IP to IP (and they aren't being tracked by cookies), if enough declines by any customers come in within a predefined time, then the recaptcha kicks in for like ten minutes or so.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month