Welcome to WebmasterWorld Guest from 54.166.211.248

Forum Moderators: buckworks

Message Too Old, No Replies

Preventing CC Fraud

Preventing CC Fraud

     
7:24 am on Aug 3, 2003 (gmt 0)

New User

10+ Year Member

joined:July 19, 2003
posts:32
votes: 0


Hi guys,

We all know the obvious when dealing with international CC's but was wondering wat everyone else is doing to double check if an order is not a fraudulent one.

I am familiar with calling the customer. But what is the best way to get hold of the correct phone number?

How about getting a copy of the CC statement faxed over?

Does anyone have any tips? Me and I'm sure lots more like me would apreciate it!

Thankee ....

Saskia

10:09 am on Aug 3, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member essex_boy is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:May 19, 2003
posts:3186
votes: 4


Id never fax my CC statement to someone id just cancel the order.

CC fraud is a big problem but I dont lose any sleep over it, if yoususpect a card is a fraud then ask them to send you a cheque.

10:13 am on Aug 3, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:July 3, 2002
posts:82
votes: 0


I currently accept credit cards through Paypal and if the address is unverified I send them a polite email saying that it's against company policy to ship to an unverified address. 7 times out of 10 they verify their address. I know it doesn't protect me fully from chargebacks but it helps.
3:37 pm on Aug 3, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:May 14, 2003
posts:93
votes: 0


Make sure you require a signature on delivery, get the 3 digit secutiry code from the back of the card, make sure the address verifies and that's about all you can do. You can still get nailed by fraudsters even with those in place, but it the best way to go short of making them fax in an authorization, which will kill your conversion rates.
1:09 am on Aug 4, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:June 6, 2003
posts:162
votes: 0


Most banks will verify the phone number along with the rest of the address. They'll only give a 'yes' or 'no' answer so you have to get the phone number from the customer.
9:47 pm on Aug 4, 2003 (gmt 0)

New User

10+ Year Member

joined:July 19, 2003
posts:32
votes: 0


Thank you,

But the thing is that my company is based in the USA though I only deal with customers from outside the USA.

So paypal or cheque is out of the question, card # verification only works with visa and mastercard with my particular merchant-gateway account.

I know its a tough one and just want to make sure I do the best I can not to get nailed.

Sas

9:50 pm on Aug 4, 2003 (gmt 0)

Administrator from CA 

WebmasterWorld Administrator bakedjake is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 8, 2003
posts:3878
votes: 57


We run into a lot of international fraud on a e-commerce site we manage.

Even though you can only do CIDs on Visa/MC with your processor, DO THEM. It will cut a significant amount of fraud out. We also have a client that will only ship international to the billing address: No exceptions. I don't know if that is doable for your business, but it's something to consider.

And, this goes without saying, but make sure you're verifying the full billing address instead of just the number/expiration.

10:36 pm on Aug 4, 2003 (gmt 0)

New User

10+ Year Member

joined:July 19, 2003
posts:32
votes: 0


Thank you for that info,

I actually spoke to my merchant account rep and was told that the AVS checking system does not always work properly for International addresses as some foreign banks don't support it. So that kind of cuts that out. The card verification # is indeed a valuable tool.

Was wondering if any of yu have experience making phonecalls to the alledged International card holder to verify?

12:10 am on Aug 5, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 1, 2003
posts:668
votes: 0


In our experience (we have a lot!). Most fraud attempts are made using stolen/hacked credit cards issued by a US bank for shipment to a developing country. It is extremely useful if your payment gateway will let you know whether the country of the invoice country matches that of the country of the issuing bank.

We have lost so much sleep over this that we now use Worldpay with their guarrantee scheme against chargebacks. it costs 1% extra and another fee at 20 GBP per month. Althougth our chargeback rate is less than 0.5% now, we felt that it is well worth it.

3:40 am on Aug 6, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 16, 2002
posts:794
votes: 0


Call the customer and ask them for their credit card details if you don't already have them.

Ask them to flip over the card and give you the customer service telephone number too. (or you can figure it out from the first 6-digits if you're smart) :) Call the bank and tell them you want to do an address / telephone verification.

I know most UK banks will not do this. Mexico and many other countries do, it all depends I guess. Once they verify the phone number is accurate you can be pretty sure that when you call that number you're talking to the real credit card holder.

If they won't verify it for you, tell your customer their bank won't allow you to verify it and they'll have to come up with other payment arrangements.

Or you can charge them 2 random amounts between $0.01 and $1.00, and have them verify with their bank the amounts they were billed. That way the only way to get it right by fluke is a 1/10,000 chance :)

11:40 pm on Aug 7, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:Jan 29, 2002
posts:70
votes: 0


In our experience (we have a lot!). Most fraud attempts are made using stolen/hacked credit cards issued by a US bank for shipment to a developing country. It is extremely useful if your payment gateway will let you know whether the country of the invoice country matches that of the country of the issuing bank.

That's a good one. Checking the issuing bank location and IP address of the customer can also help weed out bad orders.

Sometimes a US citizen has valid reasons for having an overseas address, but many times, you can weed out fraudulent orders.

Also, just sending an email asking for verification helps as well. When an order is suspect, I send out a standard form email asking for verification of the address (saying we couldn't verify it). Honest people respond, fraudsters do not.

Also, even though the fees are higher, maybe you want to PUSH for AmEx. At least it's only one place to call for verification. It's not like you're staying up until midnight to call Europe during business hours or something. AmEx does have a flat fee billing plan, I think it's $5 a month if you're processing less than $X,XXX AmEx. I don't remember exactly.

marca

5:39 am on Aug 17, 2003 (gmt 0)

Inactive Member
Account Expired

 
 


Hi Guys!

(first post)

I make a small-business e-com site in Canada and we're also trying to deal with fraud attempts.

So far, they're not too difficult to tell, most follow the same pattern: large orders, overseas, different shipping and billing adresses and hotmail or yahoo account... But we're getting more and more.

We want to establish a special policy for overseas orders. Requesting a fax copy and signature may hurt the conversion rate, but we would apply this only to overseas orders and offer the choice of using Paypal instead. Requesting a signature at delivery also looks like a good idea.

We don't use real-time processing, because it doesn't seem to do much in terms of covering the merchant. I understand that it helps a lot in reducing the number of fraud attempts that you get in the first place. But you still have to validate orders and certainly cancel some of them. Isn't it even more troublesome because you're then dealing with a transaction already processed at the bank / credit card company?

12:19 pm on Aug 17, 2003 (gmt 0)

New User

10+ Year Member

joined:July 19, 2003
posts:32
votes: 0


Thank you born2drv!

Your suggestion to charge two small amounts and have the customer verify that amount is an excellent idea!

I feel that that is the most simple and effective way to verify and order.

Thank you!

Sas

4:59 pm on Aug 17, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:Jan 29, 2002
posts:70
votes: 0


We don't use real-time processing, because it doesn't seem to do much in terms of covering the merchant. I understand that it helps a lot in reducing the number of fraud attempts that you get in the first place. But you still have to validate orders and certainly cancel some of them. Isn't it even more troublesome because you're then dealing with a transaction already processed at the bank / credit card company?

When you set your gateway preferences, you have a choice between authorization only or authorization AND simultaneous settlement. With auth only the charges are in a "pending" phase until you manually settle them. That's were you can weed out fraudulent orders. If you have authorization AND charge, then, you'd have to void those transactions before the batch settles (if done automatically) or before you settle the batch.

6:55 am on Aug 28, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:Aug 26, 2002
posts:122
votes: 0


I just stumbled on this page, try it
[gamutphonecards.com...]
8:45 am on Aug 28, 2003 (gmt 0)

New User

10+ Year Member

joined:July 19, 2003
posts:32
votes: 0


Thanks Night Hawk,

that is a great tool. Will look at it more in-depht when I get a little more time today and put it to the test!

Thanks again

Saskai

squiggles

12:57 am on Oct 4, 2003 (gmt 0)

Inactive Member
Account Expired

 
 


HI TAKE A GUESS WHY IM HERE!? I'LL TELL YOU- SOMEBODY FROM WEBMASTER WORLD STOLE MY CC# TO PURCHASE A ONLINE CASINO-GAMBLING SITE! WELL IN THE HUNDREDS! WISH I RUN INTO HIM/HER!