Welcome to WebmasterWorld Guest from 54.145.144.101

Forum Moderators: buckworks

Message Too Old, No Replies

Preventing CC Fraud

Preventing CC Fraud

   
7:24 am on Aug 3, 2003 (gmt 0)

10+ Year Member



Hi guys,

We all know the obvious when dealing with international CC's but was wondering wat everyone else is doing to double check if an order is not a fraudulent one.

I am familiar with calling the customer. But what is the best way to get hold of the correct phone number?

How about getting a copy of the CC statement faxed over?

Does anyone have any tips? Me and I'm sure lots more like me would apreciate it!

Thankee ....

Saskia

10:09 am on Aug 3, 2003 (gmt 0)

WebmasterWorld Senior Member essex_boy is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Id never fax my CC statement to someone id just cancel the order.

CC fraud is a big problem but I dont lose any sleep over it, if yoususpect a card is a fraud then ask them to send you a cheque.

10:13 am on Aug 3, 2003 (gmt 0)

10+ Year Member



I currently accept credit cards through Paypal and if the address is unverified I send them a polite email saying that it's against company policy to ship to an unverified address. 7 times out of 10 they verify their address. I know it doesn't protect me fully from chargebacks but it helps.
3:37 pm on Aug 3, 2003 (gmt 0)

10+ Year Member



Make sure you require a signature on delivery, get the 3 digit secutiry code from the back of the card, make sure the address verifies and that's about all you can do. You can still get nailed by fraudsters even with those in place, but it the best way to go short of making them fax in an authorization, which will kill your conversion rates.
1:09 am on Aug 4, 2003 (gmt 0)

10+ Year Member



Most banks will verify the phone number along with the rest of the address. They'll only give a 'yes' or 'no' answer so you have to get the phone number from the customer.
9:47 pm on Aug 4, 2003 (gmt 0)

10+ Year Member



Thank you,

But the thing is that my company is based in the USA though I only deal with customers from outside the USA.

So paypal or cheque is out of the question, card # verification only works with visa and mastercard with my particular merchant-gateway account.

I know its a tough one and just want to make sure I do the best I can not to get nailed.

Sas

9:50 pm on Aug 4, 2003 (gmt 0)

WebmasterWorld Administrator bakedjake is a WebmasterWorld Top Contributor of All Time 10+ Year Member



We run into a lot of international fraud on a e-commerce site we manage.

Even though you can only do CIDs on Visa/MC with your processor, DO THEM. It will cut a significant amount of fraud out. We also have a client that will only ship international to the billing address: No exceptions. I don't know if that is doable for your business, but it's something to consider.

And, this goes without saying, but make sure you're verifying the full billing address instead of just the number/expiration.

10:36 pm on Aug 4, 2003 (gmt 0)

10+ Year Member



Thank you for that info,

I actually spoke to my merchant account rep and was told that the AVS checking system does not always work properly for International addresses as some foreign banks don't support it. So that kind of cuts that out. The card verification # is indeed a valuable tool.

Was wondering if any of yu have experience making phonecalls to the alledged International card holder to verify?

12:10 am on Aug 5, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



In our experience (we have a lot!). Most fraud attempts are made using stolen/hacked credit cards issued by a US bank for shipment to a developing country. It is extremely useful if your payment gateway will let you know whether the country of the invoice country matches that of the country of the issuing bank.

We have lost so much sleep over this that we now use Worldpay with their guarrantee scheme against chargebacks. it costs 1% extra and another fee at 20 GBP per month. Althougth our chargeback rate is less than 0.5% now, we felt that it is well worth it.

3:40 am on Aug 6, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Call the customer and ask them for their credit card details if you don't already have them.

Ask them to flip over the card and give you the customer service telephone number too. (or you can figure it out from the first 6-digits if you're smart) :) Call the bank and tell them you want to do an address / telephone verification.

I know most UK banks will not do this. Mexico and many other countries do, it all depends I guess. Once they verify the phone number is accurate you can be pretty sure that when you call that number you're talking to the real credit card holder.

If they won't verify it for you, tell your customer their bank won't allow you to verify it and they'll have to come up with other payment arrangements.

Or you can charge them 2 random amounts between $0.01 and $1.00, and have them verify with their bank the amounts they were billed. That way the only way to get it right by fluke is a 1/10,000 chance :)

11:40 pm on Aug 7, 2003 (gmt 0)

10+ Year Member



In our experience (we have a lot!). Most fraud attempts are made using stolen/hacked credit cards issued by a US bank for shipment to a developing country. It is extremely useful if your payment gateway will let you know whether the country of the invoice country matches that of the country of the issuing bank.

That's a good one. Checking the issuing bank location and IP address of the customer can also help weed out bad orders.

Sometimes a US citizen has valid reasons for having an overseas address, but many times, you can weed out fraudulent orders.

Also, just sending an email asking for verification helps as well. When an order is suspect, I send out a standard form email asking for verification of the address (saying we couldn't verify it). Honest people respond, fraudsters do not.

Also, even though the fees are higher, maybe you want to PUSH for AmEx. At least it's only one place to call for verification. It's not like you're staying up until midnight to call Europe during business hours or something. AmEx does have a flat fee billing plan, I think it's $5 a month if you're processing less than $X,XXX AmEx. I don't remember exactly.

5:39 am on Aug 17, 2003 (gmt 0)

10+ Year Member



Hi Guys!

(first post)

I make a small-business e-com site in Canada and we're also trying to deal with fraud attempts.

So far, they're not too difficult to tell, most follow the same pattern: large orders, overseas, different shipping and billing adresses and hotmail or yahoo account... But we're getting more and more.

We want to establish a special policy for overseas orders. Requesting a fax copy and signature may hurt the conversion rate, but we would apply this only to overseas orders and offer the choice of using Paypal instead. Requesting a signature at delivery also looks like a good idea.

We don't use real-time processing, because it doesn't seem to do much in terms of covering the merchant. I understand that it helps a lot in reducing the number of fraud attempts that you get in the first place. But you still have to validate orders and certainly cancel some of them. Isn't it even more troublesome because you're then dealing with a transaction already processed at the bank / credit card company?

12:19 pm on Aug 17, 2003 (gmt 0)

10+ Year Member



Thank you born2drv!

Your suggestion to charge two small amounts and have the customer verify that amount is an excellent idea!

I feel that that is the most simple and effective way to verify and order.

Thank you!

Sas

4:59 pm on Aug 17, 2003 (gmt 0)

10+ Year Member



We don't use real-time processing, because it doesn't seem to do much in terms of covering the merchant. I understand that it helps a lot in reducing the number of fraud attempts that you get in the first place. But you still have to validate orders and certainly cancel some of them. Isn't it even more troublesome because you're then dealing with a transaction already processed at the bank / credit card company?

When you set your gateway preferences, you have a choice between authorization only or authorization AND simultaneous settlement. With auth only the charges are in a "pending" phase until you manually settle them. That's were you can weed out fraudulent orders. If you have authorization AND charge, then, you'd have to void those transactions before the batch settles (if done automatically) or before you settle the batch.

6:55 am on Aug 28, 2003 (gmt 0)

10+ Year Member



I just stumbled on this page, try it
[gamutphonecards.com...]
8:45 am on Aug 28, 2003 (gmt 0)

10+ Year Member



Thanks Night Hawk,

that is a great tool. Will look at it more in-depht when I get a little more time today and put it to the test!

Thanks again

Saskai

12:57 am on Oct 4, 2003 (gmt 0)

10+ Year Member



HI TAKE A GUESS WHY IM HERE!? I'LL TELL YOU- SOMEBODY FROM WEBMASTER WORLD STOLE MY CC# TO PURCHASE A ONLINE CASINO-GAMBLING SITE! WELL IN THE HUNDREDS! WISH I RUN INTO HIM/HER!