Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: buckworks
I am glad to have found this forum as I have having such a hard time planning and starting my ecommerce site. This forum is a jewel find to me as I have learnt so much from just reading the postings. Hope to be able to contribute as well. Thanks.
Well my question is:
Does anyone know the rate that WorldPay charges for chargebacks? They just won't reply to my emails. I can't them by phone either. My products prices are quite small - $2.99 to $29.99. But I do have one product that is $999.
Is the chargeback based on transaction or amount of transaction?
Anyone knows how if WorldPay's Guarentee or World Alert package works for detecting fraud. I don't know if it is worth my money upgrading to that package.
I am selling downloadable files. Fraud is a major concern to me. My customers must be allowed to download the files immediately...that's the problem. I don't mind losing the files to them but don't want to be penalised for the chargebacks. Do you know how to avoid chargebacks? Anyhow, is fraud that rampant? I am really new to all these and I've heard the thieves like to target sites with downloadable purchases.
Any advice will be valued!
£10 + VAT
>>Is the chargeback based on transaction or amount of transaction?
>>Anyone knows how if WorldPay's Guarentee or World Alert
>>package works for detecting fraud. I don't know if it is
>>worth my money upgrading to that package.
fraud detection is mainly through AVS and CVV as standard with every single transaction. when someone makes a payment, you get an email with the AVS results showing if the address, postcode, country etc given match with those held by the card issuer. it's up to you whether or not to proceed with an order based on the AVS results. the AVS / CVV system isn't perfect (but nor are any other AVS / CVV systems) but it's a fairly good indicator.
the guarantee is not for detecting fraud, only for guaranteeing you get your money in the event of chargebacks / fraud. probably not worth going for as you're providing downloads rather than physical goods - you may not even be allowed to claim against the guarantee if you provide downloads.
worldalert is good for manually blocking transactions from IP ranges or domains or email addresses. enter enough IP ranges and you can block entire countries or continents if you want.
worldalert also checks transactions (in real time) against hundreds of thousands of other transactions, looking for fraud patterns. the email you get upon completion of a transaction may show a worldalert warning if something suspicious was found. i believe that it will also automatically reject some transactions it considers to be definitely fraud - i'm not 100% certain on that as worldalert is a fairly new system and i've not had much time to play with it.
>>I am selling downloadable files. Fraud is a major concern
>>to me. My customers must be allowed to download the files
>>immediately...that's the problem. I don't mind losing the
>>files to them but don't want to be penalised for the
>>chargebacks. Do you know how to avoid chargebacks?
simple. use pre-authorisation (deferred payments). customers will make payment and download their files, but no money is taken from their cards until you manually complete the transaction. you do this by finding the transaction in your customer management system and clicking a button to complete. if the transaction is fraudulent, you simply don't complete it. therefore, you avoid chargebacks. if you need more info, sticky me.
>>Anyhow, is fraud that rampant? I am really new to all
>>these and I've heard the thieves like to target sites
>>with downloadable purchases.
it's not *that* bad, but some companies suffer more than others. i get a handful of attempted frauds from indonesia, the phillipines and surrounding countries every week, and the occassional attempted fraud from the former eastern block - i won't trust any orders from any of those countries. it just takes a bit of time to get used to spotting frauds.
fraudsters will target sites where they can download goods so you'll get higher than average rate of attempted frauds. if you sell tangible goods, they have to be delivered to a physical address, and this gives you a means of tracing the goods and the fraudsters. selling intangibles (downloads etc) means the fraudster just needs to keep trying any fake or stolen number with any name and address details, and eventually they'll get through. you won't be able to trace them to recover the costs or anything.
For the really brave (and I am goind to attempt this soon!), you can use callback routines that will allow you to check the results and decide on the action from there. You can use this with a pre-auth account so that you can check AVS results, fire back off to WorldPay to complete the transaction automatically if the address matches, and leave others to be processed manually. You can get this to return to your site to enable the download. With callback you can do almost what you like! (You will need programming skills in a server side programming language, such as Perl, C++ etc...)
Reason: Too many and they close your account, you become blacklisted with Visa and Mastercard and setting up a merchant account with anyone else can become near impossible. Remember: You have no control over who uses your payment system. You have no control of the number of fraud attempts.
Every month somewhere between 40%-50% of money that WorldPay authourise is fraudelent. That's a lot. But because I don't process them, the money is never transferred and the payment becomes cancelled by WorldPay.
few points here.
1 - chargebacks and fraud are a problem with ANY credit card merchant system, online or offline, not just WorldPay. the retailer / merchant is ALWAYS liable for any frauds. the merchant MUST take their own precautions and check orders carefully.
2 - with worldpay, closure of accounts is a last resort. in the event of very high chargeback levels, worldpay will normally take other action first, such as warning the merchant that the chargeback levels are too high and recommending that they read the chargeback guide (there's a hint there to not just read, but to follow the advice!), they might extend settlements to 8 weeks, they might impose a rolling reserve to cover for chargebacks and so on. there are many options before account closure becomes necessary.
3 - i've never heard of anyone being blacklisted for having too many chargebacks. do you have any proof that this actually happens?
>>Remember: You have no control over who uses your payment
>>system. You have no control of the number of fraud
again, worth pointing out that this is the same the world over with any payment system and is nothing to do with worldpay specifically. however, worldpay's worldalert system will allow you to block entire countries such as indonesia by IP address, therefore drastically reducing the number of attempted frauds through your account.
>>Every month somewhere between 40%-50% of money that
>>WorldPay authourise is fraudelent. That's a lot.
i doubt that figure is correct for the entire system - it may be true on your account, but certainly not on mine or any of my customers. i'm an accredited partner and i have access to some (but not all) customer accounts, probably around 100, so i can actually check these things. a quick look at my own account shows around 1% of authorised transactions on my account are frauds. all are normally rejected, although i've had a total of 4 chargebacks in 3 years now.
another important point here is "authorisation". worldpay and other payment systems providers will generally authorise any transaction where the card number is valid and there are sufficient funds in the account. this is how it has to be right now. no card processing systems are capable yet of accurately determining whether transactions are genuine or fraudulent. AVS and CVV are used, but neither is 100% reliable - there are many old cards in ciculation without CVV numbers and many card issuers simply do not have all their cardholders listed in AVS databases etc - don't forget that people move house as well so addresses may be inaccurate.
with the systems / card / card issuer databases etc as they are, if systems were to only authorise those transactions where AVS and CVV details were fully matched and where the chances of the transaction being fraudulent were minimal, e-commerce worldwide would come to a grinding halt.
in time, old cards will be replaced with new cards carrying CVV numbers and other forms of protection. Visa and Mastercard are both trying new schemes whereby cardholders will not be allowed to chargeback. but it's going to take time to replace the millions of credit cards out there ....
However, in my case since my downloads would have been downloaded already, there is no refund really. The refund is mainly to request cardholders that have had their cards illegally used to contact me directly instead of complaining to the back. Do you think that would work?
Also, in my case, there is no shipping address and even if there were, it wouldn't make any difference as my files are downloadable. How do you suggest I make those checks to see if the transactions are legit? Any advice on what steps to take? Crazy_Fool, you seem to be doing very well in shielding yourself from the thieves. Any advice?
if you're in the UK or the EU and you sell downloads, you basically don't have a leg to stand on. genuine customers can always demand their money back under the distance selling regulations and you have to refund them. even though you refund them (and it costs you transaction charges) they still get to keep the software they downloaded.
with tangible goods (real items) they have a legal obligation to return the goods meaning they can't keep them, but with intangibles (downloads etc) there isn't really anything to return. they can email you a copy if you insist on it, but they still get to keep a copy for themselves and there is nothing you can do about it.
it's probably better to look at selling downloads another way - if a genuine customer makes a genuine purchase and doesn't demand their money back, it must be your lucky day.
outside the UK and EU, you might not need a refunds policy, but it's a good idea to have one anyway, if only for "consumer confidence".
>>Also, in my case, there is no shipping address .... How
>>do you suggest I make those checks to see if the
>>transactions are legit?
regardless of what you sell, you can check customer name and address details on infobel.com or 192.com or whatever the relevant white pages are for the country concerned. for shipping physical (tangible) goods, you'll normally end up shipping to that address - you know the goods are normally going to the cardholder and no-one else.
with intangibles, you really need to go further than this if you really want to know if it's genuine or not. you could check that the phone number given is genuine for the given address - these will be shown in the white page. infobel used to let you do reverse searches on phone numbers - i don't know if they still do that so you'll have to check. once you know that the phone number and customer details are genuine, you can call the customer and ask if they placed an order with you. of course, that will sound a bit stupid, so you could make it a "customer satisfaction" call. if they deny all knowledge, you may well have a fraud.
my advice? don't sell intangibles. simple as that.
i posted some other comments and suggestions about selling downloads a couple of months back. see this thread:
I still have yet to get a reply from WorldPay on how exactly World Guarantee works and if I will be able to claim in any case seeing that my products are downloadable.
There site does not go into details though.
Thanks for the tips.