1) You need a contract with a courier that does not allow re-routes once despatch is made.
2) Be very, very wary of anything on yahoo.com email addresses
3) Check IP addresses of orders to check what country they placed the order from. If this does not match with the delivery country, there is usually a problem.
4) If the credit card holder has not charged-back the fee, refund it. When the card-holder complains, you tell your processing company it was an error and has been refunded. They cannot process the chargeback and you do not get the admin charges. This works for most card processor companies.

Not to be punny, but thats a gray area. You have just listed all the tell-tale signs of what the fradulant card-holders to. I've gone so far as to send myself and email whenever someone orders from Miami, because I haven't had much luck there.

Sometimes if I want to investigate myself, I'll go to InfoSpace and do a reverse lookup on either the phone or the address. Sometimes that is revealing. I also go to this phone finder website at [primeris.com...] which can tell what network a phone is on (cell or land), and can identify countries from country codes.

The only leg you may have to stand on is if you do address verification and it comes up positive. If so, you've done your job. I've even gone so far as to call someone when I thought the order was fishy. Many times, the person who ordered just uses their cellphone, and they confirm the order.

Law enforcement is NOT going to help you. I've been told that unless the amount lost is over $50,000 then they won't bother. I did report a loss of $750+ to officials in Miami, however no one called back (and I don't expect them to). If you accept credit cards, then you must include in your budget for the year a line item for chargebacks, because they are inevetible.

usually he's ends up in profit from the monies gaining interest before the card is charged back. as he's say's "the only people to lose when your credit card is stolen is the online store. always"

He even once sent a box of dog cr*p instead of $3000 worth of goods the customer didn't even complain

DaveN
IMHO I would not do this and won't personally deal with this merchant but sometimes I really think he's right

Law enforcement is NOT going to help you. I've been told that unless the amount lost is over $50,000 then they won't bother.

It's like that in the UK also. Only high amounts are looked into. One thing I have been doing is storing all fraud attempts and will drop them off into the Internet Crime Squad (which is only a couple of miles from where I live) every few years. The more evidence they have, the better. Funny enough they have come back to me and taken statements on two particular addresses, because other merchants have complained regularly about this address.

The reason is, the merchants are the ones getting screwed here, not the credit card company. The credit card companies are still charging the merchants, and adding an admin fee on top of it. They don't do one bit of investigation. So, why would they care to build a central table?

The bad news is that our declines are now running 12% - up from their historic 5%. Our decline notification email tries to explain that most declines are because of address mismatches - and we encourage the customer to come back and edit their billing address, but it is still a pain for the customer. I'm still not sure how many sales we are losing and whether it is worth it.

Recently I've purchased goods on two sites that asked for the three digit number (4 on amex) - maybe that's a better solution. Like graywolf, I'd like to know if anyone is using this technique.

at £100 purchase is chargedback, WorldPay charge 4.5%+VAT for processing, this means:

£4.50+VAT=£5.29 processing charges
£10+VAT=£11.75 admin charge for chargeback
possible £50 customer charge on their card that they are not covered for

This results in this scenario:

£100 is valid. WorldPay make £5.29 profit.
£100 is fraud. WorldPay make £17.04 minimum, £67.04 maximum profit.

As you can see, this is why they do nothing. And they don't lose any goods. The law needs to change - I believe it should be illegal to make profit from illegal activities, but this is what they are doing.

merchant911.org

that's teh CVV number - it's used with many online payment processing companies to veryify that the person entering the card details has the card in their possession. because it's printed and not embossed, it won't be copied when the waiter in the restaurant puts your card in the machine. if you get an online order and the CVV number given matches that held by the card issuer, theres a good chance the transaction was made by the cardholder. if it doesn't match, why not? surely if the customer can read those 3 numbers if they have the card in their possession?

unfortunately, many merchants with bank merchant accounts and simple SSL sites collect CVV numbers and store them on the server. because so many servers are run by inexperienced web hosts, servers are often insecure and easily popped open by crackers and fraudsters. with such easy access to card and CVV numbers, you can't rely 100% on CVV.

>>£100 is valid. WorldPay make £5.29 profit.
>>£100 is fraud. WorldPay make £17.04 minimum, £67.04
>>maximum profit.

none of this is fair or accurate - it's highly misleading to say the least.

the processing (transaction) charges are applied only when transactions are completed (automatically with full-auth or manually with pre-auth). merchants have the option to use pre-auth and reject / ignore fraudulent orders without incurring any transaction fees whatsoever.

if the merchant authorises a transaction that is later charged back, it's entirely the merchants responsibility.

of the £5.29 transaction fee, £0.79 is VAT which goes to HM Customs. WorldPay actually get 1.6% which is £1.60 - the remaining £2.90 goes to the banks and card companies etc for their part in the processing. a substantial proportion of the £1.60 will be spent on worldpay's own costs - staff etc. the profit will be tiny.

of the £11.75 chargeback fee, £1.75 is VAT and goes to HM Customs. the remaining £10 will go towards the admin costs involved in sending you the RFI, answering your queries about the transaction and the chargeback, collecting your RFI response and sending it to the card issuer and so on. don't forget the national minimum wage is £4.20(?) per hour. at best, the £10 charge will only just cover costs.

other online payment processors also have chargeback fees. rates vary, but again, a lot of admin time is spent dealing with them. i doubt very much whether any online processing company makes a penny profit from chargebacks / fraud.

as for the (possible) £50 cardholder liability, this will be charged by the card issuer, not the payment processor. i think the amount and the circumstances in which the fee will be charged will differ between card issuers. i think the actual amount is set (or suggested) by the underwriters for the card issuers. again, nobody can profit from it - the card holder pays the first £50 of any claim, and the card issuer (or their insurer / underwriter) pays the rest. it's a bit like the excess on your car insurance.

As you can see, this is why they do nothing.<<

I understand that WorldPay will terminate a merchant's account with them if they rack up too many chargebacks. They also require a clear Returns policy on the merchant's site so that customers know they can return or exchange rather than dispute a transaction which would spark a chargeback. These policies are hardly the actions of a company that seeks to profit from more chargebacks.

So let's say you pay $0.30 per authorization, $0.01 for avs and 2.53% discount.

In that case you pay $0.31 regardless of whether your choose to capture or not, but you pay the 2.53% only after the settlement.

When I buy from Amazon, it really does not matter to me if the books arrive the next day or the following week.

Also (I am only guessing here) but most of your orders are probably domestic (international orders would be strange imho as the orderer would probably get stung for customs duties) and so can they not send you a faxed authorisation - as it is domestc it would not cost users a lot?

When I joined Overture they called me in Thailand which I was impressed with, and I was pleased they were trying to protect my card.

none of this is fair or accurate - it's highly misleading to say the least.

the processing (transaction) charges are applied only when transactions are completed (automatically with full-auth or manually with pre-auth). merchants have the option to use pre-auth and reject / ignore fraudulent orders without incurring any transaction fees whatsoever.

if the merchant authorises a transaction that is later charged back, it's entirely the merchants responsibility.

Then please explain why they never set up an account with pre-auth. That's how I got stung. For over £3000. WORLDPAY PROCESSED IT, NOT ME.

the card holder pays the first £50 of any claim, and the card issuer (or their insurer / underwriter) pays the rest.

The card issuer pays the rest? Absolute bollocks. The £100 goes BACK to the card issuer. THEY GET THE MONEY BACK - THINK ABOUT IT. They money is NEVER LOST. It goes back down the chain it started from.

And I don't care where the money goes - it's profit for the card issuer, merchant or Visa/Mastercard/AMEX.... The VAT issue is true of any business transaction.

As for my processing (online toy orders), I absolutely require street address, faxed signature, and a phone number that I call to verify the order with. No connection on any of these 3 points - the order is held for verification. No verification - no order.

I know of some governments that have pushed for this type of system, where Visa/Mastercard are responsible. If they authorise, they are responsible. Too many small businesses have disappeared because of card fraud.

to save you having to RTFM, send an email to pre-auth@uk.worldpay.com

>>The card issuer pays the rest? Absolute bollocks. The
>>£100 goes BACK to the card issuer. THEY GET THE MONEY
>>BACK - THINK ABOUT IT. They money is NEVER LOST. It goes
>>back down the chain it started from.

wrong. the £100 goes back to the card holder. that's what happens when the cardholder charges back. if it went to the card issuer, there wouldn't be any point in the cardholder charging back.

1) The card issuer pays the money through the line to the merchant. The customer pays nothing - that's what credit is.
2) The customer eventually gets a bill, but does not pay the amount - charges it back.
3) The money is taken from the merchant back down the line and goes back to the card issuer.

i.e. No-one loses any money except for the merchant. There is only £100 to lose, the merchant loses the £100 and gets charges admin fees on top. The customer loses nothing, Visa/MC lose nothing and the card issuer loses nothing.

P.S. I am on pre-auth, but after being stung. I was asking why they never set an account up with pre-auth? Because they make money from all the merchants that get stung. Simple.

[webmasterworld.com...]

If there is any major drop I'll post it here. Otherwise if you care to know the reults send me a sticky mail

Do you all know that effective April 2003, a merchant is no longer liable for any fraudulent VISA charge as long as the merchant uses Verified by Visa?

I say this because effective April 2003, whether or nor the cardholder is registered with Verified by VISA, the merchant is no longer liable as long as the payment instrument is a VISA card.

In otherwords, it is not the merchant's fault that the cardholder has not registered his/her card with VBV. Therefore, any visa payment is fraud free as far as a merchant (with VBV) is concerned.

Online fraud will never stop but merchant liability for fraudulent visa payments will stop effective April 2003, as long as the merchants processes visa payment with Verified by VISA. Anybody here - using a payment processor with verified by VISA?