Ok, I’m hoping to get some serious and knowledgeable responses out of this thread, and not those “check the search engine” responses, because, believe me I’ve done that lol.

First of all, right now I am using WHM Autopilot. The only payment options I am currently accepting are Pay by Mail, and Paypal.

But I’m currently on a quest to figure out the best solution to limiting and crushing fraud. I am presently looking into having the MaxMind fraud detection (paid) service integrated into the WHM Autopilot so that when someone goes to register for an account, their information will be run through Max Mind’s fraud detection system, and if the IP doesn’t match the location, the account will not be created, but instead sent to the pending activation section so I can review the information, and contact/try to contact the potential client by phone. If the IP matches the location, then the account will be created automatically. I have found a guy that says he can do this for me lol.

If this integration works properly, that should be an excellent method of combating fraud. And my current set up should be sufficient. Right?

But there are other options…

Payquake, from what I understand, uses Authorize.net – so I could use this set up with WHM Autopilot – I think – even though Autopilot doesn’t “accept” payquake, but it does accept Authorize.net. I have heard some WONDERFUL reviews on Payquake, and from the information on their site, it seems as if they’re one of the cheaper possible solutions, and have had a strong reputation. I wanted to make sure that I was correct when saying I could use payquake with WHM Autopilot, and wanted to hear some more reviews/opinions on their system.

I was also thinking about going through CDG to obtain an Authorize.net account. I believe Authorize.net has its own method of fighting fraud itself.

I need some advice lol. I just want to have the best possible (and most cost efficient) method of avoiding acceptance of fraudulent orders, as well as avoiding charge backs.

Give me your advice. :D

With respect to fraud prevention, Authorize.Net (and just about all other gateways) provide the first layer of "scrubbing" via AVS and CVV2.

In addition, with AuthNet you do have the ability to implement Verified by VISA and MasterCard's SecureCode. Other gateways are also starting to adopt (or have already) adopted these protocols but it must also be supported on the front-end ordering system/billing package side as well for it to be any good.

IP-based geographic scrubbing can be very useful. Also, if you are dealing with foreign transactions of a high ticket size, you may even want to request that the client send a faxed copy of their credit card itself (front & bank) and/or a credit card statement that matches the credit card # as further proof of possession.

Last but not least... you should definitely pick a merchant processor who will respond quickly to any risk or fraud scrubbing related questions that you might have. Remember - fraud deterrence is a team effort and it is an issue that affects everyone throughout the entire transaction process.

Is Payquake any good?

I would recommend:

PayPal + 2checkout + Mail Payment = Excelent!

2checkouts is great figthing fraud :stickout:

Paypal isn't though. And they let buyers charge back practically anything. :(

PayPal allows chargebacks often...
2CO is very strict

http://www.fraudguardian.com works with ModernBill I believe.

That's always another option.

What about Payquake? Who has more info on payquake?

payquake is not a 3rdparty merchant service like paypal or 2checkout. They provide a real merchant account.

Also, if you are dealing with foreign transactions of a high ticket size, you may even want to request that the client send a faxed copy of their credit card itself (front & bank) and/or a credit card statement that matches the credit card # as further proof of possession.

Aren't there legal implications for this from a merchant point of view? Aren't we not supposed to have the 3 digit CVV code on the back of the card?

FraudGuardian looks cool but I have a hard time supporting ModernGigabyte.

Personally we have integrated ClientExec with MaxMind and that works quite well for us.

Akash, I asked the same question here.
http://www.webhostingtalk.com/showthread.php?s=&threadid=248768

Akash, I asked the same question here.
http://www.webhostingtalk.com/showt...threadid=248768
:beer:

Just read it :stickout:

Originally posted by Akash
Aren't there legal implications for this from a merchant point of view? Aren't we not supposed to have the 3 digit CVV code on the back of the card?

Not all countries provide 3 digit CVV code. I think only Canada, US, UK, and some European countries.

Specifically, you are not allowed to -store- the CVV/CVV2 code.

However, you are allowed to enter it in to process the initial transaction and see the match result that comes back.

With respects to a faxed or e-mailed copy, you can edit out the CVV/CVV2 code to ensure that you remain compliant with the rules regarding this.

But I’m currently on a quest to figure out the best solution to limiting and crushing fraud.


Automated systems are nice, but you should always manually check EVERY order.

Still looking for feedback on payquake, if you don't use it, but know someone that does, please let me get their contact information so I can find out more about Payquake. Thanks.

Originally posted by X F e L i X
Still looking for feedback on payquake, if you don't use it, but know someone that does, please let me get their contact information so I can find out more about Payquake. Thanks.
Use the Search Button.:stickout:
Just kidding, this might help you out
http://www.phoenix.bbb.org/commonreport.html?compid=27003894&national=Y
From the Better Business Bureau organization.
Seem to be pretty good.