Hi,
I have seen a lot of help provided here for e-commerce can anyone tell me, what are all the best ways to prevent fraud orders.

Some of the options, which are common, are:
1.IP2LOCATION
2.AVS (Address Verification System)
3.Calling the customer if the value of order is above a certain value

Apart from this, If we get a signature from the customer, by asking him to scan his credit card details with him/her attested, if this is taken, then he cannot give a chargeback? Looking forward for members to contribute more to the liste

Thanks in advance
Nish

Those are all great ways to reduce fraud. Unfortunately, you are never always protected - but doing what you mentioned can prevent most fraudulent transactions. Most banks have policies or rules that Mastercard/Visa sets for them. One of these is copied below from a chargeback we received in the past:

The authorized account holder claims that the merchandise or service that was received was not as described or was received in defective condition. You must supply written proof that the cardholder received the merchantdise or service as was expect and in proper condition. Please note that in all non-face-to-face transactions (mail orders, telephone orders, Internet orders, etc.) Mastard and Visa regulations consider the claim of the cardholder to be valid. Merchandise or service descriptions that are not signed for or not provided to the cardholder in a face-to-face transaction are not recognized

A couple other good techniques may be to do a WHOIS on the domain of their email address and see if it belongs to them. Also, check to see if their area code is in the same city/region as their billing address.

Thanks Fraudgate,

Anything else we can add it to list?

The signature can always help as well. But you cannot ask for a copy of the back of the CC (where the signatue is) to verify because of the CCV. It will be harder to do a chargeback, but not impossible.

Yea, you are right corey. Regarding getting a signature is it better to get a scanned copy of the credit card or a credit card statement attested? Which one do you think is better?

Well getting a scanned copy of the front of the card can at least prove the card is possibly there. A little bit hard making a credit card than a CC statement

What if you Only Send Goods to the Card Holder Registered address, can they still do Charge Back?

Only way you can prevent fraud is by asking customer to come to your place and process his card through a manual card machine :) jk. I was wondering if online merchants can do some protection measures like paypal, ikobo etc do have i.e by authorizing or charging a small amount less then $2 to customer and ask him to verify that charge by calling bank and then process order. If i do that with a merchant account is that possible?

Ok, I don't get this.. If a Customer places an Order. Pays by His or Her Credit Card, Has the same delivery address as their Billing Address. Call you and place the order with you over the phone, how can this be then Charged Back?

I am looking to have a service by which I can accept Payment over the phone through a Terminal however all this Charge Back thing is making me all worried?

Has anyone on here ever actually suffered Charge BACK, AND IF SO HOW MUCH?

Mahdi you can easily change your billing address logging into online banking service of your bank where you have many features like statements etc. Crooks use to login to credit card accounts with stoles passwords and change there billing and if you get a order like that and you ship it then who will be responsible for order as card holder dont even know about it :)

Ok, but what if you speak to the Person over the Phone, Obtain the last 3 digits from back of the card. Would that then help?

If what you are saying is the case, the shop keeper will always loose because even if the item was to be purchased in person, how would we know the person is really the cardholder and not some one who has stolen the card?

Mahdi speak on a phone will placing orders for goods ppl use cell phones ok you will call person on number but how would it be possible that if some crook has access to full online banking management of a stolen card he dont have last 3 digits of the card :). And i personally think processing on internet/phone/mail order is not a good idea unless visa and mastercard also have a policy for merchants like they have for card holders of zero liability why its always merchant who has to cover fraud charges and there is another truth about online fraud. Unfortunately much of this fraud is perpetrated by customers who have legitimately purchased services, but later deny having done so and thats enough for a bank to cancel transaction :)

Originally posted by Mahdi
What if you Only Send Goods to the Card Holder Registered address, can they still do Charge Back?
Yes - a chargeback is still possible. You are assuming it is fraud - what about if it is the real customer but not happy with your product?

Using the methods - CVV, AVS, Geographical IP are all great to help to prevent fraudulent transactions. Another system to implement is Verified by Visa.

Nothing is 100%.

Other steps:

Check the e-mail, if it is a free e-mail - Strike One
If the consumer states they need it fast - Strike Two. Usually hackers want to set it up as fast as possible - use your services until you find out the CC is no good
Compare the IP address to the billing address. If the IP address shows Indonesia (Strike Three), and the billing address is Beverly Hills, CA - Strike Four (or Three).
I know that it most companies also give the tracking number, but you should refrain. What happens is since the hackers gave a fraudulent address, they watch the package online. When they know it is at the main office, they go there & tell them they are there to pick up a package for John Doe
Watch out for large orders. Don't get greedy - this is what the hackers rely on. They hope that you see a $3,000 order & they want it overnight. They hope you will send it out since it is needed overnight & you will be too busy trying to get the order fulfilled rather than verifying the CC

So all in all we are SCREWED?

YES, chargebacks WILL be there if you are doing business on the internet (non face-to-face), and you will not be able to do much if the customer REALLY wants back his money.

The creditcard companies (like you´ve read above) have "non-real-world" nonsense regulations for this and they want that their Card-Users are happy, so they keep on spending money with their card and therefore fill the companies pockets. So as a internet-merchant, and when not enrolling in the Verified by Visa program, YOU will be the loser in any case.

The thing is, what can you do? Of course you can send a collection angency after the customer that charged back, but you´ll have to pay some nice discount to them, if they succeed. Also they cannot really force your customer to pay you the money and you only way left would be a court-process. But what if the client is international? The costs for this will def. be to high to make any sense, not to mention the administrative work you´ll have.

So summarized, providing Creditcards as an payment-option if you are an internet-merchant is like an invite "get my services/products for free if you really want".

All this makes me love Paypal even more, whenever I can I try to tell my clients they should fill their PayPal account with their creditcard BEFORE paying me (so that they don´t do a direct-payment with their CC trough PayPal to me). The thing about this is that the funds will then be taken out of their PayPal-balance (and if the clients charges-backs this tranfer, then he has a problem with PayPal and not me) and PayPal has a 60-day chargeback limit and additional it DOESN´T protect non-good transactions. Which in fact is the exact turn of the situation for you as a merchant.

My 2 cents.

Correy i just wanto ask do processors have time check features with a order like when some one places a order processor checking pc local time and matching it to time of location in billing address?

Some fraud prevention might, but as far as I know, the answer is no. There was one company that I was speaking with last year that had devised a way of identifying a certain computer. So that might be something in there

But I think the only way to get the user's time is thru javascript? And with so many programmers detesting JS, they might leave it out

We are not all screwed. You just learn about some of the things that are used in a fraudulent transaction.

And don't forget - with Paypal, even though they might have a 60 day period, the issuing bank normally has 180 days.

Most IP tracing will tell you where the IP address is (unless it doesn't match - then it's a red flag anyways). You can translate this location to a timezone and see if they're ordering at 4 in the morning. This is another great way to assess the risk of an online order and reduce fraudulent transactions.

He, I USUALLY order at 4 in the morning, because I work at night. I didn´t know I am fraud because of that ;)

I was just saying that most people don't :). Detecting fraud is not only one flag that can tell you that an order is fraudulent, but rather a combination of different results and circumstances. Most people don't place orders at 4 in the morning. Would I cancel an order because of that? Certainly not. But if an IP address traces back to Malaysia where it is daytime there, and it is 4 in the morning in New York where the cardholder lives that's a very good indicator.

The key to managing risk is to reduce the number of chargebacks... it is unrealistic to expect that you will be able to prevent 100% of them from ever happening.

All of the methods described here in this thread are valid. The FraudGate system does a nice job of combining several tools into one and there are other systems on the market along similiar lines with respect to various portions of it.

As with everything else - there is always a trade-off. The occasional legit sale might be scrubbed out BUT you may end up saving yourself from 5-10 fraud orders for each legit one that you lose out on.

The really important thing is to be very wary and very concerned about fraudulent orders.

For instance, if a big order is placed and you haven't even discussed the sale prior - that should be a warning sign.

If things don't all check out right from the start - it merits investigation. If in doubt, cancel it out. It's not worth the risk.

Personally, I recommend ALL orders to be voice verified and IP/GEO/BIN checks to be run on them along with any other tools.

Taking these steps has helped some of our larger volume Web hosting merchants to reduce their chargebacks by 80% or more... and that is a vast savings for them.

I am searching for card bin numbers i contacted my merchant account provider but they donot have it what they say. is there any place i can get bin numbers i also searched on many others forums but didnt found it.

There are some sites that have that, but they are maintained by members because BIN change frequently. I know of two - can't post one because of TOS & the other one, let me search for it. I have it somewhere in my favorites.

Thanks guys for your excellent advice,
Is there any industry standard for chargebacks? (For low/high risk goods/services?)
Also will it be useful by asking his/her credit card issuing bank telephone number? and is it really possible to call up the bank and say the credit card # will the banks allow it? or may be we can collect to scare the fraudster?
Any suggestions?

People, People , People.. You are missing to bigger Picture. You are only looking at Frauds carried though Stolen CC. The point is if a Customer decides to gett he Goods for FREE, he can just call up his CC and say goods was not advertised as Stated and BOOM you have been rubbed.

Imagin you sell Computer systems and this happens to a transaction of £800.00, you only need a few of these too be badly damaged.

I had an appointment with a CC Provider to setup online Payment process but will now call them and cancel it, will stick with Pay Pal.

Hi,
Mahdi where are you based on? If suppose your customer simply tries to give a charge back he/she must write a letter to their bank stating the reason and obviously as per VISA/MC terms they will roll back the funds however you can submit necessary documents like proof of delivery and get back your money.
Hope this helps
Nish

This is the point I made in one of my other messages Mahdi. But Paypal is not the answer either. In fact - it could even be worse because you have two companies now that can do a chargeback - Paypal & the CC company.

Nish - what Mahdi is trying to say, let's say that I ordered a computer from you. Now for some reason, I am not happy with it. So I call the CC company & let them know. They issue a chargeback.

I am not too certain about calling the bank - because how does the bank not know you are the hacker? :) The banks used to allow that a long time ago, I remember for checks. But most stopped because they found out that was an easiy way fo people to determine how much to write that stolen check for.

Higher chargebacks usually exist on membership sites & recurring billing. If you implemented an extra fraud control like http://www.fraudgate.com/ & then even Verified by Visa, you il be pretty safe. But there is no fool-proof way to prevent chargebacks

Any 3rd party card processor which supports verifiedbyvisa feature and if i receive a fraud order with a verifiedbyvisa card i will be responsible for chargeback or is it the bank?

I believe 2CheckOut is in the process (or is currently) of supporting Verified by Visa. Verified by Visa will protect you and shift the responsibility of the chargeback to the bank, however it does not protect you under all types of transactions.

Originally posted by fraudgate
I believe 2CheckOut is in the process (or is currently) of supporting Verified by Visa. Verified by Visa will protect you and shift the responsibility of the chargeback to the bank, however it does not protect you under all types of transactions.

They have been in the process right now for some time. VbV is available through some 3rd party processors, but it can be just as easily set up with a merchant directly.

Thanks Corey,
Yeah am aware of that kind of chargeback (where customer can give the merchant if he/she hasn’t received the goods nor happy with it.) VBV must be a good measure to prevent from fraud orders. Is that anything the merchant has to pay in addition to obtain it?

Yes there is usually a sign up fee, a transaction fee, and a monthly fee. Consider it insurance basically.

If for credit card terms, I would prefer in this way :

Get the client Identity Card with Credit Card and photocopy it at both side then scan to computer and send to you.

Remember get the card csv number as well for bank verification.
If you have the terminal or merchant machine , probably the idea is asking the client to visit you at shopfront and process the payment.

Else others method , paypal / bank transfer

You can use a service like maxmind or some other similar service they provide a fraud score by looking at the ip address, location of the buyer, proxy is used or not, billing and shipping address etc. You can set which fraud score to reject.
Mostly fraud customers use different shipping and billing address, fake phone number and place a large order. Some go for small orders as well so small orders with suspicious details shouldn't be ignored as well.

We use maxmind with maxmind phone verification its works fine.you have to try maxmind 1st.