Fraud seems to getting more and more popular (or worse) and it made me wonder, how do you prevent fraud of credit cards?
Some prefer using PayPal for the payments,
others seem to like you to capture ID and/or credit card.
So if you have any thoughts on this or how it's done at your company would be appreciated :)
Regards,
Toby
Lawrence
12-30-2001, 07:50 AM
I think the safest way is to review orders manually. You can charge in real time, but reviewing each order at some stage, preferably before giving away your products or services, can help a lot. You can usually let processing fees for refunding a transaction bounce off your chest, but chargeback fees are something you want to avoid if possible.
We had one a few weeks back where a suspicious order came in. It was easy to pick, being relatively large and ordering the same product at two different prices (one at standard, one at reseller rate). The card they used happened to be Australian (we're based in Australia also), so it was easy enough for us to phone the owner to check on the order.
Sure enough, it was fraudulent. The person was stupid enough to send us an e-mail complaining that he/she hadn't received what they "paid" for, so we had their IP address and e-mail headers. Possibly spoofed, I know. A bit of co-operation between us, the customer, his card company and relevant authorities, and the last I heard the Australian Federal Police were investigating. I don't think we'll ever know how it turns out though.
sbrad
12-30-2001, 11:55 AM
I CAN NOT say enough about checking EACH order manually. Do it! It will save you such headaches in the future. Here are a few things to watch out for when you do these (although not a comprehensive list)
What are they ordering? Our experience has been that, a great majority of the time, a criminal will try to purchase the MOST expensive plan, for the longest period. But this is not always the case. And if you have a very determined criminal, they will figure this out and start submitting different cards for different plans.
Their IP address. Run their ip through Arin.net. Your first clue would be if they SAY they are in, say, Kansas, but the whois returns an Apnic owner. Beware.
Whois- If they say they already have a domain registered, who is the owner?
Call them. If you have ANY concerns that the charge may not be on the up and up, call the number they gave you when they signed up. If you get the wrong number, or it says it's disconnected, you're pretty sure you got screwed.
Just in case it is a legitimate charge, and someone just entered the wrong phone number, I run them through whitepages.com. The bonus here is that, if it was a fraudulent order, chances are you'll be able to match up a phone number with the address...or at least zip...and call the card owner and let them know their card was compromised.
Again, this isn't comprehensive. But it has given us a successful fraud rate of exactly zero in as many months.
