This morning we had a fraud credit card submitted under the name Suzuki Yoshiaki, with email jeninboy@arabmirc.net and domain falasteeni.com

He (or so I assume) ordered our highest priced package, yearly plan. The CC was denied, "likely due to fraud"

Nothing else to say really, simply a warning to be wary of falasteeni.com and/or the name of 'Suzuki Yoshiaki'

Web Guyz received an order form from this person also but no payment was received via PayPal (they checked they were paying via PayPal on our order form).

Just figured I'd throw that out there! :)

Just wanted to add in, the order form was received over 2 1/2 weeks ago.

<<Peter, please let the signature do what it's for (how's that for English grammar?)>>

In the past month or so...we've been hit with ALOT of fraudulant orders. Not sure why the sudden increase, but we've recently taken extra steps to prevent credit card fraud.

Any suggestions would be welcome!

--Tina

We too have seen a dramatic increase, maybe it matches our growth in sales, I haven't checked that. But we have done some upgrades with our processor to ensure that we won't be ripped off.

What I do request in fishy orders is an Scanned ID copy, usually they don't respond :)

Tina, our fraudalent orders dropped dramatically when we included the CSV value on the back of the credit card on our signup form. It requires the customer to have the card in hand.

I can tell you this... falasteeni in arabic means palestinian. His name is Japanese.. which does not make sense at all... thus you can conclude this is fraud.

I don't know about you all... but, recently when I used my CC for an online transaction I was asked for my CSV on the back of my card(first time)...

Well.... I've had the card for 3 years now and aside from the giant CHECK ID:D scrawled on it (over the number)... It had also partially been rubbed off...

So what do I do...?

Originally posted by michele
I can tell you this... falasteeni in arabic means palestinian. His name is Japanese.. which does not make sense at all... thus you can conclude this is fraud.

My first words were Arabic, and that's where it stopped, so I didn't know that :) But it was not hard to tell that the name and domain did not match or relate in any way :)

Originally posted by Sectorlink
Tina, our fraudalent orders dropped dramatically when we included the CSV value on the back of the credit card on our signup form. It requires the customer to have the card in hand.


My merchant account does not require that - so, how would I even check those numbers??

--Tina

tina-
What payment gateway do you use? If you use an authorize.net gateway, I think that they started to integrate the ccv2 number in their 3.1 software, if you use echo which if I seem to remember you don't they also have it integrated into their gateway. Talk to your merchant provider about it, and I'm sure that they'll be able to steer you in the right direction.

Originally posted by michele
I can tell you this... falasteeni in arabic means palestinian. His name is Japanese.. which does not make sense at all... thus you can conclude this is fraud. That was my first thought too. However, you cannot just assume a fraud if someone with a Japanese name owns a domain with an Arabic word in it, can you? A very daring assumption IMHO.

Originally posted by Studio64
Well.... I've had the card for 3 years now and aside from the giant CHECK ID :D scrawled on it (over the number)... It had also partially been rubbed off...

So what do I do...?

Get a new card ;)

Ya, we've been hit with alot of cases recently of fraudsters buying monthly billed plans with credit card info stolen through various viruses.

I mean how intelligent are these guys to go for a monthly billed product? :D

Hey Guys,

I have reduced my fraud my 10 when I do the following. I almost let one through but I will tell you how it got passed my system. Here are my standards


1) I traceroute his IP. If it ends up in a country that he is not living in then I automatically email him tell him I need a copy of his drivers license or passport and credit card.
2) If the country comes up as anywhere in the Middle East (except Israel) or any third world countries I always question it.
3) I do a whois on the domain name. If it looks fishy (i.e. another country registered it) then I ask for passport / CC.
4) I goto www.411.com and do a reverse phone # on the order

Now never have I gotten a response from someone I was sure that it was credit card until yesterday. Some guy from Canada who had a canadian address and the phone number actually reversed to his house. Well then I do a whois on the domain and it came up as a Turkey registered domain. So I email him explaining to him blah blah I need a copy of your passport and CC. So this guy emails me a copy of his ENTIRE passport hehe. I end up going ahead and trying to process the account but it came up as declined because it was over used. I am still not sure if that is a declined order or not, but I thought it was funny this guy actually scanned the whole thing in.

But if you follow those 4 steps on EVERY order I bet your credit card fraud rate will drop tremendously.

Originally posted by thomas1
That was my first thought too. However, you cannot just assume a fraud if someone with a Japanese name owns a domain with an Arabic word in it, can you? A very daring assumption IMHO.

Oh of course not. I would never base a conclusion on something like that, though it would certainly raise an eyebrow.

Hello
I am sure we got an order from that guy as well but he cancelled at the point we display the customers IP address.

I think I am already well known for my severity in attempting to prevent fraud.
We have had a spate from Turkey recently which is very sad because we have a few good customers there.
Frauds are definitely on the increase.

The majority seem to eminate from Islamic countries and there has been an increase since September.
We managed to reduce ours by blocking out complete countries but there is only so far you can go with that or you would never
get any customers.
We get frauds from the US but not often as our systems tend to
weed them out.

We watch for words like krew, irc etc, use of apparently official email addresses from major companies like lnternetservices@msn.com (thats an L at the beginning - neat trick).
Arabic words in domain names ordered apparently from the US are a definite warning sign.
We have lots of customers in Saudi Arabia and the Gulf states but they (obviously) order from there so there is no problem.
10 year domain name registrations - never had a genuine one of those.

The trend seems to be that these are people who have no intention of trying to use the space.
In the past we terminated fraudsters and found sites on their accounts. The few we get now have empty accounts that have never been accessed which makes me think they are just doing
it for the sake of doing it.


Gordon