This guy is relentless. He just signed up with us again with yet another stolen credit card. He (stupidly) uses the same signup info, which I am sure is bogus too, but it is:

Name: Rico Belvedere
Company: Novanet
Address: usually somewhere in CA
Email: rico@novanet.ro

And, of course, the credit card name and number are different every time. He has caused us two chargebacks or accounts that slipped through our fraud checks.

He keeps coming in from different IPs, so we haven't been able to block his access. He's probably behind a firewall. Any ideas?

Threaten him with a lawsuit.

Once I find out who he really is, I will.

Try to use this little form, I've used it once and never heard back from that person - he/she submitted 6 fraud orders until I sent this. :)

"This order (domain.com) has been found to be at high-fraud risk, and will not be processed.

Your IP has been logged and ISP has been traced. All information will be reported to FBI for further investigation. Legal action will be taken! http://www.fbi.gov/hq/cid/fc/ifcc/ifcc.htm "

Good point. We have used this tactic before in a reactive mode and it has worked well... Time to re-implement it

Originally posted by Coran
Good point. We have used this tactic before in a reactive mode and it has worked well... Time to re-implement it

You guys are lucky! I've had over $6000 in two dozen fraud transactions in the past two months. They all appear to be from the same source in Malaysia somewhere. When I told him we're doing a reverse lookup on the logs of the proxy gateways he's used, he just got more motivated and started "showing the finger" while signing up for more accounts, each time using a different credit card name (he even entered the full address and email of each cardholder).

I've blocked many IP's and subnets that he's used, but he still once in a while drops by and says hello with another fraudent order.

I lost a lot of $ in chargebacks in the beginning. Now I just refund all suspecious orders right away.

I just added the following warning to the top of my payment page, hopefully it will put some dishonest people off.

http://www.spiralhost.com/warning.html

One of the best things you can do is make sure roders are cpatured but not auth'd.... basically the merchant validated the card but doesnt charge it until you say so... while you loose the instant seutp, your far better protected from fraudlent users looking to signup, do there thing and slip by.

Also do not signup anybody using the domain bozocool.com You will be subjected to spam...

TedS, we never auto authorize orders. That would be more insane than the situation we are in now.

To Hostmaniac's point, our ass**** came by again today and submitted 22 fraudulent order attempts. His stolen cc list must be getting old though, cuz none of them worked.

It's the same deal with this jerk. The harder we push back, the longer his middle finger becomes. He was doing the same thing as your ass****. Different credit card #'s and names on each order, dutifully filling in the stolen name, #, address, phone#, everything to pass AVS. Now, he just keeps submitting the same card that gets declined 22 times. Now that is progress....

Our .htaccess is now quite large, but he seems to, as you say, come by and give us the one finger salute on a regular basis. We know what country he is in now (No, it's not the USA, big surprise!) The thing that sucks is that even if we find him, we can't prosecute him.

I just want this freak out of my life. I am sure that every time that we tighten our security that he tries that much harder to defeat it. That's what these freaks thrive on.

We will not give in to this harassment. Ever.

EyeSee, forgot to mention that we have the same kind of warining on our intermediate order page, but I like yours better.

Thanks! :)

To bad there is not a system in place where We track the fools right down to the plug there computer is plugged into.

And auto launch Cruise missile at a flip of a key stroke.

5....4.....3.....2......1... poof

:uzi:

Why not send him an activation e-mail that include a picture from g-o-a-t-s-e-c-x? (yeah chicken I know you love that site too that's why it's censored tee hee hee)

My ass**le was back tonight with a couple hundred dollars more of fraud.. So I'm thinking maybe the following solution *if* doable might help cut out all fraudent orders.. I want to know what you guys think?

How about a simple script that checks the users IP during the sign up process and if found to be a gateway (proxy), it will not allow live transactions. Instead, it will notify the user that he is on a gateway and for security purposes he needs to fax his credit card details with an authorization signature to complete the order.. Or just collect the details and we'll call his tel # to verify his order.

What do you guys think? I think there must be something important I'm missing otherwise others would have come up with this idea before me..

Originally posted by TedS
One of the best things you can do is make sure roders are cpatured but not auth'd.... basically the merchant validated the card but doesnt charge it until you say so... while you loose the instant seutp, your far better protected from fraudlent users looking to signup, do there thing and slip by. yeah very true last month 50% of my orders i received were from credit cards which were declined!!!!

EyeSee:

Are people allowed to copy that message you posted and put it on their websites? It may be helpful for some people.

Also, what organization is that seal apart of?

Brian

Hi, i didn't mean to take credit for that warning message, i actually 'borrowed' it from another (non webhosting) site. I didn't see anything wrong in using it and obviously don't mind anyone else using it. I did change the middle paragraph to make it more suitable for myself.

The site the image is from is http://www.trust-on-line.com and is currently out of operation.

Thanks for the link and the information!
Brian

Thanks Coran I wish more people would post about things like this................