Just curious to see what the level of fraud is that you folks are seeing. I've caught flak from my merchant processor for the amount of fraud that is coming from my site (not by choice) ... and we have put several steps in place to combat it.

The FBI just released an article that says that online auctions are the highest source of complaints (for Internet fraud). (See http://slashdot.org/article.pl?sid=02/04/11/1317254 for more information) It got me thinking -- how many times have you folks reported fraud to the FBI?

For example, I realized we never had -- even though our incidence of attempted credit card fraud accounts for something like 70% of all attempted orders (no kidding!)

Thanks,
Dan

Dan,

The FBI is the wrong agency, the secret service is the agency in charge of credit card fraud. I know many people will disagree, just give em a call and you will see.

My companie(s) report all fraud to someone - Not sure who... Someone else handles that :)

But I do do web hosting, design, etc... But in addition I'm co-owner of a Jewelry store, Computer store, hardware store, and a few others... :) If I get fraud I just throw it in a bin and it gets sent somewhere :)

I can find out if you'd like.

Originally posted by CagedTornado
. . . . . . even though our incidence of attempted credit card fraud accounts for something like 70% of all attempted orders (no kidding!)

Thanks,
Dan :eek: 70% ??

I'm at a loss for words.

I didn't even notice that... 70%? That's ridiculous.. For me, I'd say 1 out of every 50 signups is fraud. (and/or the system saw it as f raud, it realy wasnt... but the computer change there mind)

Originally posted by VeoWeb Staff
The FBI is the wrong agency, the secret service is the agency in charge of credit card fraud. I know many people will disagree, just give em a call and you will see. Right, the Secret Service is a bureau within the Treasury Department, and its main role is protecting the country's financial system. The task of protecting the president is more high profile, and was added to their plate a few decades after USSS was created. Originally they focused more on anti-counterfeiting... which they still do. But money laundering, telecommunications fraud, forgery, even food stamp fraud, are areas of investigation that are conducted or coordinated by the Secret Service.

But, the Internet Fraud Complaint Center is run by the FBI. As in many areas of the federal bureacracy, there's a lot of overlap and a lot of different people at different agencies doing the same thing. What, you expect efficiency? :)

Also, the FBI analyzes and reports on crime statistics of all kinds, not just the ones that they themselves investigate. So it's not necessary for credit card fraud or anything else to be reported directly to the FBI in order to be included in their statistics. It has to be reported somewhere, of course. If credit card fraud is reported to your merchant services provider or bank, they are probably reporting it to the feds, at least in aggregate.

Attempts to buy web hosting, for example, that result in the transaction being declined by Revecom or whoever as possibly being fraudulent, though, are probably not counted anywhere.

Originally posted by SoftWareRevue
:eek: 70% ??

I'm at a loss for words.

Imagine how we feel.

:)

And about 90% of the fraudulent orders are coming from Indonesia.

You can guess what words fly to my mind when I hear about that region of the world now....

Dan

Originally posted by CagedTornado


Imagine how we feel.

:)

And about 90% of the fraudulent orders are coming from Indonesia.

You can guess what words fly to my mind when I hear about that region of the world now....

Dan

Dan-
Do you capture the IP addresses of the person who is signing up? If so just block the IP's from accessing your server. Some people have banned some countries from their signup forms, I suggest you do the same.

Steven

:)

I appreciate the advice -- we got hammered in February, and we now do a lot more than that. We have significantly lowered the percentage of fraudulent orders. (And when it comes down to it, someone could always use an anonymous proxy pretty easily -- and we've seen this happen more than once).

I didn't mean to start a thread on how to prevent fraud -- I feel like we've put measures in place to mitigate this risk for now. I meant to find out how many folks involve the Fed -- that's all.

Thanks,
Dan

Originally posted by CagedTornado


Imagine how we feel.

:)

And about 90% of the fraudulent orders are coming from Indonesia.

You can guess what words fly to my mind when I hear about that region of the world now....

Dan

Use this .htaccess file and Indonesia will never order anything from your website :)

If you ever want to get updates off the htaccess file NinthSwat just posted, just go to http://www-hosting.net/denied.html

I tired to update it as much as once or twice a week depending on the amount of emails I get from others hosts with additions to the file.

As always, if you have any ips to add to the list, email me at gary@www-hosting.net and i will include it in the next update.

To guarantee you never get a single fraudulent order, just use:

<Limit GET POST>
order allow,deny
allow from all
deny from all
</Limit>

:D

We use a toll-free phone verification process which requires them to call in to a toll-free number (for USA/Canada) or a USA landline number (international), and provide the last 4 digits of their credit card number and order confirmation number. The call must originate from a phone number which is verifiable.

This feature does not lose us any customers, even those who are afraid of the phone. The process is automated and there is no need to talk to a human.

This works really well and prevents fraud. Most fraudsters would not dare to provide use their real phone number.

Regards,
David

OK -- now I'm interested. Is this a service that you get through your merchant account, or is it something you pay for monthly, or is it something you built?

Thanks,
Dan

Self-built. It isn't too hard to do, you can do this at places like TellMe.com with its voice XML services. I'm not sure if they provide free trials anymore, but they did when I signed up a long time ago.

This is exactly what I do as well.

David, I emailed you many times - No replies - Did u get them?

If I haven't replied to you tonight, please send it to me again. CPanel glitches on a server, and some of my mail was not delivered.

Regards,
David

Did you know now that they have postal inspector agents? i was reading how they show up with the FBI on quite a few raids. Technically the Postal Service is now in charge of email fraud and partial of certian forms of electronic communications. Wierd huh?

Some times you can recognize that it is a fraudulent when they send in their order. Especially when they try to sign up using the same email address four times on different credit cards before they find one that is accepted.

Something I started doing was calling the name on the credit card and informing them that some low-life is using their card. I called one guy last month and he had no idea his card was being used.

He called me back the next day to thank me and mentioned that the guy had been charging up a storm buying jewlry and ordering other hosting.

Originally posted by CagedTornado
I didn't mean to start a thread on how to prevent fraud -- I feel like we've put measures in place to mitigate this risk for now. I meant to find out how many folks involve the Fed -- that's all.
We have never had a fradulent order that originated in the United States, everything has been from abroad (although they almost always use North American names and addresses for the billing address). I don't know what good it does reporting it to the US Secret Service if the fradulent order is from somewhere in Asia.

I generally do a card lookup and call the card issuing bank and let them know. The bank is ultimately the one that's getting burned, so I leave chasing after the perps up to them.

So we remove online processing and we approve every customer manually. Just ask them for signed order form faxed or emailed to you. Check order IPs. About 30% of our order are fake from Indonesia, India or Russia.
But make sure we host customers from Indonesia or Russia but we require signed order, both sides card copy and passport copy with name and address to prevent hisgh risk and fraud.
We have 0% chargebacks. Think about it.

peter
peter@westmaster.com

Originally posted by inkhead
[BTechnically the Postal Service is now in charge of email fraud and partial of certian forms of electronic communications. Wierd huh? [/B]Actually, I don't believe it's the case that the Postal Service has any authority over email or electronic communications directly. But most schemes that originate or are propagated in email use regular mail in actual operation. That's where their involvement comes from. They're also linked into some credit card fraud cases, if the numbers or cards were stolen from mailboxes.

I would say: let me investigate :)

I agree with west, we manually process our orders, we are a small business so we can spend a few minute on our orders:

1) http://www.whitepages.com . Are the phone and address the same of the credit card's owner?

2) Traceroute or (better) visualroute. Are IP and address in the same state (or area)?

If we are in doubt, we ask a confirmation by fax. Easy.

Ok, I'm paranoiac :rolleyes: ;) Let me say that we have 0%chargeback and we have seen *several* frauds coming from US too (maybe through proxy servers) , I think that the .htaccess is not a 100% secure method....


(my English needs more lessons! sorry)


Alberto