I'm just curious what steps others take to prevent chargebacks. Personally we have implemented a few methods:

Fraud Guardian
A physical Mailing to the customer (more than just a welcome letter).


We are looking at what other methods we might be able to add to further mitigate any "Potential" chargebacks.

Charge back is a huge problem... We can't even dispute because our services fall under virtual item.

As for preventing the chargeback, we tend to review every order and veirfy the order by calling the customer. Most of the time we can tell right away that its a fraud beacuse the signup name is different than the credit card name. And sometimes the Logged IP is different from the geographic area where the credit card and the billing info belongs to.

Alot of times when we call to verify orders, the phone number is either not working or no one picks up.

Use common sense. It's a great tool and rarely lets you down. Check the ip location, call to verify the order etc. . .

and the big one

if your instinct tells you not to take the order but everything else seems to check out, don't take the order.

We use an integrated version of Maxmind's antifraud system, which checks IP location and a whole range of other items upon ordering.

Secondly we do a manual check as well.

If you see too many different addresses then you should be very cautious.
For example, someone signs up for an account and uses Paypal.
Only yesterday we had such a signup, where the email address and name of the client, the Paypal address and the domain owner were completely different.

What we do in such a case is to send an email to each one of those addresses to ask for verification. Each email has a different code inserted into the subject. We need verification from all three addresses before we proceed with setup.

In our own case from yesterday, the client replied from all addresses, but they turned out to be forged because they did not include the original code which we sent. It turned out the customer simply forged the email address to show as if it was coming from a different address.

Other things you can do is to ask the client to change for example the second nameserver of the domain to something you want. If that works then you can verify that the client can access the domain in question.
Or you can of course do the phone verification too.

The more verification you get, the more sure you can be that the order is legit.

But as the previous poster said, if your gut feeling says that you should decline the order, then do so.

Another tool you can us is http://www.chargebackprotection.org/

I hope this helps.

Use common sense. It's a great tool and rarely lets you down. Check the ip location, call to verify the order etc. . .

and the big one

if your instinct tells you not to take the order but everything else seems to check out, don't take the order.

Thats what we do and I don't think that we've had any fraud orders sneak by in the past year.

Good advice! We do the same thing and call every order. It's absolutely the best way of avoiding fraud.

In my opinion, phone verification is not a guarantee.

I mean, what if the fraudster who signs up gives his own number (I know that's stupid, but you'd be surprised what they all do!).
You call him and of course he will say that the order is correct.
I know of several instances where this has happened. Not personally, but I know from others.

Any verification should not be done alone, you will always need several different verifications to make sure an order is legit or not.

It is hard to guard against. We use AWBS, and fradgrabber (service provided by AWBS billing software) and reduced fraudrant transactions significantly. But, they do come back time-to-time. fradgrabber uses IP-to-Location type verification to verify user's home address with IP location. I see abusers getting smarter and use a home address where IP is located, and transaction goes through.

We also verify ip location mannually, which we implemented ourselves using ip2location database.

http://www.iplocation.net

You'll just have to make your best judgement. Fraudrant transactions in many cases use domain names that starts with onlineXXX or accessXXX (and the like) to use in phishing purpose. Beware of those domain names.

Phone verification is a good one but fraud orders can use virutal numbers as such through Skype so you need to keep that in mind.

Manual checks of the domain whois information may also help although many don't keep that info updated.

IP location checks are a good method to help as well.

We use LinkShield and Verified by Visa / MasterCard Secure code. A lot of times, we will also ask them to sign a statement authorizing the signature.

Some things to look for to scrub the transaction further:
First Time Buyer
Larger-than-normal orders
Orders consisting of several of the same item
Free EMail Address
Address Verification Service (AVS)
IP address does not match billing information
Orders made up of big-ticket items
Orders shipped rush or overnight
Orders shipped to an international address
Orders shipped to a single address but made on multiple cards
Multiple transactions on one card or similar cards with a single billing address, but multiple shipping addresses
Multiple cards used from a single IP (Internet Protocol) address
Of course some of the above does not / cannot have anything to do with hosting but it might help some of the users on this board or it might help some of the your customers.

This is what we do for large orders. normaly I am not concerend with the $5 per month shell customer but if someone is buying a $100+ per month dedicated box then we definatly want to check them out if its their first order.

We require full name on card, billing address and billing phone number (the number the bank might use to call the customer) as well as the other usual stuff.
We first check the IP to make sire its at least in the same part of the world as the phone, address info is and check for strange differences between billing and contact info. Its not uncommon for a person to buy somethign with a card under a different address (firend, parent, old address). We also look for IP blocks belonging to countries which tend to generate fraud.
We then call our merchant account customer service line where they allow us to enter in the card number and will give us back the phone number belonging to the card issuing bank.
Now armed with all the order info card issuing banks phone we call the bank and navigate our way to a customer service rep. Sometimes there is a special option for merchants to use to get to the right department and other times you just have to get a normal service rep.
Now banks are under no obligation to tell you anything so its best to start right off in a highly professional mannor and introduce yoruself, yoru company and that you want to verify a charge made by a customer on a card issued by that bank. Then proceed to read off every part of the order form name on the card, to exp date, to sec code, to full billing address and phone number of the customer. The bank may refuse to confirm the phone but they normaly wil confirm every other part of theinfo. They will never give you the info they see but wil siple say its accurate or inaccurate.
Now the key here is you confirmed the card holders name and their home phone number so now you can phone verify with above averge confidence that you wil be talking to the real card holder.
The only flaw here is kids using their parents cards without permission but if this results in a charge back you simple call the card holder andplay back the recorded phone authorization and I am sure there will be one very grounded kid. This has happened a few times each year here and many times the parent will apologize and reauthorize the payment.

This isnt perfect and it can be time consuming but in higher risk situations its well worth it. Almost all US banks wil be very cooperativer but international onces can be a pain.

And always record conversations with your client and have them confirm their card number, their name, the date of the purchace and the amount because having this can mean the difference in winning or losing a charge back when the dispute comes in. You simple submit the recording back and they almost always lose if you were indeed speaking to someone who remotely sounds like the card holder.

Another option you can use is a "letter of non-dispute" which youc an find online pretty much anywhere. Although this is time consuming and sometimes frustrating for the customer you shoudl use this in any really large transaction such as over $1000. It will include a signed statement where you fill int he amount, the card holder name, the date and what they bought which the customer signs and also includes a photocopy of their photo id and front and back of the credit card. This too is very difficult for a bank to ignore when youssend them this in answer to a charge back.

But nothing beats prevention...you can fight charge backs but its far better to not let them occur in the first place. This means keeping your customer happy and not pissed off because your customer service sucks and doing common sense checks to catch the obvious cases. Also keep a log of every single fraud ip, email, name, address, phone, and everything else you take in on orders. And scan your :blacklist" for new orders with similar information. Frauders like to hit the same places more then once especialy if they got away with a couple months of service before the chargeback came through.

i have done everything in my power to prevent chargebacks. i have followed paypal protection policy to the T and still got nailed!

that really pissed me off. as a matter of fact, the transaction its selft said i was covered by the policy (i am the seller)

yet i was still subject to the chargeback and never got my item back!

if you want to be really worry free about a transaction, use www.escrow.com

Cardholder authentication (Verified by Visa/MasterCard SecureCode) is a great way to reduce your merchant liability on transactions. It can effectively block around 60% of the most common chargeback reason codes centering around the "I didn't authorize it" responses.

In addition, verifying new orders automatically by phone order verification is a very powerful tool. The simple fact of the matter is that fraudsters do not want to be able to be reached over the phone. They are extremely adverse to this and so any system - whether manual or automated - that verifies them at the phone # they state they are at is a very useful tool against fraud.

Cardholder authentication (Verified by Visa/MasterCard SecureCode) is a great way to reduce your merchant liability on transactions. It can effectively block around 60% of the most common chargeback reason codes centering around the "I didn't authorize it" responses.

In addition, verifying new orders automatically by phone order verification is a very powerful tool. The simple fact of the matter is that fraudsters do not want to be able to be reached over the phone. They are extremely adverse to this and so any system - whether manual or automated - that verifies them at the phone # they state they are at is a very useful tool against fraud.

How do you handle new orders that are placed during morning hours, clients outside your Country, etc? Do you simply make the call no matter when?

We've been hit with a couple chargebacks this month. Never fun.

How do you handle new orders that are placed during morning hours, clients outside your Country, etc? Do you simply make the call no matter when?

We've been hit with a couple chargebacks this month. Never fun.

If an order is placed during the early morning hours, then call to confirm later when it would be more appropriate. Call people outside of your country...you just have to dial a few extra digits. If there is a time zone difference, then try your best to coordinate when it is appropriate for both parties.

If an order is placed during the early morning hours, then call to confirm later when it would be more appropriate. Call people outside of your country...you just have to dial a few extra digits. If there is a time zone difference, then try your best to coordinate when it is appropriate for both parties.

Honestly, this sounds like it would cost more then the 1-2 chargebacks we do receive every couple of months, let alone a lot of work. We'll just keep playing the "use your gut feeling" game for now I think.

Honestly, this sounds like it would cost more then the 1-2 chargebacks we do receive every couple of months, let alone a lot of work. We'll just keep playing the "use your gut feeling" game for now I think.

You don't just have to worry about chargebacks but also security breaches. If you are activating accounts of people that ordered for malicious purpose perhaps they can break into your server and see other customers data? What if they start sending SPAM and your server is unplugged?

Those are just some examples.

i have done everything in my power to prevent chargebacks. i have followed paypal protection policy to the T and still got nailed!

that really pissed me off. as a matter of fact, the transaction its selft said i was covered by the policy (i am the seller)

yet i was still subject to the chargeback and never got my item back!

if you want to be really worry free about a transaction, use www.escrow.com (http://www.escrow.com)

If your refering to paypal you should note a few things about papal seller protection. It only covered tanible items shipped with a tracking number. If it says you qualify and you shipped an item and can prove it was delviered to the address listed on paypal then paypal will cover you up to$5000 per year. but remember if you get alot of charge backs paypal in a short time paypal might have reson to believe your causing or promoting bad transactions and might find it in their best interrest to pull the plug on your protection at any time. Ideally you shouldnt get more then 1% charged back then your total paypal monthly income. This means if you sell $1000 per month dont let charge backs be more then $10 per month.

for credit card payments records the call, get them to sign a letter of non-dispute, or fax in a photocopy of the card and picture ID. call the bank and verify all the info especialy the phone number if your not shipping an item. This way you can know the person you called and voice recorded authorization is most liekly the right person. Although we sometimes get kids using parents cards that lead to charge backs but playing back the recorded authorization normaly results in the chargback being cancelled with apologies and a certian kid being grounded.

Most of all common sense. It if looks bad check into it deeper or just refuse the order.

If your refering to paypal you should note a few things about papal seller protection. It only covered tanible items shipped with a tracking number. If it says you qualify and you shipped an item and can prove it was delviered to the address listed on paypal then paypal will cover you up to$5000 per year. but remember if you get alot of charge backs paypal in a short time paypal might have reson to believe your causing or promoting bad transactions and might find it in their best interrest to pull the plug on your protection at any time. Ideally you shouldnt get more then 1% charged back then your total paypal monthly income. This means if you sell $1000 per month dont let charge backs be more then $10 per month.

for credit card payments records the call, get them to sign a letter of non-dispute, or fax in a photocopy of the card and picture ID. call the bank and verify all the info especialy the phone number if your not shipping an item. This way you can know the person you called and voice recorded authorization is most liekly the right person. Although we sometimes get kids using parents cards that lead to charge backs but playing back the recorded authorization normaly results in the chargback being cancelled with apologies and a certian kid being grounded.

Most of all common sense. It if looks bad check into it deeper or just refuse the order.


There is a difference between PayPal-level chargebacks/disputes and bank-level. You should be able to win any PayPal-level dispute because you are selling a service. PayPal does not provide their customers with buying protection for services (at least this was how it was in the past, I don't know if things have changed).

As for recording calls, be very careful. There are a lot of laws regarding that and it varies from state-to-state. I recommend that you seek legal counsel for that issue.

If you are not high volume, you can get FraudLabs.com credit card fraud check for free. You can use it for 90 queries a month. They have a web based deal where you send a query to their server or you can use their Windows client to do it.

Another tool you can us is http://www.chargebackprotection.org/




I don't know if I want to sign up for this website or give them any information about me or my customers since they have no contact address and is using WHOIS guard. I have no idea if they are legit or if this is legal.

This is a great idea if it is legit and legal... I guess I would need to talk to my lawyer about it.

There is a difference between PayPal-level chargebacks/disputes and bank-level. You should be able to win any PayPal-level dispute because you are selling a service. PayPal does not provide their customers with buying protection for services (at least this was how it was in the past, I don't know if things have changed).

As for recording calls, be very careful. There are a lot of laws regarding that and it varies from state-to-state. I recommend that you seek legal counsel for that issue.
The paypal protection program will protech you the same no matter the type of charge back or claim. You do have to follow the same rules and ship to the conrfirmed address with a tracking number. Paypal wil absorb the charge back even if th ebank wins paypal will let you keep th emoney as long as you shipped to the confirmed address.

The paypal protection program will protech you the same no matter the type of charge back or claim. You do have to follow the same rules and ship to the conrfirmed address with a tracking number. Paypal wil absorb the charge back even if th ebank wins paypal will let you keep th emoney as long as you shipped to the confirmed address.

I am talking about PayPal disputes. If a buyer tries to dispute a purchase of a service, they technically are not able to. If you are the seller, you simply state that the sale was of a service and the dispute should be closed in your favor. There is definitely a difference between service versus good and PayPal charge back versus bank-level charge back. Also, there is no address to ship to when a service is the item.

Josh you have a lot to learn about Paypal.

If I, as a buyer, felt I had been sold a service fradulently and Paypal refused to do anything I would take it up with my bank.

If it was a debit/credit card purchase I could then issue a chargeback which would hit Paypal and paypal would hold the seller accountable.

If it was echeck I can still, with my bank, issue the equivalent of a chargeback. Not all banks support this yet, but more and more are starting to.

In other words, just because paypal closes a dispute that means nothing.

If you are not high volume, you can get FraudLabs.com credit card fraud check for free. You can use it for 90 queries a month. They have a web based deal where you send a query to their server or you can use their Windows client to do it.

Services like FraudLabs, MaxMind, and other who only provide GeoIP/proxy detection CAN NOT be used as your ultimate decision maker on transaction acceptance. It is good to "be advised" of the response(s) they provide but relying on it compeltely would be a mistake.

I.e. if you have American cardholder traveling in France using his yahoo e-mail address, transaction will get over 3.5 fraud score for sure (with MaxMind). In such cases only VbV/MCSC will let you to accept this transaction worry free.

Josh you have a lot to learn about Paypal.

If I, as a buyer, felt I had been sold a service fradulently and Paypal refused to do anything I would take it up with my bank.

If it was a debit/credit card purchase I could then issue a chargeback which would hit Paypal and paypal would hold the seller accountable.

If it was echeck I can still, with my bank, issue the equivalent of a chargeback. Not all banks support this yet, but more and more are starting to.

In other words, just because paypal closes a dispute that means nothing.

Larry,

I have been with PayPal since they started up and unless things have changed, what I said still is the case: PayPal buyers do not have any protection if they are purchasing a service. That means if a buyer starts a dispute via PayPal, their dispute would most likely result in being deemed invalid. Again, as I mentioned previously, bank-level disputes are a different story and I was not discussing that.

Take care,

Josh