I was wondering if there are any standardized steps that you guys and gals use every time you get a new order for fraud protection and authentication....

Thanks in advance

I usually do an IP whois on the IP address that signed up and verify it against information used to sign up.

I also verify the name on the account/credit card against the domain name registration.

Finally, I often verify by phone if I have any concerns.

Hello Bobby, this is an old thread I started a while back and hopefully is still helpful.

Forget the pre-amble. We have learned that many cc fraudsters use us web hosts for more reasons than "fun", i.e; "Let's see if this credit card is valid", etc...

http://webhostingtalk.com/showthread.php?threadid=22007

Step 1: Hosting website
Step 2: ...
Step 3: Profit!

Seriously though, get all the information you can from the user and their connection. IP address(es), proxy servers, address, non-free email address (ie: no hotmail, yahoo, gmx, etc.). Then do it again :).

Most importantly, if you're concerned with security ensure you get at least 2 contact phone numbers in the same region as the card. Even though we use 2Checkout for international transactions it's always nice to call a client and at the very least see how things are going.

Sincerely,

-Matt

beside our processors fraud testing there's usually a few things we do in addition to that.

whois check
google check
IP trace
news.admin.net-abuse check.

Suspect orders generally show up something odd somewhere if they've been previously hosted elsewhere.

archive.org can be handy sometimes too :)

Naturally it's not done for *every* order, but you do get the odd one that smells a little fishy.

Greg Moore

1. Order comes in
2. It goes into Paysystems pending area
3. We cross check IPs against location
4. Cross check address with WHOIS
5. Check current site content
6. Check out the user's current host
7. Wait for Paysystems to do their own fraud checks (AVS etc.)
8. Goes into the Paysystems settled area
9. We setup the account

Finally if we are still not sure we get Paysystems to call the card owner. We also do a few other checks which I am not going to reveal in public for obvious reasons :)

Our payment gateway (PayStamp.com) checks the address entered against the address of the card holder, and if i have any problems i just telephone the customer for a chat.