Hello all, just out of interest how do you people who process online payments check that the person who is said to be buying the product/service is actually them?

Is there anyway to check that the person signing up for the hosting is using their own card? So you know the card isnt stolen/borrowed etc?

Hope to hear your opinions

Aaron Luckie

I've heard of some host making people scan a picture ID and the credit card.

For processing payments I use http://www.2Checkout.com and they handle everything. As I know they have payment subsystems which monitor frauds based on IP address, e-mail, country etc. Of course, you pay them their commission for handling payment issues.

Some services do require you to fax your id before they set up the service, but that leaves you unable to verify any of the proper security measures on id's and can easily be faked, so that's not a very good solution - more fuss, delays, work than it's worth.

One thing that you'll have to come to grips with is that you will be one or two steps behind the fraudsters if you have an online business. They are very good at making their activities seem legitimate. Well, some of them - the elite... there are plenty of whackers out there as well who haven't mastered the art of fraud.
Another issue with online ecommerce is that the card schemes have not built their systems with the online world in mind. Credit cards are very easy to steal. If you sell intangible goods online, you will have very little leverage with the card schemes in terms of fraud protection or liability shift. Some will come from supporting authentication schemes such as AVS (address verification system, US only), 3D secure (Verified by Visa and Mastercard SecureCode), but the usability is less than ideal and you will face a higher number of lost payments due to people bailing out.

There essentially are four ways to fight fraud:
1. Making the service unattractive for fraudsters by making it too costly
The economics of big time fraudsters are to resell the goods that they get - let it be calling cards, hosting or tangible goods. You could limit the amount of service you give or how many times you'll allow to reuse the financial instrument for payment across accounts. You also have the people who do fraud for their own benefit only without long term plans and this measure is not very effective against them.
2. Using passive measures to detect fraud
This can be done by looking at the credit card information, PayPal account information, looking at e-mail addresses, user purchase IP's, service usage IP's, payment method countries (and correlating the latter three against each other), shipping countries, IP host information (hosting company, subnets, addresses, geographical locations), and most of all the dynamics of your own services - how people use your hosting service for example, what goods do they have uploaded, what are the usage patterns, how fast does the account get active, bandwidth dynamics, content source, email activity, time spent in the control panel, which settings will be set up first etc. The latter possibly is the most useful of them all. Fraudsters are good at playing the credit card markets etc, but they may be trailing behind you by one step with your own services. It should be mentioned that pattern detection only works well when you have a significant amount of data to train for chargebacks and fraud and detect the patterns.
3. Using active measures to verify the customer
Credit card verification (making a small charge, adding a code as description and asking the user to type it in from their bank statement - the downside is the time it takes to activate customers like this and the increased abandonment rate), ID verification (not super useful in a global business and in the world of low-resolution transfers), mobile phone verification (again rather easy to defraud, but your may be able to drive up the costs for fraudsters with this), phone verification (although the fraudster may be on the other end as well). The safest way is to have your customers come by your office, but it obviously has the downside of less business for you, as the customer has a higher barrier for entry
4. Using safe payment methods that guarantee no fraud
Moneybookers, wire transfers (caution: some of them can be charged back as well, but it's not very common), ...

Hi!
Moneybookers is not what I would call a "safe" payment method.

In fact..I have heard the fraud amount related to that service is very, very high. Has this changed? I doubt it. I know of very few mainstream hosts that accept payment using that system.

Bryon

Hi!
Moneybookers is not what I would call a "safe" payment method.

In fact..I have heard the fraud amount related to that service is very, very high. Has this changed? I doubt it. I know of very few mainstream hosts that accept payment using that system.

Moneybookers offers merchant chargeback protection by not passing anything on. At least that's the service we used (maybe they have added some non-fraud protection options as well). There is a higher cost and a usability impact from their verification, but at least there is no fraud and business continuity risk.

The reason not many people use them is that they simply are not as widespread as straight up credit cards, PayPal and the like.

If you can back up your high fraud claims, I'd be welcome to broaden my horizons.

Hi!
Well..all I could find were a few threads on odd practices and people having problems withdrawing money with google. As I pointed out...it has been quite some time since I even heard them mentioned...but everything I read about them was negative.

I honestly wish there were alternatives to Paypal. I know first hand some of the things they do..and are far from pleased about it. However..I can't afford to use anyone else at this point.

I'll do a search on here..and see what I come up. Perhaps I was misinformed.

>>>Interesting..take a look here:

http://www.webhostingtalk.com/showthread.php?t=609094&highlight=moneybookers

particularly:

>>>>>
if you feeling comfortable using moneybookers then i think you should stick with it. once i want to use moneybookers too, but when i ask them whether they allow webhosting services to use moneybookers they said no. i think it's strange why they didn't allow hosting services.
<<<<<

ohho! Good reason not to see many hosts offering moneybookers, then.

>>The second thread I looked at echoed the same thing:

i wonder why the say they didn't accept web hosting services when i ask if i can apply merchant account.

Looks like the end of line on that.

Bryon

Hi!
On a whim..I signed up for a personal account.

Web hosting is *NOT* on the "prohibited" list..so I emailed them about it.

Bryon

Check if IP/billing country matches. (easy to fake)
Check if AVS matches. (also easy to fake)
Phone them to chat :)
Ask to fax driving license/passport. (99% good way to avoid fraud)

Also you can use some 3dparty fraud screening that will do all that for you.

There are few ways to ensure that who you have is really who they are, not all of these methods are convenient and widely used, but just as FYI or possible ideas how to ensure your business, here are couple:

Confirm contact details - Always confirm if the address, phone number and email address given to you by your trading partner belongs to the same company. If a trader provides inconsistent contact details, for example an address in the USA and phone number from another country, we recommend you look up the address in the local phone directory and obtain the local phone number, and call this number to confirm that the person you are in touch with actually works for the company. Problem: You can't really look up all of your customers in local directories, but it's one way to avoid fraud...

Check partner's background - Background checks from independent 3rd party sources include a search for legal registration and credit reports. In many countries the existence of a company and its legal status is a matter of public record.

Samples, samples, samples... - As a buyer, order a sample before committing to a purchase order to be sure that the product meets your expectations. As a seller, request payment for a sample and/or payment for shipping costs before you send out the sample, especially if your product has a high resale value.

Pay attention to shipping addresses - Pay close attention to shipping or contact addresses located in regions with high reported incidences of online fraud, such as Eastern Europe, Western Africa and Central America.

Fake e-mails - It is possible for anyone with some technical knowledge to send an email with a fake address. When you receive an email from someone you know or whose email address appears legitimate, but the message of the email looks suspicious, you can verify whether the email came from the person whom the sender claims to be by using few simple methods, for example - contact the person via phone, alternative e-mail if provided, letter in a mail and etc.

Pay close attention to the IP - Although this can be easily faked, pay attention to the IP addresses, for example, you have USA customer, who first logged from US IP, and left US mailing address... would be very suspecting if the customer ordered from Hungarian IP address... (he might be on vacation, but be sure to contact him on other ways to ensure that).

LB