We have been doing business now for 7 weeks with hosting. Prior to that we really only hosted sites that we designed on our dedicated servers for customers. We have about 50 new customers in that time.
My question is I am seeing a lot of fraudulent transactions. I just had a person call and ask about a charge on his card. All the information we had for him was correct , address etc.
The last 3 orders that were placed with us all had approvals but AVS said there was a discrepancy so I did not process them. And when I emailed the so called customers none wrote back with the correct billing address and when I called the 3 numbers were wrong. I have had 6 fraudulent orders in the last 2 weeks for dedicated servers. All were authorized not captured so I tried to contact the customers and the phone numbers were wrong etc. If I went ahead and processed all the orders that came in I would easily have 80 - 90 new customers Does this happen a lot ? Is anyone else seeing this? What do you do to help prevent this?

I had $15000 of fraud in just over a week :)

I'm finishing off the beta version of some fraud software atm - will have a production version in about 8 - 10 weeks

oh, and yes it is very common

only thing you can do is voice verify or get a copy of the signiture.

Only when you see the credit card yourself and get a signiture are you safe.

Hello,

Yes, it happens quite often with us as well. It's really bad, we had 3 cases that even it was captured, then real owner had requested a charge back.

Most of the CC frauds are from Malaysia, Indonesia, India. Has anyone noticed that they pick up the most expensive package of yours ?

They all had chosen our annually and the most expensive once.

Hope one they this issue will be solved.

It's hard to say most comes from a certain place.

You have different types of carders etc

In 3 months, I picked up 70 000 stolen card numbers - most are from traders in the USA ;)

Originally posted by hosticle
It's hard to say most comes from a certain place.

You have different types of carders etc

In 3 months, I picked up 70 000 stolen card numbers - most are from traders in the USA ;)


:eek:

I've been so lucky as to not have this problem yet, although I use HostCharge so I would imagine they would help in spotting the transaction (considering they hand verify all orders).

How do you take care of a situation like that? Im no expert at credit processing as I let HC handle the processing but what is involved with knowing which are fraudulent and which are not???

IP Address - check it matches the country specified on the form

email addy, if free, verify the order with one of the coloured pages or over the phone. if email addy is l33t, most likely fraud - do above

CCNUM, check it against list of stolen

Incomplete form

proxy server running from IP

ccv2 doesn't match that on card

things like that

You still have your first time carders, or casual carders who dont hide any details because they know authorities dont give a **** about us merchants and everything checks out (till you get your notice of chargeback)

Not much you can do here, but you can definately decrease the rate by following the methods below:

1) If the majority of your fraud is from Indonesia and other developing countries you can use the fraud checker script I posted on this forum long time ago that allows you to redirect people from those countries to some other page. Its free and has complete source, it has done wonders for me. Earlier I used to receive like 5-6 fraudlent orders from those countries every month, now I ask the users to fax a form in case they wish to place the order. Genuine users have had no problem doing that. :)

2) And if you want a much more crude method then you can just ban all the ips from your apache. There is a post in this forum which lists all the fraudlent IPs

3) For customers from US and all you can just call them and try to confirm the order, if you live outside US where international calls arent cheap you could just use net2phone and other ip>phone software to do the same.

Good Luck! :D

Maybe transactions that don't match 100% (AVS, CVV2, etc.) you could require the first month to be from PayPal or something instant?

We had $50 in chargebacks this month and every single order we traceroute the IP to resolve where it came from and try to reverse the phone #, THEN we run it through AVS. The was the worst amount of fraud we have ever had. But generally we get 3-4 orders a week of fradulent signups.. It happens. *grumble those Indonesians *.id*"

Fraud really gets under my skin - so much wasted man hours.

We ended up building a Perl subroutine to check the IP address against ARIN, RIPE, etc.. for the most likely originating country.

We then basically use this routine along with the other basic checking of billing info fields.

If someone enters a country for their billing address that does not match what whois indicates, then we just show a "transaction declined". It has worked like a charm for blocking more than 90% of the fraud orders we received daily.

So did u guys lose all that money? And what about the people who did it? did you guys catch them or anything? I think thats pissing, you work hard and some gay cheap people try to fool the hosting master and the REAL owner of CC. Thats just sad:mad:

Its not that easy to catch them mainly because there is no underlying authority to check against such frauds. So over here Prevention is better than cure :D

We were hit real big by someone taking advantage of our affiliate program by submitting tons of fraudlent orders. Unfortunately, we did not have not much fraud before this, so we did not police our orders very well. We lost some major cash to these thiefs.

Yet, we learned our lesson... and have taken major steps to eliminate fraud, and have been very successful. We accept NO International orders. We have a script that checks every IP, if we get an International client trying to order, our order form re-directs them to a web hosting service affiliate program that does accept International orders. This way, we are still able to receive some profits from denying all International orders.

Second, we require AVS and CVS #s to match. If not, order gets declined. Some may say that these strong measure could be driving legitmate business away. Yet, we have found that legitmate customers that really want to sign up, fix the AVS/CVS errors and end up signing up any way.

We do not have the time, nor wish to play around with any funny business. It may not work out for all, but this has worked out great for us.


Wyatt

Originally posted by Mythril
... I think thats pissing, you work hard and some gay cheap people try to fool the hosting master and the REAL owner of CC...

pissing?
gay?

I don't think it's urinating or happy. It sucks.

Some unparliamentary words!!!!

check out eFalcon Fraud Screen. It works with VeriSign's PayFlowPro credit card processing service. It checks againts a ton of stuff and then returns a number from 1 - 999 depending on the probability of fraud then you decide what your risk is and set a threshold and any transactions above your threshold will be denided even if the cc number is vaild and there is sufficent funds.

Originally posted by wyatt12
Second, we require AVS and CVS #s to match. If not, order gets declined.
Hello Wyatt,

I couldn't agree more with the above statement, those are simply the two most affective ways of cutting out any potential fraud before it even starts. I have my verification process setup the same as you do, if at least part of the address (street or zip code) and CVV2 #'s doesn't match, then the transaction is automatically declined. Since I'm shipping tangible goods, I only ship to the billing address of the cardholder and keep tracking information, so I'll have documentaion showing that I shipped to the actual card holder in the event that the word "chargeback" gets tossed my way.

I also, don't accept International orders via the website, but will sometimes manually take them after hand verifying any inquires from International customers who would like to pay via credit card.

Best of luck,

David