I got my first chargback today. Can anyone tell me what I am supposed to do exactly. It says that I can fax them with a rebuttal but I dont have one. I mean the card that was used was stolen I know that now so they can have the money back. I mean the account uses no space or bandwidth. What to do?

Well

You need your records

Invoice, Contract, Something.

All of my clients sign a contract agreeing to my Terms of Use before a account is live.

Also invoices, if they sign that, then in regards to a charge back, you should get the money.

They do suck though, I would say produce paper work.

Joe

If you now know that the card was stolen and you are happy to pay the money back... just do it and delete the account.

Cooperate with authorities in the unlikely event you are asked to and just try hard to confirm everything you can about each sale in future.

It is extremely time consuming but I have checked every sale before it's settled and if any one thing doesn't add up, then I put the card settlement on hold until I'm sure.

I had a guy almost get away with a $268 sale last week and he beat the AVS system even with an Indonesian address in the USA...????

If I'd left it, it would have eventually turned into a chargeback.

I agree with that also.

Originally posted by felix220
...
I had a guy almost get away with a $268 sale last week and he beat the AVS system even with an Indonesian address in the USA...????
There must be some kind of credit card fraud ring in Indonesia, because the majority of credit card fraud we've had has come from there (using American/Canadian credit cards and billing addresses).

What you *must* do is record the IP number and host address when you take an order. If the host address is in Asia (for example) and the credit card billing address is in the US, you know something's not right. One other thing consistent with fradulent orders is a free (Hotmail, Yahoo, etc.) e-mail address, although that in and of itself is not a definitive sign of fraud. The best thing to do when you're not sure is to call the person and confirm the order over the phone.

Joe:
How do you manage to prove contract signature etc.? Don't you conclude the contract with an online form where the client just clicks on a "buy now" button or something? So what evidence can you provide about the deal - just a paper copy of that form?

I would say about 90% of the chargebacks we used to get came from Malaysia. If you know it is a valid chargeback for a stolen card there is nothing you are required to do. Just let the merchant account take the money back and for your sake you'll want to take down whatever they paid for with that card.

Actually we have a Terms of Use form that needs to be downloaded from our web site.

It needs to be signed and faxed back. We also use a AVS system, and have contact with all of our clients before we get them live. We also make them verify that every invoice is correct and have them email us a authorization acknowledgement. We dont use a real time system, because of fraud.

It takes minutes to get them up, but hours upon hours to deal with a fraud case or legal issues.

I would rather put in the extra time upon sign up, then a ton of time at the end.

We havent had one fraud case yet, and hope to maintain that.

There is no way to make sure 100%, but we feel that since this works, continue to do it.

We have also lost clients because of it. They dont want to sign it, or deal with the process. We look at that as time and money saved, because if they cant sign a simple form, and verify a few things, there is something wrong with that.

Maybe its extreme, but it works, and with no chargebacks to date, if its not broken, dont change it. Also most of our clients seem to like it anyway. They like the feeling of security, in a internet world that is unsecure.

Joe

[Edited by JBIZ718 on 03-24-2001 at 12:10 PM]

Originally posted by felix220
I had a guy almost get away with a $268 sale last week and he beat the AVS system even with an Indonesian address in the USA...????

A little-known fact about AVS systems: the vast majority of AVS systems only check numerical digits of the address and first five numerical digits of the zip code. This, actually, makes it easier for someone who knows this fact to commit fraud.

For example, let's say someone from Indonesia steals the wallet of an American tourist. This person now has the tourist's credit card number, but he also has the person's address as well.

Of course, the crook knows that you as a web host would be very suspicious if you saw a U.S. address in the form but an Indonesian phone number, e-mail address, and IP address.

So, they take the numbers from the American's address and put it into an Indonesian address that they use to submit the signup to. For example:

Let's say the American's address is:

296 Huntington Avenue, Apartment 43
Boston, MA 02115

The Indonesian criminal puts the following address in your signup form:

Address: 29 Petaling Jaya 64/3
City: Jakarta
Postal Code: DM0 21Y 157
Country: Indonesia

Guess what? In the vast majority of situations, the AVS is going to give that fraudulent transaction an a-ok, thumbs up - because if you look close, the digits match just fine. And the address doesn't ring any alarm bells with you, either, because it sure looks like an Indonesian address, and you can check easily enough and see that Jakarta is a city in Indonesia. The only thing that might ring alarm bells is the odd postal code - but even that wouldn't unless you happened to know the "normal" layout of a postal code in Indonesia (which I honestly don't and I doubt very many hosting companies would either - so it wouldn't generally set off any alarm bells).

So... yeah, it's really easy to fool most AVS systems.

Jason

Is the "A" in AVS here Address and not Age ?

AVS = Address Verification System

My favorite is when someone signs up, doesn't do much with the service, 6 months or so later cancels then charges back saying "Well I didn't use the service so I shouldn't pay."

Try telling that to the phone/cable/electric company.

Jaiem, heh ;) And there's lot of 'customers' of this kind. And when he signs off, you'll eventually notice, that his maillog is full of spam ;)
30 days moneyback, and nothing more... :E

Originally posted by Jaiem
My favorite is when someone signs up, doesn't do much with the service, 6 months or so later cancels then charges back saying "Well I didn't use the service so I shouldn't pay."

Try telling that to the phone/cable/electric company.

This happens a lot to us.
Its not grounds for a chargeback though.
Fortunately we have a good bank (Natwest plus Worldpay) who have successfully rejected every chargeback we have received.

Once again we find South East Asia to be a real problem.
I even considered not acccepting business from Thailand, but so far I have not actioned this extreme measure.
I just have not found a non porn, non fraud, non spam customer from that country.

Gordon