I've received about 10 orders over the last 2 days bearing the same characteristics.

90% of my orders are paypal, yet every one of these orders is with credit card.

They all appear to be for Vietnamese domains, yet use very American names and addresses.

1/2 of the credit card charge attempts are declined, but they'll try another (with an entirely different name) until it works. These charges range from $30 to $400 (they keep ordering biannually, which is a huge flag).

Every single one has included a domain transfer (something I am not prepared to start until I can verify the legitimacy).

$600 has already been deposited from the CC merchant to the bank, with another $1200 coming today. I'm thinking this has to be stolen credit cards.

What's weird is they are actually loading legitimate looking websites, like one is starting a Vietnamese forum. Another opened a support ticket for help with a php script (not an exploit script). I find this very odd for scammers.

Anyone know what my best course of action should be?

sounds a little odd to me, however i did have a client sign up that i was convinced was fraudulent until i saw their site and realised what they were doing, some SEO practitioners are signing their clients sites to different hosts worldwide.

Hoever in your case it does sound a little like fraud if they keep trying different names and cards until the payment works, I would be wary of this and maybe alert your CC merchant

Sounds Fraud to me too

1/2 of the credit card charge attempts are declined, but they'll try another (with an entirely different name) until it works.

And this doesn't set off any alarms for you? If someone is ordering and the card fails for whatever reason, they don't then use a card with another name if they are legitimate.
This smacks of fraud, and you need to decline these outright. Don't let "hey it's a sale" cloud your judgment.

And this doesn't set off any alarms for you?

Haha, that's pretty funny.

Perhaps the OP is just hoping it is legit, but deep-down, knows it isn't.

Would be great if one kept getting people signing up left-right and center..


Lawrence

The problem is that you've already set up one of these fraudulent orders. Now, you're going to have a huge influx of these - since they've successfully scammed you once.

Good luck and be careful! :)

--Tina

$600 has already been deposited from the CC merchant to the bank, with another $1200 coming today. I'm thinking this has to be stolen credit cards.

Those transactions never should have been approved. Now when all the chargebacks come in, not only will they take the money back, but you'll probably get stuck with large chargeback processing fees.

If you want to protect yourself, it would be best to do the authorization and capture separately. If you don't do the capture, the charge never hits the card.

And this doesn't set off any alarms for you? If someone is ordering and the card fails for whatever reason, they don't then use a card with another name if they are legitimate.
This smacks of fraud, and you need to decline these outright. Don't let "hey it's a sale" cloud your judgment.

What's truly funny is you read my entire post yet still had to ask if any alarms were set off.

The whole point of the thread is that all kinds of alarms were set off... just look at the dang thread title.

Fraud fraud fraud.

We found fraud from Vietnam to be so bad that it's on our list of automatic declines, along with Indonesia, Egypt, Tunisia, Nicaragua, and the Palistine Territory. Any attempted charge from any IP allocated to one of those countries gets a "Sorry, your card was declined" message. We don't even try to run the card.

Don't use the money :( it will all be taken back by the bank.

Maybe they're trying to transfer these legit sites just to make it look more legit to you. You could always just deny transactions from all those "shady" countries, probably pretty much eliminate your fraud charges.;)

Don't use the money :( it will all be taken back by the bank.

Maybe they're trying to transfer these legit sites just to make it look more legit to you. You could always just deny transactions from all those "shady" countries, probably pretty much eliminate your fraud charges.;)

No one would have caught these automatically as being from another country. US ip addresses, US addresses, US credit cards. I know they are Vietnamese by the language they speak (the domains).

I'll call my CC merchant tomorrow.

What's truly funny is you read my entire post yet still had to ask if any alarms were set off.
You accepted and provisioned the orders/accounts, then asked if it was the right thing to do. That was my point. ;)

You accepted and provisioned the orders/accounts, then asked if it was the right thing to do. That was my point. ;)

Your point is way off. I asked for the best way to rectify the situation considering the circumstances, not if I can keep stolen money. I never asked "if it was the right thing to do," I asked WHAT is the right thing to do.

I never asked if using stolen credit cards as legitimate business was the right thing to do... that's stupid. If I didn't correct this I could be looking at around $700 in chargeback fees.

I would provision them in any case (since it's done automatically on payment) and then investigate.

I've already been in contact with Bluepay/Visa/Mastercard and the situation will be resolved by tomorrow.

I'm not going to automatically cancel anything that's suspicious as some may be legitimate. I'll give it a little time to investigate and there is little harm they can do to the server in the meantime.

Fraud fraud fraud.

We found fraud from Vietnam to be so bad that it's on our list of automatic declines, along with Indonesia, Egypt, Tunisia, Nicaragua, and the Palistine Territory. Any attempted charge from any IP allocated to one of those countries gets a "Sorry, your card was declined" message. We don't even try to run the card.

Couldn't they go through a proxy?

Then again, i'm sure they could do a lot of things to circumvent the anti-fraud detection but it's easier to look for a provider that's not as keen.


Lawrence

I would provision them in any case (since it's done automatically on payment) and then investigate.If not using some form of verification, automatic provisioning is a mistake. Something like Maxmind probably would have flagged these.
there is little harm they can do to the server in the meantime.
Do you really believe that?

I'm not going to automatically cancel anything that's suspicious as some may be legitimate.
I would humbly suggest,
you might like to 'start' from the reverse viewpoint,
ie. 'I'm going to automaticaly cancel anything that's suspicious, as some will be non ligitimate'.
With that starting place, your business is much less at risk,
I mean no ligit purchaser will sue you for not accepting them,
but boy there are just soo many risks if you 'accidently' accept a fraudster.

Do you really believe that?I guess it's a Free World, the OP can believe anything he wants to, at least thats what the invisible pink unicorn told me ;)

I would humbly suggest,
you might like to 'start' from the reverse viewpoint,
ie. 'I'm going to automaticaly cancel anything that's suspicious, as some will be non ligitimate'.
With that starting place, your business is much less at risk,
I mean no ligit purchaser will sue you for not accepting them,
but boy there are just soo many risks if you 'accidently' accept a fraudster.

Well, if it's a host starting out, they might have the "new business" mentality, which is "if i can accept money for it.. i'm going to do it!"

This is a problem for growth, but is an attitude for a new start-up.


Lawrence

I've been dealing with quite a bit of fraud lately as well. I'm increasing my alert levels to the highest possible and calling every order to verify that they are the right person that made the order.

Lately I have had people use the actual phone numbers of the people (reverse lookup) and it got the best of me. I would suggest doing the same thing and just call to verify every order, no matter how small it is.