Web Hosting Talk : Web Hosting Main Forums : Running a Web Hosting Business : regarding credit card fraud

[akashik]

I haven't seem this addressed yet so excuse me starting a thread if I missed it...

I was wondering about the rate of fraud people suffer when they resell etc, and the consequences to the reseller when this happens. Is it something that's a day to day occurence, or once a month, or almost never. Is it a good idea to have a IP logging script on the signup page with the old "credit card fraud is a crime and you've been logged" followed by their IP address. It's one reason I was looking at something like Instabill as they seem to be fairly self-protecting, having the 'impending' status for accounts. (at least till the number is verified) I suppose it would be wise to watch where you advertise too. (ie. a banner at a warez site might not be a very good idea)

Understandably it's not something people are happy talking about, so I'm not looking for examples - just general opinions etc. I'd rather walk into this with my eyes wide open to the facts of it all than suddenly check my accounts one day to find a 60% chargeback rate.

Generally I find most people to be honest and worthy of trust and the fact online auctions even work at all lends credibility to general human nature. The amount of times people have surrendered passwords and account details to me to upload sites to their server shows there's a general sense of goodwill to most people online. I guess I just want to know about the 'bad people' and how much food they will be taking from my daughter's mouth

[angela]

Unfortunately credit card fraud does occur. I would not say that it occurs frequently but probably about once a month we have a problem. There is also the problem with people who "disappear" when they still owe you money. Most frauds can be caught in time if you pay attention to the information that the client is providing. There is usually something that does not seem right.

------------------
Angela
Charity Webspace (division of WebAuthorities)
http://www.charitywebspace.com

[jtan15]

akashik,

I have a suggestion for you. It helps crack down a large number of fake orders. It will take some time, but it is worth it.

On your order form, make sure to collect the user's browser's information and IP address. The first thing that you want to do is search in your web site's access logs to see if they browsed around your web site. Most fake orders will go directly to your order form and order. If you see that they went to several of your web pages, it is a better sign.

Next, you want to get to a unix shell. Type "traceroute IPADDRESS". This should give you a good idea of where the user is coming from. Try to depict what the user's host is. Go to that host's web site. See how good of a host it is. E.g. if it is a free host, that's more of a bad sign.

Next, you'd want to go to www.internic.net and do a WHOIS on the domain name that they want. It will show which whois server to use. Go to that web page and run another WHOIS. If the owner information is the same as the one who sent in the order, that's a good sign. If it's not, that's a bad sign.

Finally, here is the most important part. It will take a good 5-10 minutes of your time, but it is well worth it. Give the person who ordered the account a call. Just talk to them. Say "Hi, I'm just double checking your order with us, etc". See, when your credit card billing company checks the credit card with AVS, it has to match the address and phone number. Sometimes people will fill in a fake order with the phone number of a person who's credit card they stole, hoping you won't call. Sometimes, the person who you are on the phone with will wonder who the hell you are. Then I would suggest you read of a few of the digits on the credit card. If they are correct, say someone submitted an order with their credit card and you are now denying it.

One more resource you can use is www.anywho.com. Look up the person, and see if they are listed in the phone book. That's usually a plus.

And one more thing. If you DO get a fake order, go to that user's ISP and send a letter to their abuse department. Tell them that this IP address submitted this order at this time. If you can get their account disabled, that most likely will be the last time they'll mess with you.

Hope this helps.

------------------
Vincent Paglione
vince@jtan.com

[ARULKS]

Vincent,
Good thought. I am wondering how to completely automate this process to save time and effort. Are there any tools/script available in the market or in this forum? Another thoguht worth considering is to bring the WHT community together to develop a open source script to protect ourselves from these fraudent buyers? United We Stand.

[the elf]

If you people want to cut down on credit card fraud, don't force your customers to "submit" a credit card number before they have to order (or before they get the hosting). I would rather have a prick signup for hosting, then leave rather then have that same prick submit a fake/stolen credit number and have a charge back as a result. Make paying by credit card an option. Most of my customers have the option to pay by credit card. If you have a good billing system, yes, it will work. If you have too many customers to deal with then your not making enough to pay the staff to deal with them i.e. charge more.

Just think of it this way, if they want to scam you, let em. But... Let them scam you WITHOUT using fake credit card numbers. It will just cost you more in the long run if you force them to submit a credit card number. As one host a while ago found out when there merchant account was closed (due to charge backs).

[zoli]

Wow, great thoughts Vincent.

[Martie]

2 year old post

[Lurleene]

elf ----- huh?

Scams are going to be by credit card numbers. So even if you offer other forms of payment (we do) the scammers don't care. They have credit cards, baby!

You can avoid chargebacks by following the few simple steps outlined by Mr. Paglione.

I just wanted to add that if you get a fraud order, not only should you report them to the ISP but also the issuing bank (assuming you caught the fraudulent card before processing it). Call 1-800-228-1122 to find out the bank of a MasterCard/Visa card if you don't already know if, then call them and connect with their Code 10 line. If it's an American Express or Discover you call them directly, I don't have their number here but if you're a merchant of theirs I'm sure you have it.

[Lurleene]

Quote:

2 year old post

Argh!

And I even did a passing glance at the dates. Hate that...

[the elf]

Quote:

Originally posted by Lurleene
elf ----- huh?

Scams are going to be by credit card numbers. So even if you offer other forms of payment (we do) the scammers don't care. They have credit cards, baby!

You can avoid chargebacks by following the few simple steps outlined by Mr. Paglione.

I just wanted to add that if you get a fraud order, not only should you report them to the ISP but also the issuing bank (assuming you caught the fraudulent card before processing it). Call 1-800-228-1122 to find out the bank of a MasterCard/Visa card if you don't already know if, then call them and connect with their Code 10 line. If it's an American Express or Discover you call them directly, I don't have their number here but if you're a merchant of theirs I'm sure you have it.

I've had a few people signup just to upload CGI scripts (scripts that act like telnet), however, until they pay or confirm the account, CGI & PHP are disabled. Since I don't force customers to submit credit card numbers, I avoided a charge back by them using a fake/stolen or using a real credit card then charging it back.

Another point I tried to make was don't force the customer to pay before you setup the account. Some hosts take a while, the customer goes to another provider thus you get a charge back.

Reporting them to their ISP (if they are from Asian) won't do anything as we call know all the above they allow.