I'm tired of receiving at least one fraudulent order... the sad part is that it goes through on my merchant account, and then after account is installed, I get an email after 48 hours that the order had a fraud risk and it was cancelled, its so annoying!
What is the best way to prevent this from happening?
I get two types of fraud orders. Those that don't complete the payment process (bad thing about CE is that it creates a record and order notice even if they fail to complete payment).
Other type is 2C0 Fraud alerts. I get them pretty regularly, but 99% of the time they are ok'd within 24hours. I've only had one in last 6 months that wasn't OK.
Like above, double check the info, some hosts wait 24 hours for setup, others call the number before setting up, etc. I've even thought about implimenting a link check on email addresses where they would have to verify the email address before I confirm order.
I have seen some places where if you enter a "wrong" zipcode and it doesn't match your address, it says something like "your zipcode doesn't match". That is a good idea, it would also be good if there was a way to verify email addresses/address/phone some how, and the god damn proxies are the biggest problem, it gets hard to locate frauders!
That service should be used on all incoming new orders, it will tell you up front the fraud score, anything that doesn't match up should be followed by a telephone call to the card owner (as long as the area code matches billing state).
If you are getting an extreme amount of fraudulent orders it may be time to look for common denominators as to where they are coming from. Could there be an advertising campaign you are involved in that is attracting a greater risk client?
I agree, maxmind is an excellent service. They even provide you with the issuing bank! This way you can even confirm their billing/telephone details with their bank. The bank will not reveal information about the customer, but will usually provide 'yes' or 'no' answers.
Ip2location.com have some excellent IP/location databases.
If you have a real merchant account, your merchant account provider may offer a website or service where you can look up the credit card issuer based on the first 6 digits of the card number. If the issuer is in the US but the order is from Indonesia, that should be a red flag...
ModernBill logs the IP address of the person signing up, but a proxy could easily be used.
FraudGuardian has an API that several hosts have integrated with ModernBill.
I have not used it.
CybexHost.com - Shared and Reseller Hosting Solutions on cPanel/WHM Linux Servers ModernTweak.com - Discount ModernBill Licenses, Hosted Installations, and Professional Services :: Pay for your discount ModernBill license with PayPal :: admin[at]cybexhost.com :: AIM: CybexH
We currently are running the latest build of Modern Bill (4.13 B3) in conjunction with Fraud Guardian. It is $5.95/mo for 100 lookups. You can either create one manually in the members area, or have it integrate into your API as ours is. It is fairly simple to integrate and appears to use the same technology as Maxmind. It is nice because along with your order, you receive an email with a fraud report with all info. Works great so far! I received some info I had not before with a dnsstuff ip lookup. Was able to find out a current customer was probably fraudulent.
If you are going to get it, log into modern bill, click on system config, then the Fraud Guardian module. There is a coupon for half off the first month. Not much, but hey, every dollar counts!