Results 1 to 7 of 7
  1. #1

    HELP! How to handle/control fraud

    Ok, I need help handling some foreign fraud orders we have been receiving over the last 2 months or so. 99% of these orders are coming from Vietnam IP's. We have taken the measures required and blocked most of the vietnam subnets via htaccess but now they are using proxies from the U.S. . However, when they reach our payment gateway (2checkout) and pay, 2checkout picks their IP's up as coming from Vietnam and will cancel the order. The problem here is we are suffering big time money loss from % transaction fees (these orders are usually in excess of $250+ USD).

    Anyways, my question to you guys here is how does 2checkout pull their IP as coming from Vietnam on their end, but when they fill out our signup form they are on USA ISP proxies. Does it have something to do with SSL? If I put our customer information sign-up form on a SSL enabled server will that thwart open proxy connections and then they would effectively be blocked via our htaccess setup?

    Any help is appreciated, thanks!

  2. #2
    Join Date
    Aug 2003
    Quite a few HTTP proxies are not SSL enabled...

    Putting your order form on a https:// url would certainly help, in my opinion. - Shared and Reseller Hosting Solutions on cPanel/WHM Linux Servers - Discount ModernBill Licenses, Hosted Installations, and Professional Services
    :: Pay for your discount ModernBill license with PayPal
    :: admin[at] :: AIM: CybexH

  3. #3
    Join Date
    Jan 2003
    Lake Arrowhead, CA
    Securing the connection at all stages may help, but if you are seeing that much fraud, I think the real question should be: what are you doing which makes your service so appealing for fraud?

    - Instant signup?
    - Free trial period?
    - No upfront costs?
    - No personal verification?

    People who make a living with fraud need something for nothing and more importantly... zero accountability. If your service requires the purchaser to identify themselves and confirm payment before they receive anything from you, your fraud orders will virtually vanish.
    Stability, redundancy and peace of mind

  4. #4
    Join Date
    Aug 2003
    Chesapeake, VA
    I would also suggest protecting yourself against larger ticket foreign card fraud by requesting that they fax or e-mail a scanned copy of both their credit card and a credit card statement to confirm possession of the card.

    This step alone will greatly reduce your chances of getting burned on a larger ticket foreign sale and is enough to discourage -most- "would be" fraudsters. They will seek easier and greener pastures. - Trusted Merchant Account Solutions since 1998
    Many thousands of successful, growing businesses benefit from our expertise every day. You can, too!
    We help merchants to eliminate gateway costs, reduce & mitigate fraud and achieve streamlined PCI compliance.
    Learn more today at - we look forward to helping your business grow!

  5. #5

    Take a loot at H-Sphere at

    It has sign up guard -- -- which allows you to set up rules for human intervention of the order process.

    Since we moved to H-Sphere (about 18 months ago), we have had zero fraud impact. That plus saving oodles of time in support and management of the hosting operation because H-Sphere provides 100% hosting automation.

    If that's not an option, you may want to read the signup guard docs to see what you can develop on your own.

    Thank you.
    Peter M. Abraham
    LinkedIn Profile

  6. #6
    Thanks for the help and suggestions guys!

  7. #7
    Join Date
    Apr 2004
    True that there's lot of Vietnam fraud.
    Linux System admin (since 2001)
    * cPanel/WHM, Directadmin, Apache, DNS, PHP, HyperVM, Lxadmin, Openvz*

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts