Results 1 to 25 of 26
-
01-12-2007, 01:56 AM #1Web Hosting Master
- Join Date
- Jan 2004
- Location
- Boise, ID
- Posts
- 2,453
What steps do you take to prevent chargebacks?
I'm just curious what steps others take to prevent chargebacks. Personally we have implemented a few methods:
Fraud Guardian
A physical Mailing to the customer (more than just a welcome letter).
We are looking at what other methods we might be able to add to further mitigate any "Potential" chargebacks.
-
01-12-2007, 03:15 AM #2Web Hosting Master
- Join Date
- May 2004
- Location
- Toronto, Canada
- Posts
- 643
Charge back is a huge problem... We can't even dispute because our services fall under virtual item.
As for preventing the chargeback, we tend to review every order and veirfy the order by calling the customer. Most of the time we can tell right away that its a fraud beacuse the signup name is different than the credit card name. And sometimes the Logged IP is different from the geographic area where the credit card and the billing info belongs to.
Alot of times when we call to verify orders, the phone number is either not working or no one picks up.█ Hussain Baig - 1-866-954-6747
█ Toronto based VPS - Dedicated Servers - Colocation
█ VPS Fusion - Providing scalable and reliable hosting solutions.
-
01-12-2007, 03:28 AM #3Predatory Poster
- Join Date
- Jul 2003
- Location
- Goleta, CA
- Posts
- 5,566
Use common sense. It's a great tool and rarely lets you down. Check the ip location, call to verify the order etc. . .
and the big one
if your instinct tells you not to take the order but everything else seems to check out, don't take the order.
-
01-12-2007, 04:46 AM #4Web Hosting Evangelist
- Join Date
- Nov 2003
- Location
- Rovaniemi
- Posts
- 483
We use an integrated version of Maxmind's antifraud system, which checks IP location and a whole range of other items upon ordering.
Secondly we do a manual check as well.
If you see too many different addresses then you should be very cautious.
For example, someone signs up for an account and uses Paypal.
Only yesterday we had such a signup, where the email address and name of the client, the Paypal address and the domain owner were completely different.
What we do in such a case is to send an email to each one of those addresses to ask for verification. Each email has a different code inserted into the subject. We need verification from all three addresses before we proceed with setup.
In our own case from yesterday, the client replied from all addresses, but they turned out to be forged because they did not include the original code which we sent. It turned out the customer simply forged the email address to show as if it was coming from a different address.
Other things you can do is to ask the client to change for example the second nameserver of the domain to something you want. If that works then you can verify that the client can access the domain in question.
Or you can of course do the phone verification too.
The more verification you get, the more sure you can be that the order is legit.
But as the previous poster said, if your gut feeling says that you should decline the order, then do so.
Another tool you can us is http://www.chargebackprotection.org/
I hope this helps.█ IceBlueHost | Premium Quality Hosting Solutions
█ Shared | Reseller | Xen VPS | Dedicated | cPanel | Softaculous | CLoudLinux | Game Servers
█ True 24x7 Support | No Overselling | Servers in France and Canada
█ Follow us on Twitter for the latest news and special promotions
-
01-12-2007, 05:15 AM #5Web Hosting Master
- Join Date
- Jan 2002
- Posts
- 1,053
Originally Posted by pixelized
-
01-12-2007, 08:28 AM #6Web Hosting Master
- Join Date
- Mar 2005
- Location
- USA
- Posts
- 667
Good advice! We do the same thing and call every order. It's absolutely the best way of avoiding fraud.
Jim - 2Macs H-Sphere Web Hosting
Since 2001 - H-Sphere Clustered Shared Linux & Windows Hosting
Fully Managed Services| Custom Web Designs
Unconditional, 30 Day Money back Guarantee!
-
01-12-2007, 08:53 AM #7Web Hosting Evangelist
- Join Date
- Nov 2003
- Location
- Rovaniemi
- Posts
- 483
In my opinion, phone verification is not a guarantee.
I mean, what if the fraudster who signs up gives his own number (I know that's stupid, but you'd be surprised what they all do!).
You call him and of course he will say that the order is correct.
I know of several instances where this has happened. Not personally, but I know from others.
Any verification should not be done alone, you will always need several different verifications to make sure an order is legit or not.█ IceBlueHost | Premium Quality Hosting Solutions
█ Shared | Reseller | Xen VPS | Dedicated | cPanel | Softaculous | CLoudLinux | Game Servers
█ True 24x7 Support | No Overselling | Servers in France and Canada
█ Follow us on Twitter for the latest news and special promotions
-
01-23-2007, 12:07 PM #8Newbie
- Join Date
- Apr 2005
- Posts
- 14
It is hard to guard against. We use AWBS, and fradgrabber (service provided by AWBS billing software) and reduced fraudrant transactions significantly. But, they do come back time-to-time. fradgrabber uses IP-to-Location type verification to verify user's home address with IP location. I see abusers getting smarter and use a home address where IP is located, and transaction goes through.
We also verify ip location mannually, which we implemented ourselves using ip2location database.
http://www.iplocation.net
You'll just have to make your best judgement. Fraudrant transactions in many cases use domain names that starts with onlineXXX or accessXXX (and the like) to use in phishing purpose. Beware of those domain names.
-
01-23-2007, 12:17 PM #9Keep rockin' in the free world
- Join Date
- May 2002
- Location
- Kingston, Ontario
- Posts
- 1,588
Phone verification is a good one but fraud orders can use virutal numbers as such through Skype so you need to keep that in mind.
Manual checks of the domain whois information may also help although many don't keep that info updated.
IP location checks are a good method to help as well.
-
01-23-2007, 06:31 PM #10Texan at Heart
- Join Date
- Jul 2003
- Location
- Castle Pines, CO
- Posts
- 7,189
We use LinkShield and Verified by Visa / MasterCard Secure code. A lot of times, we will also ask them to sign a statement authorizing the signature.
Some things to look for to scrub the transaction further:- First Time Buyer
- Larger-than-normal orders
- Orders consisting of several of the same item
- Free EMail Address
- Address Verification Service (AVS)
- IP address does not match billing information
- Orders made up of big-ticket items
- Orders shipped rush or overnight
- Orders shipped to an international address
- Orders shipped to a single address but made on multiple cards
- Multiple transactions on one card or similar cards with a single billing address, but multiple shipping addresses
- Multiple cards used from a single IP (Internet Protocol) address
-
01-23-2007, 10:55 PM #11WHT Addict
- Join Date
- Apr 2006
- Posts
- 101
This is what we do for large orders. normaly I am not concerend with the $5 per month shell customer but if someone is buying a $100+ per month dedicated box then we definatly want to check them out if its their first order.
We require full name on card, billing address and billing phone number (the number the bank might use to call the customer) as well as the other usual stuff.
We first check the IP to make sire its at least in the same part of the world as the phone, address info is and check for strange differences between billing and contact info. Its not uncommon for a person to buy somethign with a card under a different address (firend, parent, old address). We also look for IP blocks belonging to countries which tend to generate fraud.
We then call our merchant account customer service line where they allow us to enter in the card number and will give us back the phone number belonging to the card issuing bank.
Now armed with all the order info card issuing banks phone we call the bank and navigate our way to a customer service rep. Sometimes there is a special option for merchants to use to get to the right department and other times you just have to get a normal service rep.
Now banks are under no obligation to tell you anything so its best to start right off in a highly professional mannor and introduce yoruself, yoru company and that you want to verify a charge made by a customer on a card issued by that bank. Then proceed to read off every part of the order form name on the card, to exp date, to sec code, to full billing address and phone number of the customer. The bank may refuse to confirm the phone but they normaly wil confirm every other part of theinfo. They will never give you the info they see but wil siple say its accurate or inaccurate.
Now the key here is you confirmed the card holders name and their home phone number so now you can phone verify with above averge confidence that you wil be talking to the real card holder.
The only flaw here is kids using their parents cards without permission but if this results in a charge back you simple call the card holder andplay back the recorded phone authorization and I am sure there will be one very grounded kid. This has happened a few times each year here and many times the parent will apologize and reauthorize the payment.
This isnt perfect and it can be time consuming but in higher risk situations its well worth it. Almost all US banks wil be very cooperativer but international onces can be a pain.
And always record conversations with your client and have them confirm their card number, their name, the date of the purchace and the amount because having this can mean the difference in winning or losing a charge back when the dispute comes in. You simple submit the recording back and they almost always lose if you were indeed speaking to someone who remotely sounds like the card holder.
Another option you can use is a "letter of non-dispute" which youc an find online pretty much anywhere. Although this is time consuming and sometimes frustrating for the customer you shoudl use this in any really large transaction such as over $1000. It will include a signed statement where you fill int he amount, the card holder name, the date and what they bought which the customer signs and also includes a photocopy of their photo id and front and back of the credit card. This too is very difficult for a bank to ignore when youssend them this in answer to a charge back.
But nothing beats prevention...you can fight charge backs but its far better to not let them occur in the first place. This means keeping your customer happy and not pissed off because your customer service sucks and doing common sense checks to catch the obvious cases. Also keep a log of every single fraud ip, email, name, address, phone, and everything else you take in on orders. And scan your :blacklist" for new orders with similar information. Frauders like to hit the same places more then once especialy if they got away with a couple months of service before the chargeback came through.
-
01-30-2007, 10:46 AM #12Disabled
- Join Date
- Mar 2006
- Posts
- 26
i have done everything in my power to prevent chargebacks. i have followed paypal protection policy to the T and still got nailed!
that really pissed me off. as a matter of fact, the transaction its selft said i was covered by the policy (i am the seller)
yet i was still subject to the chargeback and never got my item back!
if you want to be really worry free about a transaction, use www.escrow.com
-
01-30-2007, 08:53 PM #13The E-Commerce Answer Guy
- Join Date
- Aug 2003
- Location
- Chesapeake, VA
- Posts
- 3,381
Cardholder authentication (Verified by Visa/MasterCard SecureCode) is a great way to reduce your merchant liability on transactions. It can effectively block around 60% of the most common chargeback reason codes centering around the "I didn't authorize it" responses.
In addition, verifying new orders automatically by phone order verification is a very powerful tool. The simple fact of the matter is that fraudsters do not want to be able to be reached over the phone. They are extremely adverse to this and so any system - whether manual or automated - that verifies them at the phone # they state they are at is a very useful tool against fraud.CDGcommerce.com - Trusted Merchant Account Solutions since 1998
Many thousands of successful, growing businesses benefit from our expertise every day. You can, too!
We help merchants to eliminate gateway costs, reduce & mitigate fraud and achieve streamlined PCI compliance.
Learn more today at http://www.cdgcommerce.com - we look forward to helping your business grow!
-
01-30-2007, 09:14 PM #14Evenly Divided
- Join Date
- Aug 2001
- Posts
- 4,028
Originally Posted by cdgcommerce
We've been hit with a couple chargebacks this month. Never fun.
-
01-30-2007, 09:17 PM #15Web Hosting Master
- Join Date
- Jan 2002
- Posts
- 1,053
Originally Posted by Mekhu
-
01-30-2007, 09:26 PM #16Evenly Divided
- Join Date
- Aug 2001
- Posts
- 4,028
Originally Posted by Josh Stein
-
01-30-2007, 09:33 PM #17Web Hosting Master
- Join Date
- Jan 2002
- Posts
- 1,053
Originally Posted by Mekhu
Those are just some examples.
-
02-01-2007, 07:20 PM #18WHT Addict
- Join Date
- Apr 2006
- Posts
- 101
Originally Posted by pristinehosting
for credit card payments records the call, get them to sign a letter of non-dispute, or fax in a photocopy of the card and picture ID. call the bank and verify all the info especialy the phone number if your not shipping an item. This way you can know the person you called and voice recorded authorization is most liekly the right person. Although we sometimes get kids using parents cards that lead to charge backs but playing back the recorded authorization normaly results in the chargback being cancelled with apologies and a certian kid being grounded.
Most of all common sense. It if looks bad check into it deeper or just refuse the order.
-
02-01-2007, 09:24 PM #19Web Hosting Master
- Join Date
- Jan 2002
- Posts
- 1,053
Originally Posted by kib5
There is a difference between PayPal-level chargebacks/disputes and bank-level. You should be able to win any PayPal-level dispute because you are selling a service. PayPal does not provide their customers with buying protection for services (at least this was how it was in the past, I don't know if things have changed).
As for recording calls, be very careful. There are a lot of laws regarding that and it varies from state-to-state. I recommend that you seek legal counsel for that issue.
-
02-01-2007, 10:43 PM #20Temporarily Suspended
- Join Date
- Jan 2005
- Posts
- 432
If you are not high volume, you can get FraudLabs.com credit card fraud check for free. You can use it for 90 queries a month. They have a web based deal where you send a query to their server or you can use their Windows client to do it.
-
02-01-2007, 10:54 PM #21Temporarily Suspended
- Join Date
- Jan 2005
- Posts
- 432
Originally Posted by ScarabWeb
I don't know if I want to sign up for this website or give them any information about me or my customers since they have no contact address and is using WHOIS guard. I have no idea if they are legit or if this is legal.
This is a great idea if it is legit and legal... I guess I would need to talk to my lawyer about it.
-
02-01-2007, 11:29 PM #22WHT Addict
- Join Date
- Apr 2006
- Posts
- 101
Originally Posted by Josh Stein
-
02-01-2007, 11:51 PM #23Web Hosting Master
- Join Date
- Jan 2002
- Posts
- 1,053
Originally Posted by kib5
-
02-02-2007, 12:31 AM #24Web Hosting Master
- Join Date
- Jan 2004
- Location
- Boise, ID
- Posts
- 2,453
Josh you have a lot to learn about Paypal.
If I, as a buyer, felt I had been sold a service fradulently and Paypal refused to do anything I would take it up with my bank.
If it was a debit/credit card purchase I could then issue a chargeback which would hit Paypal and paypal would hold the seller accountable.
If it was echeck I can still, with my bank, issue the equivalent of a chargeback. Not all banks support this yet, but more and more are starting to.
In other words, just because paypal closes a dispute that means nothing.
-
02-02-2007, 01:53 PM #25Web Hosting Guru
- Join Date
- May 2003
- Posts
- 267
Originally Posted by Festus2005
I.e. if you have American cardholder traveling in France using his yahoo e-mail address, transaction will get over 3.5 fraud score for sure (with MaxMind). In such cases only VbV/MCSC will let you to accept this transaction worry free.Amirocms.com