Results 1 to 19 of 19
  1. #1
    Join Date
    Oct 2002
    Posts
    26

    Fraud Orders/IP Addresses

    Just curious as to how you guys handle fraudulent orders and how, if at all, you report them and to whom?

    I have a (sadly) growing list of fraudulent orders from what may be the same person from across several networks.

    Any help or ideas are appreciated

    I have the IP addresses in question available in case anyone was interested or could help me in reporting this nonsense.

    Thank you

  2. #2
    Join Date
    Oct 2002
    Posts
    211
    do a trace route to get their ISP and report it to their ISP, sadly this will probably do nothing but it might

    You might also want to contact your merchant company and ask them for help, they will be just as eager to minimize fraud as you (at least they should be)

  3. #3
    Join Date
    Oct 2002
    Location
    Behind You
    Posts
    791
    You think that is how it would work. But sadly no one cares No one except you. Because when it comes down to it, the merchant is the one who loses. No one else loses. Years ago we caught a kid who ordered a product from us fraudulently, we caught him dead to rights. He admitted it even.

    First we called the creditcard company - who cares.
    Then we called the issuing bank - who cares
    Then we called the local police - who cares
    then we called his mom - and she yelled she was going to sue us.

    Chet

  4. #4
    Join Date
    Oct 2002
    Posts
    211
    Damn ...where have all the honest people gone?

  5. #5
    Join Date
    Jan 2001
    Location
    Illinois, USA
    Posts
    7,147
    Originally posted by iKHost
    Damn ...where have all the honest people gone?
    if you look in the mirror you're likely to see one...

    sadly, there is very little you can do except warn other merchants. try hostabuse.com, though they rarely update their database...

  6. #6
    Join Date
    Mar 2002
    Posts
    295
    I try to block as many of them as I can via .htaccess...It has cut down considerably...

    First we called the creditcard company - who cares.
    Then we called the issuing bank - who cares
    Then we called the local police - who cares
    then we called his mom - and she yelled she was going to sue us.
    Ditto experience here, however, I've taken on a new route...in most cases, the fraud order contains the correct information, such as phone number. When the 'victim' calls the bank or the police, seems more people tend to listen....I won't think twice about 'verifying' an order via telephone, particularly on orders that I'm sure are fraud...in fact, I've turned this around and had them order other services from us...(Generally not web hosting, but a Long Distance deal)

  7. #7
    Join Date
    Jul 2001
    Location
    St. Louis
    Posts
    379

    Unfortunately

    Chet is right. Unless you have $50K loss or more, no one cares. Chasing fraud is expensive and the only one who really loses is the merchant.

    Sad but true.
    Brad @ Xiolink
    XIOLINK. Your data...always within reach.
    http://www.xiolink.com
    1-877-4-XIOLINK [+01 314 621 5500]

  8. #8
    Join Date
    Oct 2002
    Posts
    26
    Thanks for the advice everyone.

    Sigh, though how sad the truth is

    I've seen people post IPs of offenders here on WHT. Does that help at all? Do some of you actually add all of those IPs into your banned list?

  9. #9
    Join Date
    Aug 2000
    Location
    Tacoma, Washington
    Posts
    9,576
    To save a bit of doom and gloom, the honest truth is, there's more good people out there than losers. Everyone gets some egg-unit out to get something for nothing from time to time, but for the most part the people you'll do business with are good honest people.

    A part of that however is devoted to the market you aim at. If all your advertising is aimed at young kids who play video games and "Spek Like THiS" then you're going to ramp up the chargebacks...

    Greg Moore
    Former Webhost... now, just a guy.

  10. #10
    Join Date
    Aug 2002
    Location
    Denver, CO
    Posts
    331
    I'm in the process of building our own online store / shopping cart system. I have built in a fraudulent orders section, where orders are given fraud points. I can configure it any way, but currently have it set to..

    Free Email Address: 1 point
    Nororious Order Destination: 3 points (Miami for instance)
    Shipping - Billing not match up: 2 points
    Order Amount: (orders over $xx.xx get 2 points)
    IP Address with bad reputation: 3 points
    AVSZip (verification of zip code from Verisign): 2 points
    AVSAddr (verificaion of address from Verisign): 2 points

    If any order goes over a point limit of 3, then a red flag will come up, indicating to not automatically process the order and be looked into.

    Ths system will hopefully help track down fradulent orders better, but we will have to see when the software is actually in a production environment.

  11. #11
    Join Date
    Apr 2002
    Location
    AU
    Posts
    1,048
    I have almost 200 000 ip addresses of people who have joined a carding irc channel or used a carding forum in the last 7 days if you want!

  12. #12
    Join Date
    May 2001
    Location
    California
    Posts
    800
    Most of these peole are using proxy server somewhere, which makes it really hard to trace.

    I think it would be really nice if we all have one central database to connect to for verification whether that IP, email, name, or cc # are one of the black listed. I say using something like .. XML API perhaps ?

    That can make our life a lot easier ..
    Roy K.
    Pixie Internet Services - http://www.pixiehost.com
    Affordable, reliable hosting solution with Instant Activation

  13. #13
    Join Date
    Oct 2002
    Posts
    26
    Originally posted by akashik
    To save a bit of doom and gloom, the honest truth is, there's more good people out there than losers. Everyone gets some egg-unit out to get something for nothing from time to time, but for the most part the people you'll do business with are good honest people.

    A part of that however is devoted to the market you aim at. If all your advertising is aimed at young kids who play video games and "Spek Like THiS" then you're going to ramp up the chargebacks...

    Greg Moore
    Wow, I really like your analogy You pretty much summed everything up right there.

    Most of these peole are using proxy server somewhere, which makes it really hard to trace.
    Sigh, yes, I know the feeling. As soon as it leaves U.S. borders, law enforcement can't touch it without going through the State Department which is almost impossible.

    I'm sure the same goes for other countries. We need some sort of International agency (beyond Interpol) to deal with this whole jurisdiction issue with International commerce.

    It'd be even better if the fraud and nonsense just didn't exist, but that would never happen. Some people actually thrive by ripping other people off

  14. #14
    Join Date
    Aug 2002
    Location
    Denver, CO
    Posts
    331
    drhonk:

    I would be more then willing to do the coding / hosting of it if there was enough interest in this subject.

    The only question, is how would it all get done? I would assume simply list the IP addresses and how many bad reports have come from those IP addresses. Allow the database to be downloadable and importable, giving each person their own way for sifting through the data. (say you want to discriminate on a class C network, etc)

    The other interesting thing is that these malicious people will probably submit false reports to the database, as well as people who make faulty reports...

  15. #15
    Join Date
    May 2001
    Location
    California
    Posts
    800
    Rebies:

    I think this should be using membership system and not available to public and only those member are allow to post any new data to the database. It would be better if we can identify either known fraud ip/email/name/etc.. or spammers.

    I'll PM you .. maybe we can get this to work.
    Roy K.
    Pixie Internet Services - http://www.pixiehost.com
    Affordable, reliable hosting solution with Instant Activation

  16. #16
    drhonk & Rebies:

    As a matter of fact I'm putting the finishing touches on an app that matches your specs to a 'T'. It employs a client/server interface using xml-rpc.

    It should be ready in a week or two. Let me know if you're interested in beta-testing.

  17. #17
    Join Date
    May 2001
    Location
    California
    Posts
    800
    Yes .. I'm very interested in beta-testing.

    send me a PM with the info about your app.
    Roy K.
    Pixie Internet Services - http://www.pixiehost.com
    Affordable, reliable hosting solution with Instant Activation

  18. #18
    Sure thing. I've already written a client interface in PHP. I'm interested to see how it'll work with all the different order systems out there.

    I'll email you once i have the app online.

  19. #19
    Join Date
    Oct 2002
    Posts
    26
    Wow, looks like you guys are making some progress.

    Let me know what you all are working on

    I want to nail these scam artists and fraudsters, too

    FRAUD

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •