Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

Tips for Preventing Fraud


Recommended Posts

Fraudsters are using selected merchant's Web sites to test 'sequenced' credit card numbers. Sequencing is a common practice amongst fraudsters where potentially valid credit card numbers are generated through the use of hacker programs. These programs, widely available on the Internet, take a known 'good' account number and attempt to extrapolate additional account numbers based on the issuing sequence. The fraudsters need to test these generated accounts to determine which are valid, prior to using them fraudulently. Discover® Network Security has found thousands of 'sequenced' number tests in the last several months at retail Internet sites.


We have determined that the Internet sites chosen by fraudsters to test generated account numbers share common characteristics in the 'checkout' process. Most importantly, sites chosen for testing all returned unique error messages based on the specific problem with the order. Also, sites chosen for testing, rejected orders with mismatched customer billing information.


For example, if an invalid number was entered at checkout, the site might return an 'Invalid Credit Card' message to the user. However, if the card was valid but there was mismatched customer billing information, a different message such as 'Unable to process order, please verify billing information' might be displayed.


It is this difference in the two messages that confirms for the fraudster whether or not the generated account number is valid. And, because the fraudster enters fictitious billing information, no sales are ever completed. This allows the fraudster to test one generated account number after another in a very short time.


The result is potentially thousands of fictitious orders to your site, and thousands of erroneous authorization attempts on consumers' credit card accounts. A positive test also allows the fraudster to commit more egregious fraud elsewhere.


Discover Network Security recommends the following in order to prevent fraudsters from using your Web site to test fraudulent credit card numbers:

Use a single, common error message in the checkout process, regardless of the type of issue. Remember that it is differences in error messages that identifies whether or not a generated credit card number is valid.


Set a maximum number of errors allowed in the checkout process. Fraudsters may attempt dozens of account numbers at a time. Automatically canceling an order after 3 - 5 errors will disrupt the fraudulent activity, while allowing for honest mistakes by valid customers.


Implementing these recommendations will minimize the utility of your Web site for this type of fraudulent activity, reducing a potentially heavy volume of fraudulent transactions.








Helpful Hints to Reduce Chargebacks and Risks:

Request and validate the Card Identification Data (CID) (the three-digit code on the back of the card in the signature panel). The CID can be submitted in the electronic authorization request or can be used when calling our authorization center

Verify the customer's billing address, either electronically or by our automated phone system (Address Verification System - AVS)

Check your delivery service contract for who is responsible for merchandise not delivered

Get a signature for each delivery

Keep all delivery records

All declines are final. Do not force through any sales for which you have received any declined response to your authorization request

If the sale is on a credit card, do not refund in cash or by check. Refund sales on the same card account that the purchase was made on

Include your common DBA and customer service number on the Cardholder's transaction statement

Clearly communicate any and all delivery charges, restocking or other fees

Clearly explain any return policies and offer documentation of this policy with each sale

When working on a chargeback, document efforts to satisfy the customer

Respond to all Chargebacks, even the small ones (remember, this is your customer)

Duplicate charges, or installment plans, unless otherwise stated, require an authorization for each sale



Types of Suspicious Behavior:

Please consider that these are only indicators of higher risk transactions. One behavior alone may not be a concern.

New customer attempts to make a very large credit card transaction

Customer doesn't know the Card Identification Data (CID) found on the back of the Card, indicating that they don't have the actual Card

Customer’s address does not match when attaining an Address Verification

Shipping to an address other than the billing address

Customer asks that you try lower dollar amounts when a decline message is received

Customer instructs you to try different expiration dates when initial attempts fail

Customer hesitates, or has a long pause, when asked for personal information

Customer repeatedly sends e-mail messages requesting confirmation of shipment

Customer attempts to place multiple orders to the same address

Customer attempts to purchase large quantities of a single item

Customer purchases several large-ticket items, which do not go together, e.g., appear random

Customer calls a few minutes before closing and wants several large-ticket items

Customer requests that sales be split up to avoid paying "import taxes" and/or "duty fees"

Customer requests shipment to an overseas destination

Customer seems overly concerned about delivery time frames to overseas destinations

Customer attempts to place a large order using several credit cards to obtain the total authorization amount

Customer offers the phone number to an authorization center to speed up the credit card approval process

Customer has little regard for price

Customer shows little or no concern for return policies, manufacturer warranties and/or rebates when purchasing in large quantities





These fraud prevention tips were taken from Discovers website.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...