Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HELP! our osCommerce store has been hit by fraud!


Guest

Recommended Posts

in light of our company being hit for over a thousand pounds, it's obvious we need to remove the option to ship to an address other than the register card address

 

how do i do this? i mean, how do i remove the "ship to" option and force ship to registered address given?

 

are there any other tips or any advice anyone could offer?

 

any help is massively appreciated in advance!

Link to comment
Share on other sites

also

 

is there an option not to allow mobile numbers as registered telephone numbers? say, nothing starting 07, or something similar?

 

as you can imagine, i want to take every single possible step to ensure this is not remotely possible again

 

on a side note - who foots the bill??

Link to comment
Share on other sites

Remove the "change shipping address" page. Remove all references to "shipping address" across all checkout pages (and create account page). Change the wording "billing address" to "billing and shipping address".

 

use a substr to grab the first two digits of the tel number and if it's 07 spit out an error message.

 

OR

 

keep a closer eye on where you are shipping to.

 

So, the question is, do you have the experience to rip all the shipping stuff out without affecting anything else?

Link to comment
Share on other sites

Remove the "change shipping address" page. Remove all references to "shipping address" across all checkout pages (and create account page). Change the wording "billing address" to "billing and shipping address".

 

use a substr to grab the first two digits of the tel number and if it's 07 spit out an error message.

 

OR

 

keep a closer eye on where you are shipping to.

 

So, the question is, do you have the experience to rip all the shipping stuff out without affecting anything else?

 

 

good question

 

i've modified the save orders to .csv module in order to connect with an offline epos system so i do have experience of getting my hands dirty with the code though i admit it was far from easy to do that.

Link to comment
Share on other sites

I used the information on this page to do something similar (force first time orders to ship to billing address only).

 

Out of interest, were the transactions 3D secure?

 

thanks, that's very helpful

 

i wasn't responsible for setting up the payment gateway but we have discovered (too late, as always) that we have 2 accounts with protx and 3d secure had been setup on the wrong account (i.e. a pdq machine type account)

 

we're stuffed, basically

Link to comment
Share on other sites

As Credit Card Fraud Investigator at ePay Europe, I will here try to come with some tips and recommendations on how to avoid fraud situations as a merchant:

 

First:

The responsibility regarding a fraud situation is always yours! The payment is between you and the customer - through a payment gateway og processor (e.g. Visa). You have the obligation to report any suspicion of fraud to your gateway, card organisation and the relevant authorities.

 

If you have any doubts or suspicion about a payment:

 

- Call the customer (if an answering machine is on, ask the customer to call back). When you get a reply from the customer request more identification from him (eg. home phone number - NOT mobile, a "real" mail address - avoid Hotmail, Gmail or from countries you don't know, and ask him for example which bank he is using). If the customer don't want to give you these information, it's likely that it's fake or not at serious order.

- When you have received these information you must call/write back to the customer and get him to confirm the order. Let him also describe the order he has placed and the shipping address of which you are sending the goods at). Often a fraud / fake customer will not return.

 

There are some conditions of which you as a business owner must be aware of and can indicate fraud:

 

- Which time is the order placed? Experience shows that a fake order is often placed at night (from midnight to 3 a clock).

- Several orders to the same name with different shipping addresses

- Several orders to the same address but with different names

- Orders with different card numbers/cards and the same name and address

- Orders which differ from the most common amount size and number of ordered goods

- Several orders from the same IP-address (if this is presented for you in your shop system).

 

You can also find more information on the Internet and the card organisations, by searching on how to stay secure when receiving online payments.

 

Should you have any questions regarding fraud issues or how to handle online payments, please don't hesitate to contact me.

Kind Regards,

Thomas Pedersen

 

ePay Europe

Link to comment
Share on other sites

  • 2 weeks later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...