Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

HELP! our osCommerce store has been hit by fraud!

Guest

By Guest
in General Support

Recommended Posts

Guest

Guest

Posted
Posted

in light of our company being hit for over a thousand pounds, it's obvious we need to remove the option to ship to an address other than the register card address

 

how do i do this? i mean, how do i remove the "ship to" option and force ship to registered address given?

 

are there any other tips or any advice anyone could offer?

 

any help is massively appreciated in advance!

Guest

Guest

Posted
Posted

also

 

is there an option not to allow mobile numbers as registered telephone numbers? say, nothing starting 07, or something similar?

 

as you can imagine, i want to take every single possible step to ensure this is not remotely possible again

 

on a side note - who foots the bill??

burt

burt

Posted
Posted

Remove the "change shipping address" page. Remove all references to "shipping address" across all checkout pages (and create account page). Change the wording "billing address" to "billing and shipping address".

 

use a substr to grab the first two digits of the tel number and if it's 07 spit out an error message.

 

OR

 

keep a closer eye on where you are shipping to.

 

So, the question is, do you have the experience to rip all the shipping stuff out without affecting anything else?

Guest

Guest

Posted
Posted
Remove the "change shipping address" page. Remove all references to "shipping address" across all checkout pages (and create account page). Change the wording "billing address" to "billing and shipping address".

 

use a substr to grab the first two digits of the tel number and if it's 07 spit out an error message.

 

OR

 

keep a closer eye on where you are shipping to.

 

So, the question is, do you have the experience to rip all the shipping stuff out without affecting anything else?

 

 

good question

 

i've modified the save orders to .csv module in order to connect with an offline epos system so i do have experience of getting my hands dirty with the code though i admit it was far from easy to do that.

markg-uk

markg-uk

Posted
Posted

I used the information on this page to do something similar (force first time orders to ship to billing address only).

 

Out of interest, were the transactions 3D secure?

Guest

Guest

Posted
Posted
I used the information on this page to do something similar (force first time orders to ship to billing address only).

 

Out of interest, were the transactions 3D secure?

 

thanks, that's very helpful

 

i wasn't responsible for setting up the payment gateway but we have discovered (too late, as always) that we have 2 accounts with protx and 3d secure had been setup on the wrong account (i.e. a pdq machine type account)

 

we're stuffed, basically

tp-ePay

tp-ePay

Posted
Posted

As Credit Card Fraud Investigator at ePay Europe, I will here try to come with some tips and recommendations on how to avoid fraud situations as a merchant:

 

First:

The responsibility regarding a fraud situation is always yours! The payment is between you and the customer - through a payment gateway og processor (e.g. Visa). You have the obligation to report any suspicion of fraud to your gateway, card organisation and the relevant authorities.

 

If you have any doubts or suspicion about a payment:

 

- Call the customer (if an answering machine is on, ask the customer to call back). When you get a reply from the customer request more identification from him (eg. home phone number - NOT mobile, a "real" mail address - avoid Hotmail, Gmail or from countries you don't know, and ask him for example which bank he is using). If the customer don't want to give you these information, it's likely that it's fake or not at serious order.

- When you have received these information you must call/write back to the customer and get him to confirm the order. Let him also describe the order he has placed and the shipping address of which you are sending the goods at). Often a fraud / fake customer will not return.

 

There are some conditions of which you as a business owner must be aware of and can indicate fraud:

 

- Which time is the order placed? Experience shows that a fake order is often placed at night (from midnight to 3 a clock).

- Several orders to the same name with different shipping addresses

- Several orders to the same address but with different names

- Orders with different card numbers/cards and the same name and address

- Orders which differ from the most common amount size and number of ordered goods

- Several orders from the same IP-address (if this is presented for you in your shop system).

 

You can also find more information on the Internet and the card organisations, by searching on how to stay secure when receiving online payments.

 

Should you have any questions regarding fraud issues or how to handle online payments, please don't hesitate to contact me.

Kind Regards,

Thomas Pedersen

 

ePay Europe

  • 2 weeks later...
Guest

Guest

Posted
Posted

thanks thomas, that's excellent advice and is very much appreciated

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...