[TIPS] How to prevent fraud transaction

[baonguyenx]

Hi,

 

Here are just some ways to protect your site from fraud transaction:

 

1. Collect CVV (Card Verification Value) - verify that customer has the card physically at hand ... but some internationl banks does not support card code.

2. Use AVS (Address Verification System) - Only Available for customer in USA ... what can we do with international customer ?

3. Call the bank that issued the credit card number to that customer: tedious but the best way to verify that customer is the card holder.

4. Capture customer IP and look it up to see if customer came from that country.

5. Ship out the products but requires customer signature confirmation in case of chargeback ... little bit more expensive.

6. Only accept Money Order / Cashier Check from international customer.

 

Please share your experience or suggestion of how to prevent fraud transaction especially from international customer?

 

Regards,

Bn

[mattice]

5) will not do any good if the transaction is disputed by the card holder.

There is no way to prove the person that signed for reception of the parcel is also the person that ordered the goods. All it gives you is a clue, its not evidence or anything.

 

Visa / Eurocard etc. do not care about this, they will chargeback anyway.

 

Mattice

[mattice]

7) have them fax a photocopy of the actual credit card (both sides) or have it scanned and e-mailed to you

 

 

can be forged but frauds do not seem to go through the trouble of doing that.

 

 

PS: I have moved this topic to TIPS and TRICKS as it seemed more appropriate there.

[Farrukh]

Here is the news from 2Checkout Newsletter. Its a bit old but you might want to know it.

 

On April 1, 2003, Visa regulations targeting the use and implementation of Verified by Visa and MasterCard Secure Code go into effect.

 

 

To take advantage of the additional fraud protection and reduced chargeback liability, 2Checkout will be including Verified by Visa and MasterCard Secure Code processes in the checkout process.

Currently, these programs are only supporting US-based cardholders. On April 1, however, these programs begin affecting the international market.

 

 

Cardholders are required to enter a PIN at the time of purchase. This takes the existing CVN technology a step further. From a merchant/vendor perspective, Visa has also eliminated the liability for specific chargebacks. Once the V-by-V program is in effect the number of chargebacks incurred for the cardholder's failure to recognize a charge or citing non-possession of the card should be virtually eliminated.

 

 

This process will be beta-tested the week of March 3, 2003 and will be fully implemented by March 8, 2003.

U.S. cardholders that cannot or will not submit valid PIN information will have their orders declined. A link to the V-by-V registration page will be present on the 2CO order page. No other tools currently available to card-not-present merchants have the ability to offer mutual protection to both the vendor and the cardholder. Implementation of this program is being done for the benefit of everyone.

 

 

International cardholders will be expected to comply with availability by the expected target date of April 1, 2003.

For additional information about this program and the additional protection it affords, please visit:

 

http://www.usa.visa.com/personal/secure_wi...=v_sym_verified

 

This will definitely reduce the number of charbacks or even eliminate them, if your site only deals with Credit Cards.

[webhost]

Banks are always right. If you get a chargeback just make sure you can get your stock back. Its as simple as that. :)

[Guest]

webhost:

 

good luck trying to get your merchandise back - usually if there is a chargeback it is because someone used the card fraudulently and your stuff is long gone

 

8) DO NOT ship to any address using PMB as part of the address - these are mail drop points but have valid addresses

 

we were hit by someone that had a stolen cc and we shipped product to a valid address in NYC, and it turned out to be a mail drop. We contacted the Secret Service Computer Fraud Unit in NY and much to our amazement, they knew about this address already... :evil:

 

we asked why they had not notified domestic cc processors about this known scam address and they had no response (what a surprise..)

 

we do require intl users to fax the front & back of their cc cards to complete their order transactions - some people complain about it, others do it no problem. we also require entry of cvv number for verification.

 

now, as to the 2checkout posting above, has anyone looked into writing a module that will utilize the new requirements?

[Guest]

Only ship to a registered billing address...

 

If you get a charge back and have collected CVV2 and had the person sign for the package you have a better than 50/50 chance of getting your money back (visa and mastercard only)

 

American express will do a chargeback and you have to fight the customer for the money...

 

Other measures I look at with suspect orders are the phone number.

 

I do a reverse number look up on MSN white pages and if the phone matches the adress then I am happier.. It worries me when the number cannot be found (cell phone).

[Guest]

I do a reverse number look up on MSN white pages and if the phone matches the adress then I am happier.. It worries me when the number cannot be found (cell phone).

Here is a great site to help you find phone number information. Don't run your store without it.

 

http://www.primeris.com/fonefind/

[Guest]

how would i get the customer to input the cv3 # is there a setting o have to enable

[Guest]

how would i get the customer to input the cv3 # is there a setting o have to enable

 

Look in the contributions section...

[Orphon]

webhost:8) DO NOT ship to any address using PMB as part of the address - these are mail drop points but have valid addresses

 

we were hit by someone that had a stolen cc and we shipped product to a valid address in NYC, and it turned out to be a mail drop.  We contacted the Secret Service Computer Fraud Unit in NY and much to our amazement, they knew about this address already... :evil:

 

I have an acct at a former Mail Boxes Etc, they don't require you use PMB anymore. Even if they did tho.... I don't think that is a reason to not ship to them. My mail box is my shipping address and for some CCs my billing address also.... my Apt in NYC has a SMALL mailbox and any packages (unless they need a sig) would be left outside the mail box... I might as well say good bye to it then.... :?

[psdartur]

At one of my old jobs, I suggested to our web guy to add a field to the Credit Card section for Bank Name. It wasn't fool proof but with our other methods in place (like listed above) it added an extra bit of security.

The way it worked (and may not be same in all countries) is the customer would put in CC number etc and Bank Name, then when we punched the numbers into our CC machine and it prints the receipt it would say what bank it's from. If it doesn't match we contact the customer for more info and hold the order.

 

If someone can work out the code and put it here, I would like to add it to my store.

Just need an extra field in Payment page, a field added to the DB and one to show it in order process.

 

As I say, it's not 100% but it did help us out on several occasions as this cannot be gotten from an imprint.

 

Cheers,

Artur

[Guest]

thats an interesting idea

 

currently we have the customer enter the CC #, exp date, and CVV # (which generally means they at least have the card in hand)

 

it could possibly be another level to add fields for

 

Issuing Bank:

Issuing Bank Phone #:

[Guest]

it could possibly be another level to add fields for

 

Issuing Bank:

Issuing Bank Phone #:

 

The Issuing Bank is a sensable addition, but the Bank phone number is probably going too far, I personally haven't got a clue what my banks number is, and unless I can't buy what you are selling elsewhere I'm probably not going to go and find out.

 

-Mex

[Guest]

its located on the back of your credit card, so its just another piece of information from the card (which only proves the person has the card, but doesnt prove the person is the owner of the card), but its another piece of information that if a chargeback occurs gives you more credibility with the bank 8)

[Guest]

its located on the back of your credit card

 

It's not on any of my cards, perhaps that's just a US thing, I'm in the UK.

 

-Mex

[Guest]

thats interesting - it is on the back of all US cards - a customer service number for the bank issuing the card

 

thanks for letting me know about that!

[CC]

When is the new Credit Card PIN number supposed to come into effect?

 

I heard it was quite soon, and some European Countries are actually using it now...

 

That will be a fantastic way to stop fraud!

If you dont know the PIN number, you aint gonna get anywhere.

 

Anyone know anything more about dates and times on this?

 

CC.

[Guest]

i have tried to find some implementation notes on that for Visa, but there doesnt appear to be any (or at least nothing i can find) other than how it works for the end user...

 

if someone finds it, please let me know and i will begin working on a solution :wink:

[Guest]

CVV

All UK cards have the CVV or CVC number on the back, perhaps you don't know where to look!

 

There are some numbers printed on the signature strip, the CVV number is the last 3 numbers of the group.

 

PIN

 

Credit & Debit cards on the continent (certainly in France and Germany) have had pin numbers for at least 7 years - I have had a French bank account since 1996 and my credit and debit card both have PINs. To have a PIN on the card, you need a smart chip on the card. Cards like these are being trialled in Northampton at the moment. The target was to have them in general use by the end of this year - I'll believe it when it happens!!

 

BUT........to make an online purchase, you will need to be able to swipe your card through a reader. There are keyboards availabe with them and some of the latest motherboards have a port for a smart card reader. How many of your cuswtomers are going to buy either a new keyboard or motherboard and reader som that they can shop online?

[Tuan Le]

What I am more concern with mail-order fraud is......If the fraudulent buyer want to scam your business, he/she will just tell her creditcard issuer that your package does include everything he/she ordered. Let say he/she ordered 5 items, $400 each. And he says you only shipped 3 of the items. :roll: My guess on that situation is the creditcard issuer will definitely believe their card-holder over you so you will be out of $800. :evil:

 

I can't think of any solution to the problem above. But fortunately, most of the people aren't that wicked.

[Guest]

one solution to the problem is the type of shipping you use

 

we use Airborne Express and UPS for all shipments, so when an item or items are shipped, there is a weight

 

if someone were to attempt to scam us by stating they did not receive an order such as you describe, then all we need to do is present the shipping documentation which contains the weight of the shipment (which is also verified by the shipping company) - the customer cannot dispute that information

[Tuan Le]

one solution to the problem is the type of shipping you use

 

we use Airborne Express and UPS for all shipments, so when an item or items are shipped, there is a weight

 

if someone were to attempt to scam us by stating they did not receive an order such as you describe, then all we need to do is present the shipping documentation which contains the weight of the shipment (which is also verified by the shipping company) - the customer cannot dispute that information

 

Hi jchasick,

 

The weight only get verified when you ship out packages one by one at the UPS/FedEx customer counter. It is a totally different story when you have an account with them and print your own labels for your packages and then have them picked up or drop off.

 

For the last ~6 months, I have been using estimated weight and haven't had a single problem with either UPS or FedEx. And I am sure sometimes my packages would few pounds over/under.

 

I personally think the entered package weight info would not hold up well in a dispute. Beside that, another variable to add into the equation is the packaging material's weight versus your actual merchandise's weight. Or how about if your store is selling jewelry, so the differences in weight would only be in ounces..............CRAZY, ISN'T IT????? :shock: :shock: :shock:

[Guest]

all weights are verified in the shipping office before packages are delivered otherwise shipping companies would lose money because people would print shipping labels for 1 lb when something weighed 3 or 4 lbs, so the shipping companies must verify the weights before shipping, and then they appear on your weekly/monthly billing statements from the shipping company - we have daily pickups from Airborne and UPS

[Guest]

All UK cards have the CVV or CVC number on the back, perhaps you don't know where to look!

I know most UK cards have CVV or CVC printed on the back, but what was being discussed was the issuing banks phone number being printed on the card.

 

-Mex