Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Steps to prevent Fraud...


toyicebear

Recommended Posts

To prevent fraudelent orders there are many steps you might take, here are some of them:

 

- Place a warning in your cart , that you do fraud screening, ip recording and that any atemted fraud will be persued to the full extend of the law.

 

- Ship all packages registered

 

- Do not accept shipping to po.boxes, forwarding address services or hotel rooms.

 

Here are some good contributions for fraud prevention:

 

Order IP Recorder v1.0

 

Credit Card Fraud Detection Service - Maxmind

 

If you do have more tips on how to prevent fraud please post them in this tread...

 

 

Here is a list of know high risk countries, If you know of more countries which should be included, please post them in this tread:

 

- Romania

- Indonesia

- Singapore (see note below)

- Ghana (a rising star of fraud!)

- Ukraine

- Uganda

- Nigeria

- Hungary

- Belarus

- Estonia

- Latvia

- Lithuania

- Slovak Republic

- Russia

- Yugoslavia

- Macedonia

- Phillipines

- Thailand

- Malaysia (see note below)

 

Note on Singapore & Maylasia: People in Indonesia use Singapore or Maylasia as the destination Country name, and still get the package because Singapore/Maylasia Postal Service figures out where to send it.

Link to comment
Share on other sites

If I wanted to keep my {fraud order level} down, I would do these things.

 

1. Accept my funds ONLY by means to where it's available to me when they place their order. That's why I use PayPal. You see, some store owners need the money from the customer to pay for their order.... the shop owner is just the middle-man.

2. Accept my funds ONLY in my currency... (US) for me.

3. DO Not use any credit card processing company that will allow me to process and ship an order and they (credit card company) still haven't posted the funds to my account. Some customers can get their product, and still proceed to get a refund, ... and you've never gotten the money yet.... the credit card company refunds them...... and still charges you for doing so. And.. not to mention,,, the person still has your goods in their possession.

 

No matter which company you use, only use one that will have your money posted to your account when a customer places their order.

 

- Place a warning in your cart , that you do fraud screening, ip recording and that any atemted fraud will be persued to the full extend of the law.

That's a start, but you have to realize that it's very easy to mask your ip, so, for those that are desperate to defraud you, you'll have a hard time trying to track the original ip address. Trust me on this... there are tools that will conceal your real ip address. And let's not forget about people in different countries that are doing the defrauding to you. It'll be vitually impossible to even prosecute them, even if you wanted to. Not saying you couldn't attempt to do so, it'll take hundres to even thousands of dollars just to actually catch and (or) have a person prosecute because they defrauded you... and the credit card used wasn't stolen or used un-authorized. I guess it would be good to place the warning, but the warning isn't going to stop them if they try anyway. It may thwart away some, but I wouldn't bother posting it... if you're going to do it,,,, do it.... just don't tell them. You're within all your rights and limits to NOT warn them, because they are comitting a crime if they attempt to do such a thing.

 

- Ship all packages registered

Shipping registerd is just like shipping the normal way, in a sense. Since you're going to have to pay a fee for the registered shiiping, you are better off shipping and (or) sending something {Restricted Mail/Delivery}.... that means that person ONLY can get the package AND they MUST sign for it.... Their identification is supposed to be compared against what the delivery person has on their slip... NO EXCEPTIONS to that part... Doing that,,, you'll have a better chance of knocking down your fraud..... But that way is only good if you're sending something C.O.D. or similar to that. If you're paid upfront for the product.. send it RESTRICTED... that way they don't get the product and then say they didn't..... Registered means anyone can sign for it... no matter which location it was sent to people can argue ... "I didn't sign for it, and no one living here at this location signed for it",, which could be debated that someone must have taken advantage of a delivery, because registered delivery doesn't check the address of the person signing for the package.... RESTRICTED does. You can request that from ANY shipper, postal service you use... and if you don't use it, give it a try.

 

- Do not accept shipping to po.boxes, forwarding address services or hotel rooms.

One again... if your credit card processor puts that money into your account for you right then and there..... then the credit card is for the most part not stolen, at least not reported stolen. It could be used un-authorized, but it's not stolen. I will ship to wherever you want it to go.

 

As far as the P.O. Box is concerned, you aught to think the other way too. Not saying you do, but if you accept checks/money orders or whatever.. you may want them to mail it into a p.o. box.... not accepting p.o. boxes for delivery is just like the customer saying...... "I'm not sending my money to a p.o. box". Isn't it fair for customers to feel that way, especially if you post "NO P.O. Boxes" (unless your shipper simply doesn't go there)

 

Forwarding addresses. Once again,,, it doesn't matter where they want their items shipped to.... especially if I'm paid up-front. And you wouldn't know a forwarding address unless you do a background on that address.

 

I live at:

123 My Other Home

Somewhere, City, ST, Zip ........ and you deliver it to there. Someone from 123 My Other Home, calls me to come pick up my package or they simply bring it to where I'm really at..... Same difference.

 

Hotel Rooms. I had a period of my life where I lived in a hotel for 18 months. I've had items delivered to me all the time. Then also... just looking at the victims of the "Katrina" hurricane/flooding... thousands of them... still in hotels. Shouldn't they be able to purchase from your web site? .... Again, it depends on how you get your money. I get mine up-front, so it sdoesn't matter to me... not unless the shipper doesn't ship to there.

 

Here is a list of know high risk countries

There wee go again... I don't care if you're ordering from the moon... once that money hist my account... I'm send the package to you.... on the moon. If those places are that much of a risk to a store owner, I'd say simply block the countries from placing orders.. that part is easy to do... but you have to realize like I mentioned earlier, it's very easy to mask your real ip address... which in turn.. will mask your real country code.

 

So far, I've been doing online business for 7 years and haven't had a fraulent order as of yet.... I've been using PayPal for about 2 years now, and as of yet, I still haven't gotten any fraudulent orders. Maybe I'm that lucky.. who knows?

 

All in all, I personally believe the easiest and quickest way to prevent the fruaud is to use a processor that verifies the credit card right then and there,,,, and your money is AVAILABLE immediately after they order.... It's been working for me.

 

Like I mentioned before, since I don't stock the products, the customers order is being paid for by the customer.. I don't pay for a product I'm selling and hope the customer will pay me later... Not me. If you can avoid it, which you should, do so.

 

Hopefully someone may find some usefullness from these posts.

 

Kevin

"What I didn't know yesterday, I know today & will remember tomorrow"

(By Kwalker)

 

What do you see when you open up the tep_database-pr2.2-CVS.pdf file that came with your osCommerce download?

Link to comment
Share on other sites

If I wanted to keep my {fraud order level} down, I would do these things.

 

1. Accept my funds ONLY by means to where it's available to me when they place their order. That's why I use PayPal. You see, some store owners need the money from the customer to pay for their order.... the shop owner is just the middle-man.

2. Accept my funds ONLY in my currency... (US) for me.

3. DO Not use any credit card processing company that will allow me to process and ship an order and they (credit card company) still haven't posted the funds to my account. Some customers can get their product, and still proceed to get a refund, ... and you've never gotten the money yet.... the credit card company refunds them...... and still charges you for doing so. And.. not to mention,,, the person still has your goods in their possession.

 

No matter which company you use, only use one that will have your money posted to your account when a customer places their order.

That's a start, but you have to realize that it's very easy to mask your ip, so, for those that are desperate to defraud you, you'll have a hard time trying to track the original ip address. Trust me on this... there are tools that will conceal your real ip address. And let's not forget about people in different countries that are doing the defrauding to you. It'll be vitually impossible to even prosecute them, even if you wanted to. Not saying you couldn't attempt to do so, it'll take hundres to even thousands of dollars just to actually catch and (or) have a person prosecute because they defrauded you... and the credit card used wasn't stolen or used un-authorized. I guess it would be good to place the warning, but the warning isn't going to stop them if they try anyway. It may thwart away some, but I wouldn't bother posting it... if you're going to do it,,,, do it.... just don't tell them. You're within all your rights and limits to NOT warn them, because they are comitting a crime if they attempt to do such a thing.

Shipping registerd is just like shipping the normal way, in a sense. Since you're going to have to pay a fee for the registered shiiping, you are better off shipping and (or) sending something {Restricted Mail/Delivery}.... that means that person ONLY can get the package AND they MUST sign for it.... Their identification is supposed to be compared against what the delivery person has on their slip... NO EXCEPTIONS to that part... Doing that,,, you'll have a better chance of knocking down your fraud..... But that way is only good if you're sending something C.O.D. or similar to that. If you're paid upfront for the product.. send it RESTRICTED... that way they don't get the product and then say they didn't..... Registered means anyone can sign for it... no matter which location it was sent to people can argue ... "I didn't sign for it, and no one living here at this location signed for it",, which could be debated that someone must have taken advantage of a delivery, because registered delivery doesn't check the address of the person signing for the package.... RESTRICTED does. You can request that from ANY shipper, postal service you use... and if you don't use it, give it a try.

One again... if your credit card processor puts that money into your account for you right then and there..... then the credit card is for the most part not stolen, at least not reported stolen. It could be used un-authorized, but it's not stolen. I will ship to wherever you want it to go.

 

As far as the P.O. Box is concerned, you aught to think the other way too. Not saying you do, but if you accept checks/money orders or whatever.. you may want them to mail it into a p.o. box.... not accepting p.o. boxes for delivery is just like the customer saying...... "I'm not sending my money to a p.o. box". Isn't it fair for customers to feel that way, especially if you post "NO P.O. Boxes" (unless your shipper simply doesn't go there)

 

Forwarding addresses. Once again,,, it doesn't matter where they want their items shipped to.... especially if I'm paid up-front. And you wouldn't know a forwarding address unless you do a background on that address.

 

I live at:

123 My Other Home

Somewhere, City, ST, Zip ........ and you deliver it to there. Someone from 123 My Other Home, calls me to come pick up my package or they simply bring it to where I'm really at..... Same difference.

 

Hotel Rooms. I had a period of my life where I lived in a hotel for 18 months. I've had items delivered to me all the time. Then also... just looking at the victims of the "Katrina" hurricane/flooding... thousands of them... still in hotels. Shouldn't they be able to purchase from your web site? .... Again, it depends on how you get your money. I get mine up-front, so it sdoesn't matter to me... not unless the shipper doesn't ship to there.

There wee go again... I don't care if you're ordering from the moon... once that money hist my account... I'm send the package to you.... on the moon. If those places are that much of a risk to a store owner, I'd say simply block the countries from placing orders.. that part is easy to do... but you have to realize like I mentioned earlier, it's very easy to mask your real ip address... which in turn.. will mask your real country code.

 

So far, I've been doing online business for 7 years and haven't had a fraulent order as of yet.... I've been using PayPal for about 2 years now, and as of yet, I still haven't gotten any fraudulent orders. Maybe I'm that lucky.. who knows?

 

All in all, I personally believe the easiest and quickest way to prevent the fruaud is to use a processor that verifies the credit card right then and there,,,, and your money is AVAILABLE immediately after they order.... It's been working for me.

 

Like I mentioned before, since I don't stock the products, the customers order is being paid for by the customer.. I don't pay for a product I'm selling and hope the customer will pay me later... Not me. If you can avoid it, which you should, do so.

 

Hopefully someone may find some usefullness from these posts.

 

Kevin

 

 

One note: If you use PayPal and have a cc verified account , if someone does a chargeback at a later date..if your paypal account is at 0 at that point , PayPal will deduct the chargback amount and the chargback fee from your credit card.

Link to comment
Share on other sites

the best way to combat fraud is to never give a warning or tell them what you look for.

when you do, this gives them something to think about before they order... so they know what they need to fix so you can't detect them.

 

in my previous experience: common sense is the best tool to fight against fraud with your shop :)

Link to comment
Share on other sites

One note: If you use PayPal and have a cc verified account , if someone does a chargeback at a later date..if your paypal account is at 0 at that point , PayPal will deduct the chargback amount and the chargback fee from your credit card.

 

That's true,,, and also unpreventable, in a way... I guess a disclaimer would be your best fight against that... something they sign and fax back to you... Just throwing something out there.

 

 

Kevin

"What I didn't know yesterday, I know today & will remember tomorrow"

(By Kwalker)

 

What do you see when you open up the tep_database-pr2.2-CVS.pdf file that came with your osCommerce download?

Link to comment
Share on other sites

the best way to combat fraud is to never give a warning or tell them what you look for.

when you do, this gives them something to think about before they order... so they know what they need to fix so you can't detect them.

 

in my previous experience: common sense is the best tool to fight against fraud with your shop :)

 

 

I do 100% of that myself.. i'm not telling you what I'm looking for to catch you........UUMMMPPP.... WRONG MOVE if you do warn them!!!

 

 

Kevin

"What I didn't know yesterday, I know today & will remember tomorrow"

(By Kwalker)

 

What do you see when you open up the tep_database-pr2.2-CVS.pdf file that came with your osCommerce download?

Link to comment
Share on other sites

I've sold many thousands of orders using my osCommerce site and haven't had a fraudulent order yet. Are you guys having problems with this?

 

It always depends on what you sell. I guess companys that sell high-cost products have a lot more problems with fraudulent orders.

HIM - Dark Light - Out on 26/09/05
Link to comment
Share on other sites

The higest risks are for those who do international orders with high ticket items and/or virtual/downloadable products.

 

For those who sell mostly within their own country, fraud is usually quite easy to spot and avoid just by using a payment provider with a good fraud screen system and for those who want a extra layer of assurance its quite easy to pick up the phone and give each customer a call before sending an order.

 

For those who have such a high quantity of orders that manual phone confirmation is unpractical , there is very good automated systems available too.

 

 

But the main point of this tread was for those who sell internationaly , where avs verification is not present as well as that the cost of calling up customers around the world can quickly mount up.

 

So for most of those it will actually be better not to deliver to certain countries/regions in the long run as well as using some of the international fraud prevention systems available.

 

 

As a side note when Verified by Visa and Mastercard Secure Code are fully rolled out and widly in use, this will actually not be a problem any more.......

Link to comment
Share on other sites

  • 2 weeks later...

This may sound harsh, but the key to stopping fraudulent orders is "Don't be stupid".

 

If it ships to Indonesia and bills to Bill Smith in Florida, what in the world do you think is going on?

 

When in doubt, call the card owner or send them an email and tell them to call and confirm with you.

 

Fraud detection is honestly the easiest part about running an ecommerce store. You guys are making it way more complicated than it needs to be.

 

1. Make sure you have AVS turned on with your CC processor- this will end 80% of fraudulent order attempts.

2. Call the customer if the shipping and billing addresses don't match. This will handle the other 20%

3. NEVER ship large quantity orders to someone who registers with a hotmail, yahoo, gmail, etc. account and enters their details as a business. Companies that can afford to order 50 or 100 of whatever you are selling can afford company email and do not do business through personal email accounts.

4. Never ship to Asia, Africa, or anything else that looks fishy. You will never get your money or product back from these countries.

My advice comes in two flavors- Pick the one that won't offend you.

 

Hard and Cynical: How to Make a Horrible osCommerce Site

 

Warm and Fuzzy: How to Make an Awesome osCommerce Site

Link to comment
Share on other sites

I found this contrib Order Fraud Screen , and it look really intresting, however I can not find feedback or an thread about it.

 

I'm using wpp and would like to know if I also could use this contrib, anybody familair with it.

 

Denice

 

Its basically the same one as the maxmind one mentioned higher on the page....it just have a different looking interface....

Link to comment
Share on other sites

  • 4 weeks later...

I am working on an osCommerce site that is heavily modified, and here is the ultimate goal:

 

During the osCommerce checkout process, we need to perform some type of error checking that does the following:

 

1) The shopper's BILLING address CAN be a PO Box, and they can change their shipping address to something different as most people rarely ship to a PO Box.

 

The error checking will need to do a check for the words "Box" in the billing address field somewhere. If the word "Box" is found, then we will allow the change. Otherwise, we will force them to input a PO Box, and if they don't, we will deny the change.

 

Is this possible?

 

I will look in to both of them, do you have any preference in regards to this.

 

Denice

Link to comment
Share on other sites

  • 3 weeks later...
If I wanted to keep my {fraud order level} down, I would do these things.

 

1. Accept my funds ONLY by means to where it's available to me when they place their order. That's why I use PayPal. You see, some store owners need the money from the customer to pay for their order.... the shop owner is just the middle-man.

2. Accept my funds ONLY in my currency... (US) for me.

3. DO Not use any credit card processing company that will allow me to process and ship an order and they (credit card company) still haven't posted the funds to my account. Some customers can get their product, and still proceed to get a refund, ... and you've never gotten the money yet.... the credit card company refunds them...... and still charges you for doing so. And.. not to mention,,, the person still has your goods in their possession.

 

No matter which company you use, only use one that will have your money posted to your account when a customer places their order.

That's a start, but you have to realize that it's very easy to mask your ip, so, for those that are desperate to defraud you, you'll have a hard time trying to track the original ip address. Trust me on this... there are tools that will conceal your real ip address. And let's not forget about people in different countries that are doing the defrauding to you. It'll be vitually impossible to even prosecute them, even if you wanted to. Not saying you couldn't attempt to do so, it'll take hundres to even thousands of dollars just to actually catch and (or) have a person prosecute because they defrauded you... and the credit card used wasn't stolen or used un-authorized. I guess it would be good to place the warning, but the warning isn't going to stop them if they try anyway. It may thwart away some, but I wouldn't bother posting it... if you're going to do it,,,, do it.... just don't tell them. You're within all your rights and limits to NOT warn them, because they are comitting a crime if they attempt to do such a thing.

Shipping registerd is just like shipping the normal way, in a sense. Since you're going to have to pay a fee for the registered shiiping, you are better off shipping and (or) sending something {Restricted Mail/Delivery}.... that means that person ONLY can get the package AND they MUST sign for it.... Their identification is supposed to be compared against what the delivery person has on their slip... NO EXCEPTIONS to that part... Doing that,,, you'll have a better chance of knocking down your fraud..... But that way is only good if you're sending something C.O.D. or similar to that. If you're paid upfront for the product.. send it RESTRICTED... that way they don't get the product and then say they didn't..... Registered means anyone can sign for it... no matter which location it was sent to people can argue ... "I didn't sign for it, and no one living here at this location signed for it",, which could be debated that someone must have taken advantage of a delivery, because registered delivery doesn't check the address of the person signing for the package.... RESTRICTED does. You can request that from ANY shipper, postal service you use... and if you don't use it, give it a try.

One again... if your credit card processor puts that money into your account for you right then and there..... then the credit card is for the most part not stolen, at least not reported stolen. It could be used un-authorized, but it's not stolen. I will ship to wherever you want it to go.

 

As far as the P.O. Box is concerned, you aught to think the other way too. Not saying you do, but if you accept checks/money orders or whatever.. you may want them to mail it into a p.o. box.... not accepting p.o. boxes for delivery is just like the customer saying...... "I'm not sending my money to a p.o. box". Isn't it fair for customers to feel that way, especially if you post "NO P.O. Boxes" (unless your shipper simply doesn't go there)

 

Forwarding addresses. Once again,,, it doesn't matter where they want their items shipped to.... especially if I'm paid up-front. And you wouldn't know a forwarding address unless you do a background on that address.

 

I live at:

123 My Other Home

Somewhere, City, ST, Zip ........ and you deliver it to there. Someone from 123 My Other Home, calls me to come pick up my package or they simply bring it to where I'm really at..... Same difference.

 

Hotel Rooms. I had a period of my life where I lived in a hotel for 18 months. I've had items delivered to me all the time. Then also... just looking at the victims of the "Katrina" hurricane/flooding... thousands of them... still in hotels. Shouldn't they be able to purchase from your web site? .... Again, it depends on how you get your money. I get mine up-front, so it sdoesn't matter to me... not unless the shipper doesn't ship to there.

There wee go again... I don't care if you're ordering from the moon... once that money hist my account... I'm send the package to you.... on the moon. If those places are that much of a risk to a store owner, I'd say simply block the countries from placing orders.. that part is easy to do... but you have to realize like I mentioned earlier, it's very easy to mask your real ip address... which in turn.. will mask your real country code.

 

So far, I've been doing online business for 7 years and haven't had a fraulent order as of yet.... I've been using PayPal for about 2 years now, and as of yet, I still haven't gotten any fraudulent orders. Maybe I'm that lucky.. who knows?

 

All in all, I personally believe the easiest and quickest way to prevent the fruaud is to use a processor that verifies the credit card right then and there,,,, and your money is AVAILABLE immediately after they order.... It's been working for me.

 

Like I mentioned before, since I don't stock the products, the customers order is being paid for by the customer.. I don't pay for a product I'm selling and hope the customer will pay me later... Not me. If you can avoid it, which you should, do so.

 

Hopefully someone may find some usefullness from these posts.

 

Kevin

 

 

 

 

This is the most sensible reply that I have heard in a long while to all this fraud bullshit, especially where ALL the citizens of a country are deemed fraudulent because some are - you'd think the word "fraud" came from the moon. I am a Nigerian and I get upset when people say Nigeria is a fraud country. The Enron fraud probably equals the whole Nigerian national econonic revenue for years yet US is NOT a fraud country. Crap

Link to comment
Share on other sites

  • 7 months later...

100% of my orders from Nigeria have all been Fraudulent. ALL! I just checked my store numbers and that is 14 in the past 2 months. I also do alot of advertising on Ebay and that's where most of these people come from. No offense to the country or the citizens, but my experience with Nigeria is bad. They always say its a gift for a husband, or gift to a son that is on a mission trip, but everytime I call to verify the order the customer realizes he has been a victim of identity theft. Maybe that should be our new slogan..

 

Prodigy Cellular - decreasing identity theft one person at a time..

 

Best advice I can give for all this fraudulent talk, is just check your orders.. use common sense as someone said a post earlier.. if you notice the billing in florida and they are ordering to Ghana or China or Nigeria with a long winded story on how there dog died and their loved one is in Ghana buying new chickens and needs a new cell phone to call your grandmather to thank her for selling them the phone or so on.. flag it.. call them, you should have no problems.

 

-Shawn

www.prodigycellular.com

Link to comment
Share on other sites

  • 5 months later...

you can also install the active countries module to controls what countries you want to list separately for create account, payment and shipping. So customers during registration or checkout cannot setup whatever country they want.

http://www.oscommerce.com/community/contributions,3607

 

Also you could modify your payment processor modules those they handle credit cards to store a field of the card's issuer phone number in the database which in turn will appear with your orders in osc admin. This is regardless of the transaction with the external gateway and there is no sensitive info stored in the dbase. You can then verify an order by calling the number.

Link to comment
Share on other sites

<snip>

 

So far, I've been doing online business for 7 years and haven't had a fraulent order as of yet.... I've been using PayPal for about 2 years now, and as of yet, I still haven't gotten any fraudulent orders. Maybe I'm that lucky.. who knows?

 

All in all, I personally believe the easiest and quickest way to prevent the fruaud is to use a processor that verifies the credit card right then and there,,,, and your money is AVAILABLE immediately after they order.... It's been working for me.

 

Like I mentioned before, since I don't stock the products, the customers order is being paid for by the customer.. I don't pay for a product I'm selling and hope the customer will pay me later... Not me. If you can avoid it, which you should, do so.

 

Hopefully someone may find some usefullness from these posts.

 

Kevin

 

Kevin-

 

With all due respect, I disagree with a lot of the advice you gave. I'm really glad you haven't had any fraud yet - that shows :D You're either *extremely* lucky, or you're in an industry with inherently low fraud.

 

For a seller who deals with med/high value items which are easily re-sold, these tips you gave would drive them out of business very quickly :( Trust me - I'm in a high fraud field, and I had to learn the hard way. Allow me to share!

 

PayPal vs. Credit Card Processor

 

I understand why you feel like paypal is better, since you get the money right away. However, you're looking at it the wrong way.

 

Our CC processor, as well as pretty much every other one, takes 2-3 business days to deposit your funds. So on the surface, paypal seems better, yes? NO! Paypal has a LOT of issues. The two biggest are:

 

1 - You have no idea where the money came from that funded the buyer's account. They could have easily funded it using a stolen/compromised credit card, and you won't know until 2 weeks later, when PayPal takes the money back from you... and you have absolutely, positively, no recourse.

 

2 - The paypal dispute system is horribly skewed towards the buyer (even worse the the CC merchant accounts). 9 out of 10 times, you'll lose if the buyer disputes the charge, even if you have 1,000 pages of documentation to support your case.

 

The bottom line is that while paypal seems better on the surface, it's FAR riskier.

Advice you should NOT listen to

 

"If the credit card passes the authorization, it's safe."

 

Not by a long shot. The only thing it means is that it's a legitimate card number and there are funds available, and that it's not reported stolen. The vast majority of fraud, however, happens on cards that aren't reported stolen yet (hello - the customer has to notice the fraud before they can report it stolen, since these are generally not cards that are physically stolen, rather, they are compromised accounts!). Just getting an authorization does NOT mean the card is safe!!!

 

"Once you get the money, you can ship anywhere you want, because you're safe"

 

NO! Most CC companies give customers SIX MONTHS to issue a chargeback. That money isn't completely yours until 6 months after the original transaction (scary, huh?). Again, ONLY ship to the billing address, and NEVER assume that the transaction is safe just because you have the money. In many cases, a fraudster will use someone else's card without their consent, and they may not even notice for a few weeks!

 

"If you aren't sure if the charge is valid, call the customer to confirm."

 

This might catch a few crooks - but only the idiots. Most criminals are going to just give you a pre-paid cell #. You call it, and surprise surprise, the person on the other end says it's a valid order. What you don't realize, however, is that you're not talking to the card holder.

 

In fact, even if it is the card holder, if they are intent on committing "cyber shoplifting" this won't help you anyway.

 

Bottom line: This isn't completely *bad* advice, but it's FAR from fool proof, and will only work in a very small percentage of cases :(

 

 

How to reduce chargebacks

 

1 - ONLY ship to the billing address. The only exception to this is if the customer has the alternate address on file with their CC company - but you'd better call and manually verify each and every one of these. Even at that, it's risky. In every single other case, ONLY ship to the billing address. If you don't, and the buyer disputes the charge, you lose - automatically.

 

2 - Force the customer to actively accept your terms and policies upon checkout. There are contributions that do this, by placing a checkbox on the confirmation page that won't let them checkout until they confirm. If you don't do this, and the customer disputes your polices (say, you charge a 15% restocking fee, but the customer calls the CC company and complains). You lose - automatically. That's right! Unless you force the customer to actually agree to the terms, you can't enforce them.

 

3 - Require a signature on your shipments. If it's a $5 package it's not a big deal, but if it's valuable by your standards, require a signature. Yet again, if your customer doesn't sign for the package, and later calls up the CC company and claims they didn't get it (even if the tracking # shows it delivered to their address) you lose. Bummer.

 

4 - Install a "Verified by Visa / MasterCard SecureCode" system on your website (we use the one from CardinalCommerce). That was the absolute best thing we ever did - it literally reduced our chargebacks by over 70%. Again, if you're dealing with low value products you may not feel it's worth the hassle - but if you're selling med/high ticket items, this is an absolute no brainer.

 

5 - Don't ship overseas, unless you can afford to lose the product. Again, this will vary by industry type, but in general, it's just not worth the risks. Not only is it generally impossible to verify the address, but Africa/SE Asia/Russia are massive hotbeds of fraudulent activity, and you'll never recover your goods or money if they nail you. It's just not worth the risk. I'm sorry if this sounds offensive and like you're punishing countries unfairly... but that's just the way it is.

 

6 - Be suspicious of new customers who order high priced goods and ask for expedited shipping. Use your head.

"People tell me I have an inferiority complex. They must be right; after all, they are all smarter than me."

Link to comment
Share on other sites

  • 4 weeks later...
<snip>

5 - Don't ship overseas, unless you can afford to lose the product. Again, this will vary by industry type, but in general, it's just not worth the risks. Not only is it generally impossible to verify the address, but Africa/SE Asia/Russia are massive hotbeds of fraudulent activity, and you'll never recover your goods or money if they nail you. It's just not worth the risk. I'm sorry if this sounds offensive and like you're punishing countries unfairly... but that's just the way it is.

 

6 - Be suspicious of new customers who order high priced goods and ask for expedited shipping. Use your head.

 

Tom is so right here. Don't have the article close at hand, but read a year or two ago that there are several websites, written in English, but located in Russia, which buy and sell credit card information. For a fairly small fee, they will sell you a pack of 50 credit card numbers, along with billing date, mother's maiden name, and billing address.

 

Tom

Link to comment
Share on other sites

  • 7 months later...

On my site I've designed a Forking/Filtering script that logs the visitor's IP & proxy IP, country, ISP, browser, installed languages and referring page. If any of that matches my blacklists the page is prevented from loading (sometimes I block Canada just for fun). I go through the logs almost daily. If I receive an order that I feel might be questionable, first I check PayPal to make sure the money is actually there, then check my logs to see what I can see.

 

So far I've had it up for almost a year and haven't had a problem yet. If I do see someone doing something they shouldn't be doing (like visiting my contact and error pages multiple times) I just add their info to the blacklist for next time. My contact forms also have scripts installed to keep spammers from sending mass messages or code injections. Again, never had a problem.

Link to comment
Share on other sites

  • 2 months later...
Here is a list of know high risk countries, If you know of more countries which should be included, please post them in this tread:

 

- Singapore (see note below)

 

- Malaysia (see note below)

 

Note on Singapore & Maylasia: People in Indonesia use Singapore or Maylasia as the destination Country name, and still get the package because Singapore/Maylasia Postal Service figures out where to send it.

First of all, I'm sorry to edit your post.

 

I've live in Singapore for a few year as well as KL Malaysia (only 1 year).

 

(Important) First thing to note. Singapore Address should not contain any state because Singapore is too small to has state. If the state is Singapore, it's fine.

 

As for Malaysia, please made sure the state is in Malaysia and not any part of Indonesia.

 

For Singapore Postal Code also known as Zipcode, it should be of 6 digits. You could verify the Postal Code at http://www.streetdirectory.com by typing in "Singapore XXXXXX" Please verify it is in Singapore.

 

Also try not to sent item, especially high price tag item to seaport especially fishing port. This is to prevent export of item. You could check if it is a port by using the above url also.

Link to comment
Share on other sites

5 - Don't ship overseas, unless you can afford to lose the product. Again, this will vary by industry type, but in general, it's just not worth the risks. Not only is it generally impossible to verify the address, but Africa/SE Asia/Russia are massive hotbeds of fraudulent activity, and you'll never recover your goods or money if they nail you. It's just not worth the risk. I'm sorry if this sounds offensive and like you're punishing countries unfairly... but that's just the way it is.

 

6 - Be suspicious of new customers who order high priced goods and ask for expedited shipping. Use your head.

 

Sorry again to edit your post to keep it neat.

 

When I'm working for a company in Singapore as Cashier, I even seen problem cards from Singapore Neighbor Country(Sorry but this is true. How I know? Their spoken slang is different) When I swipe the card, it say "Use Chip Reader" and the card do not have a chip. or a card issued by the few bank which provide Nets(a electronic Payment in Singapore) but on the card it did not show the Nets logo.

 

One thing I notice, quite a number of Singaporean did not sign on their card, especially debit card. These youngest who use them are not proper educated on the safety and risk of Cards usage. Which add to the risk of feud.

Link to comment
Share on other sites

  • 2 weeks later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...