Dealing with CC fraud

Status
Not open for further replies.

RedCardinal

New Member
Having not dealt too much with CC payments previously, I'm now confronted with increasing numbers of fraudulent payments. I hadn;t realised that it was just so easy to get away with...

So the bank are now advising on checking all payments made with foreign sounding names and saying to retain all CC details for checking given addresses. Of course the banks don't let you check this automatically at transaction time, so this means storing CCs. Alternatively use 3D transactions. In my view 3D is just plain alien to too many folk - the one time I came across it I certainly put some serious thought into whether or not to continue with transaction. I dont like leaving one site to go to a banking site (aren't they the ones being phished all the time) to re-enter my CC details.

How are others dealing with this issue?
 

dude

New Member
During a weird little period when I worked for Paddy Power, we used to verify every CC with an external company (cannot remember the name as I type this.) We would either fax a list of CC numbers / details or ring them and get them verified over the phone. I think it cost €1 per CC check.
 

mneylon

Administrator
Staff member
We block orders from most of Asia to start with

We also use the 3 digit verification and 3d secure - it doesn't matter whether it's foreign to people or not - it not only reduces fraud but also reduces our liability

Getting chargebacks of several thousand euro is not my idea of fun!
 

Fintan

New Member
I have found that 3d secure is the reason for 50% of our abandoned sales. I believe the CC companies have not done enough to educate customers about what it is and why they should use it.

RC - does whoever process your CC offer fraud checking? For example I know Realex offer it as part of the service?
 

Daisy

New Member
We have it constantly with non-EU nationals looking for letters of invitation to attend events in Ireland for visa purposes - bane of my life! Many of the transactions are caught at authorisation point, but at least one or two get through every week. It's a little easier for us - we can see that a gentleman whose email address is george@yahoo.com but who claims to be representing the Ghana Standards Board (just one recent example) is unlikely to be genuine.

Our system notifies us with name and email address of every transaction. Any yahoo/gmail/hotmail addresses are checked before the end of the trading day. If the name on the card does not match the name on the email, or if we have any reason to suspect that the transaction is not genuine, we void the transaction and contact the email address. Most times the phrase "The authorities have rejected your transaction. Please send verification that you are the cardholder" produces silence.

In one case, a client of ours offered a refund on an event that was cancelled. She unwittingly offered it to a fraudulent transaction that she didn't catch (our system connects into their realex a/c directly, so we don't check the transactions). The gentleman sent over his bank a/c details so that the payment could be refunded into that instead of the card... hmmm... me smells interpol...

If you're using Realex, be ruthless in checking and voiding transactions that you have any doubt over - you can always contact the genuine ones later and pick them up.

Good luck soldier! Sarah
 

RedCardinal

New Member
I have found that 3d secure is the reason for 50% of our abandoned sales. I believe the CC companies have not done enough to educate customers about what it is and why they should use it.

RC - does whoever process your CC offer fraud checking? For example I know Realex offer it as part of the service?
Unfortunately not for Irish addresses and the business is Ireland only...

I think this might also rule out dude's suggestion, but might have to research that some more.

It appears there is little that can be done barring 3D and I think when you have an average sales value in the €00's the abandonment cost of adding in the (crappy IMO) 3D step just doesn't cover the benefits involved.

Welcome to Ireland where online fraud is apparently very welcome :(
 

louie

New Member
3d is the way to go. We did it and despite the fact that we are loosing probably 50% of the sales, I don't care.
At least I sleep better a night.

Last year we lost a lot of money because of charge-backs, and since 3d secure was implemented, we haven't lost a penny as the liability falls on the issuer if they are ready or not.
 

RedCardinal

New Member
3d is the way to go. We did it and despite the fact that we are loosing probably 50% of the sales, I don't care.
At least I sleep better a night.

Last year we lost a lot of money because of charge-backs, and since 3d secure was implemented, we haven't lost a penny as the liability falls on the issuer if they are ready or not.
I'm going to disagree with you on this one - I'd rather put down fraud as a cost of business than lose 50% of my sales. Why should the vendor accept an obviously flawed system from the banks? Even if they simply validated the correct addresses then it would be one less chink in the armour.

3d will never work IMO given the inept response on the part of banks to phishing - if they are telling customers never to enter their authentication details into unsolicited pages how on earth is the average Joe to know the difference between the 3d interface and a phishing attempt?
 

mneylon

Administrator
Staff member
If you have a very high incidence of fraud and DO NOT use 3D secure etc., your bank could make processing payments for you a lot more awkward.

3D secure only asks you for a password. It doesn't ask you for loads of personal information.
 

RedCardinal

New Member
If you have a very high incidence of fraud and DO NOT use 3D secure etc., your bank could make processing payments for you a lot more awkward.

3D secure only asks you for a password. It doesn't ask you for loads of personal information.
Funny how the banks yet again are trying to pass the onus to the vendor for securing their [the banks] systems...

I don't get why they cant validate addresses in Ireland? it does seem really daft to me.
 

louie

New Member
They can if they really want to, but i don't think they care.

Last year using basic authentication, I lost more then I made, despite the calls made to make sure transactions were for real. We had a lot of documentation at hand to prove that we verified and did our homework, but when it came to charge-backs was worth nothing due to "customer not present".
 

mneylon

Administrator
Staff member
Which is why 3d secure can make life a lot easier. Chargebacks are painful. Whether they're for 5 euro or 5 thousand ... We got a couple the other day that were from someone who'd been phished - very nasty!
 
D

Davthalas

Guest
Personally i've found countless times that most internet credit card fraud is conduction via payment systems like PayPal. So i tend to stay away from PayPal wherever i can but its hard as its becoming a standard in its own right.

Another way to reduce the amount of CCF that effects you is to limit your services to certain regions, for instance i won't accept payment from anywhere outside of the EU or US.
 
Status
Not open for further replies.
Award-winning Mac antivirus and Internet security software
Top