T-Shirt Forums banner
Cancel

Any Advice on Preventing Online Fraud?

1347 Views 6 Replies 6 Participants Last post by  LMCTees
E
Hi,

I was wondering if anyone has advice on preventing online credit card fraud?

Our store has been online for almost two years now. About six months ago, I started noticing strange behavior and it recently has gotten worse.

We started getting a lot of people trying to place orders where their billing address doesn't match their bank account address, resulting in a AVS mismatch. This was fine as it proved that our merchant account payment gateway was doing its job.

We recently received our first chargeback for about $160.00. Ok, this was an ignorant move on our part, but someone placed an order, then wanted it delivered to a PO Box. A couple weeks later, I noticed the person did a chargeback and we've now lost that money, and we've lost those products.

Then I started noticing incredibly odd things. People started creating accounts on our site with nonsense information. Things like "asdasd asdasdasdsad" as their name and billing address, saying that they live in Antartica, and listing a 10 digit phone number.

Thing is, one of these orders went through, passing all tests, and the money (around $1,000) is in our account. Although the money deposited is less than the total amount recorded in our shopping cart. So I can't refund the money, or else we will be out about $150, and the person's information is bogus, so where would that money go even if I did issue a refund? Even if it was a valid order, I couldn't ship it as it's not a valid address. And since it's not a valid address, how did it pass the payment gateway's security tests?

These are just two examples of recent fraud attempts that have been successful. After doing some research, it appears there is a number of techniques/tricks these scammers are doing, and some of them can be extremely complex. They purposefully target smaller online retailers as we're probably not going to be able to afford legal action, assuming you could even figure out who these people actually are. Tracking their IP addresses doesn't usually return any valid information as they're probably using proxies...

Our store is using Zen Cart 1.3.9f and our merchant account is with Authorize.net. We also have Google Checkout & Paypal, but the problems are generally with Authorize.net. I'm not sure how much this matters though, as it seems that they could do it with any shopping cart system.

I am currently searching for options to prevent this kind of abuse. Problem is, it seems that the solution is to install more and more modifications to the shopping cart, and complicating the shopping/user experience, which I am told is exactly the opposite of what we're trying to accomplish.

I just installed captcha in the event that these attempts are automated, I'm not sure about this.

The main problem for us is that our little online store is currently more of a hobby to us. We would love for it to become a full time job. But we have been struggling to break even. If this continues, we will probably have to close up shop. The scam attempts are starting to out number our legitimate transactions, and it's even getting hard to distinguish which orders are valid, and which ones are not.

It appears that this economic crisis is bring out the worst in everyone. Any advice is appreciated... Thanks in advance.
See less See more
Reply
Save
Like
1 - 7 of 7 Posts
Rodney
Thing is, one of these orders went through, passing all tests, and the money (around $1,000) is in our account. Although the money deposited is less than the total amount recorded in our shopping cart. So I can't refund the money, or else we will be out about $150, and the person's information is bogus, so where would that money go even if I did issue a refund?
Click to expand...
You should refund the money ASAP through your merchant account.

The money deposited is probably less than the order because of the merchant account fees that were taking out before it went into your account.

It's best to login to your payment gateway and issue a refund immediately for the total and the transaction will be reversed. That will save you the issue of a chargeback (and any fees associated with that)

Then I started noticing incredibly odd things. People started creating accounts on our site with nonsense information. Things like "asdasd asdasdasdsad" as their name and billing address, saying that they live in Antartica, and listing a 10 digit phone number.
Click to expand...
This is probably done with an automated bot that tries to mimic human behaviour.

You could setup your merchant account gateway to have some additional fraud protection. I know Authorize.net offers a fraud protection suite that is helpful for online orders. You can filter based on IP address range/location/missing information/no CVV match/volume of orders tried, etc.

I just installed captcha in the event that these attempts are automated, I'm not sure about this.
Click to expand...
People shouldn't have to complete a captcha to finish an online purchase. That will definitely deter sales.

It could be that the shopping cart you're using is more vulnerable to these attacks somehow. Have you checked the Zen Cart forums to see what others have tried to stop these type of attacks.
See less See more
Reply
Save
Like
taricp35
This has happened to us. I received several very large orders for Rhinestone motifs. This was just too large of an order to place online without talking to someone. This was a dead giveaway. They first contacted us for a quote with a name like abgabg, abgabgabg which is very similar to what you got. They then placed an order with the same name, and listed a P.O. Box for the address. My site clearly states we do not ship to P.O. Boxes when asked for your shipping address. The email they signed up with was even bogus. The good thing though is that they paid with paypal and I just refunded the money without even thinking so I did not lose anything but I knew it would have been charged back anyway. The first charge back I had with Paypal was a few months ago. It was only for about $40 but I didn't realized that it could be charged back with Paypal until this happened. I guess no matter which way we go we are susceptible to con artists.
See less See more
Reply
Save
Like
E
I have checked the zen cart forums. There's about three pages of people sharing similar experiences. There's also a lot of contradicting advice. It appears the only real solutions are to add more and more mods to your cart that interfere with the shopping experience, or ban them by IP, or try to report them to their ISP.

I suppose the only real solution to this is to manually dissect every order that comes in. There has been two accounts created today with garbled information like askjdkasjd aksdjsaj. And one created that looks completely legit. Except for the fact that their billing address is in Kansas, while their phone number has a Hawaii area code. Which could be entirely real, but who knows.

I will look into all of the Authorize.net options further and refund the money.

I guess I'll also no longer allow shipping to PO Boxes.

These attempts have seemed to stop since adding captcha but my gut does tell me to remove it.
See less See more
Reply
Save
Like
Solmu
ehinchman said:
And one created that looks completely legit. Except for the fact that their billing address is in Kansas, while their phone number has a Hawaii area code. Which could be entirely real, but who knows.
Click to expand...
US cell phone numbers have area codes, don't they?

(Let's see... the number of the 'disposable' cell phone I bought when visiting the US last year was 323XXXXXXX, 323 being the area code of central LA... so that's a yes).

So keeping your cell phone number despite moving inter-state seems like a perfectly normal thing to do.

Which isn't to say a mismatch shouldn't still be a red flag of course, just that it's a warning sign and not a "don't do business with" sign like Nigeria + Western Union is.
Reply
Save
Like
JeridHill
Here are a couple of great sites for detering known problematic IP's. It won't catch them all, but they will catch most of them.

The Web's Largest Community Tracking Online Fraud & Abuse | Project Honey Pot

and

Stop Forum Spam
Reply
Save
Like
LMCTees
With every transaction that comes through we check the billing and shipping names and addresses on it. If the order doesn't look quite right or seems fishy we will call the customer and hold the order until we hear back from them. We also look for a valid phone number with the order. We require all customers to list their phone number for this reason. Our credit card processor is also set at the highest security settings. This can make it difficult for some customers but in the long run it saves us money from charge backs. We only have about 2 charge backs each year due to REALLY good scammers getting by somehow. We definitely keep a close watch on this. There really isn't any other way around it.
Reply
Save
Like
  • Like
Reactions: 1
1 - 7 of 7 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
T-Shirt Forums
A forum community dedicated to T-shirt merchants, professionals and enthusiasts. Come join the discussion about graphics, commerce, dyes, prints, collections, guides, displays, styles, scales, equipment, accessories, reviews, classifieds, and more!
Full Forum Listing
Explore Our Forums
Screen Printing General T-Shirt Selling Discussion Graphics and Design Help Member Introductions Heat Press and Heat Transfers
Top