No announcement yet.

Preventing fraud without being too conservative

  • Filter
  • Time
  • Show
Clear All
new posts

  • NancyC
    I know this is an old thread, suddenly new again, and I wanted to add my take on this. I've used Paypal Website Payments Pro for years with my previous cart and 3D Cart. I researched a bunch of credit card processors and even used a second one for a while when I had a second online store and the cart provider did not have PayPal Website Payments Pro as an option. I think PayPal is the lowest cost service and they don't nickel and dime you on every little option.

    They do actually go to bat for you when you have a chargeback. The whole Seller's Protection policy is designed for those that are using their PayPal account - if they have a confirmed shipping address (meaning the user has a credit card on file with PayPal and the billing address is also their shipping address) and you ship to that address, then they'll cover you pretty much no matter what. When using Payments Pro, most cards are processed just like they would be using any other processor - PayPal is just in the background. So none of these will have "confirmed" addresses. It's only if the user uses a PayPal account.

    I usually get a couple of chargebacks a year. On those where I have a signature at the time of delivery and it's signed for by the person who ordered it, I won. The ones I didn't win - the boyfriend and girlfriend who live together and it was her card but the item was for him. She claimed it was fraud and since his name was on the order (she actually called and ordered it and it was delivered to the billing address) I lost. And one where a guy damaged an item and claimed it was damaged in shipping. I didn't want to give him a refund since it was obvious he removed screws and doctored the item, but since it was against Amex, PayPal advised me that I'd probably lose and rather than deal with the bad experience I just gave in. Not worth the hassle sometimes.

    On our site, we do allow different billing and shipping addresses. It's a low percentage that come through this way, but I do have my PayPal risk controls set to accept orders ONLY if they have at least partially correct billing address - either the street, city, or zip code must be correct. It was too much of a hassle when I had it set to a full match only - it's amazing how often some people move and don't update their credit card info and aren't sure what the billing address is. The AVS issue also puts funds on hold in the buyer's account and when this is a debit card, it can be a hardship for the person. It can take a few days before their bank releases the funds back into their account since it's PayPal who declined to accept the funds, not the customer's bank declining it.

    Here's a few things I've learned over the years - if it's a stolen credit card, they usually don't call to place the order. If it's stolen and placed online, they don't give a valid phone number or email address - check your spam folder for bounce back emails from a bogus address. We call EVERY order that has a different bill to vs. ship to person. 99% of the time it's legit and the customers thank us for watching out for them. Like said previously though, we're watching out for ourselves. It is the merchant who will lose so take care of yourself! You'll have no one to blame but yourself if you're not vigilant. I use things like to do reverse lookup of phone numbers, I google the address (is it an abandoned house? you may find that out!). I even look up people on facebook if I need to. And if you cancel an order and it's legit, they usually call to ask why their order was cancelled.

    It only takes a few minutes to check a suspicious order and if you save $500 by avoiding a chargeback, you bet it's time well spent!

    Leave a comment:

  • satnavcompany
    I already heard this type of problem before My friend actually managed to get his money back. Sometimes, people tend to make mistakes depending on the amount of work they receive each day.
    It doesn't really concern who authorized it, but the way they actually handle such case but haven't encountered something about this so far
    Last edited by satnavcompany; 09-29-2011, 10:42 AM.

    Leave a comment:

  • canadianghosthunter
    No such processor exists. Customers will always get there money back from Paypal or Visa or whomever. Customer first merchant dead last. AVS, CVVS does not matter. The only way around this is Verified by Visa. Which many processors have but you will not find that option on any shopping cart software. At least none that I have seen.
    You got off lucky, I got nailed with $25000.00 in chargebacks as supposed customers said card was used without there consent or knowledge. I have address, IP address and proof of delivery with a signature, CVVS, phone numbers, emails, tracking numbers. But still lost out. Merchants are not covered by anything for this and with no help from the CC companies.
    You have to do your own checking. I do a trace on the IP address to see if it is form N. America and then follow it up with a phone call. I also do a google search on the shipping address. Last one showed an empty apt for sale listed online with no furniture in the pictures

    Leave a comment:

    I think sometimes these identity thieving, credit card scammin' scum bags will do a little "test transaction" at some random site to see if the charge will go through.

    The only reason I can think to buy a $20 widget and have it sent to someone else is that I'm just trying to see if funds are available on that card. I don't think I'd hide in the bushes at your house waitin' on a $20 widget to show up so I can hope you're not home when it arrives and maybe get to the front door first without someone seeing me and...

    I want to know if the transaction on the card will work based on the card and customer information I've obtained. If the transactions doesn't fail - voila! Now I've got a card and customer information that I can use or sell to my other scumbag friends... or, whatever these jerks do.

    Gotta love it, eh?


    Leave a comment:

  • SarahInc
    cekman -

    I actually had an order just like that a couple of months ago. It was for $11. Everything checked out just like it did for you. The email address even belonged to the customer. I though the whole thing was super weird.

    I think one of two things happened...either someone in the household (say a kid) made the purchase and then didn't fess up to it or some random fraud used it and was hoping to pick the package up from the customer's house before they actually got it. I mean the second one would be the only reason I could think of that some who is using stolen credit card info, would actually have it shipped to the same address.

    Leave a comment:

  • cekman
    I just had my first wierd credit card order. Luckily very small - only $18. Anyway - a customer order with credit card, billing and shipping address matched. All credit card information was correct and phone number matched address it was sent to (did reverse lookup).

    Anyway - sent to customer and yesterday he emailed to say he never ordered anything from me. He called his credit card company and they cancelled his card and are issuing him a new one.

    The only thing that was odd was he said he never saw the email address that was used to place the order. I tried to do a reverse lookup by email - but couldn't find anything free.

    I told him to return the merchandise and I would refund the whole amount. Since I'm getting the items back I'll only be out a small amount of shipping.

    Why would someone order something and send it to the owner of the card? Everything matched, name, address, phone number, Exp. date and CVC number.

    The customer could be just trying to get their money back - but I doubt it.

    Leave a comment:

  • ScribeTime
    1. We use Bankcard Services Worldwide for both of our stores and have been very happy with them. They use USAEpay for their gateway, which we've also been happy with. I'm not sure how they compare with other companies since they're the only ones we've used. But as far as I'm concerned the USAEpay online system is very easy to use.

    2. Regarding fraud controls - you can get more information from this link:

    3. Main advantages - reasonable rates, easy to work with, and good customer service.

    4. Main disadvantages - don't really have any - except that the online rate of 2.19% is slightly higher than the 1.88% quoted by bristweb.

    We also use Paypal and Google Checkout (most recently).
    Last edited by ScribeTime; 06-05-2008, 04:35 PM. Reason: Forgot to add other payment options

    Leave a comment:

  • SarahInc
    What's kind of funny about that is I've been in business for almost a year and a half now, and I have had 2 fraudulent issues, but within the last couple of months. At anyrate, they were both with AMEX too.

    I also use paypal btw.

    Leave a comment:

  • bristweb
    try google checkout. here is their page about fraud

    second, get on / cybersource and use their avs tools. bank of america set us up with 1.88% rate for online transactions which i think is very competitive.

    Leave a comment:

  • dcox
    Thanks for the information.

    I am looking at my payment statistics because I am so frustrated with PayPal (not only about the chargeback, but with their customer service as well) that I want to switch processors. However, I have analyzed the statistics and while I do not have a huge population, hopefully I have enough to make a reasonable decision.

    Here are my payment method statistics based on revenue of completed (not fraudulent) orders:

    VISA/Mastercard: 62%
    AMEX/Disc: 10%
    PayPal: 28%

    These numbers are based on dollar amounts, not the number of uses for each payment method. I did not realize until now that PayPal payments account for 28% of my business. This is slightly skewed because one of my largest sales has been paid for with PayPal. Payment method statistics based on number of uses is as follows:

    VISA/Mastercard: 79%
    AMEX/Disc: 8%
    PayPal: 13%

    Of the 3 fraudulent (or suspected fraudulent) orders I have had, I have cancelled two and eaten 1. Two of the three were placed with AMEX...

    Based on this, I am willing to drop AMEX and Discover if needed. I hate to lose 10% of my business, but many of the merchant accounts do to work with AMEX or Discover.

    I am looking at a few options:

    1. Stay with PayPal, but use their advanced risk controls (looking into effectiveness and cost)
    2. Emerchantsgroup, which has the lowest fees, but cannot accept AMEX or Discover (unless they consider my PayPal account an existing AMEX and Discover account)
    3. Bankcard Services (3d Carts recommendation). Fees here are a little lower than PayPal, but not as cheap as emerchantsgroup. Also, I’ll have to find a gateway, which will probably offset the lower fees. There is also a 3 year contract that seems a little long.

    I still have to research option 2 and 3 for risk controls. Whatever I do, I need to have the option of setting STRICT risk controls. I cannot afford these huge chargebacks.

    Anyone out there use emerchantsgroup or Bankcard Services? If so:

    • Are you pleased with the service in general?
    • What risk controls are offered?
    • What are the main advantages you find in the service?
    • What are the main disadvantages you find in the service?


    Leave a comment:

  • SarahInc
    Seems like there is more safety coverage for the customer, but nothing for the business. I realize that in a lot of cases customers get screwed by companies. I have had this happen to me on several occasions. And yet at the same time, since being in business it seems that I have had customers who go out of there way to try to screw me too.

    Leave a comment:

  • rrw
    In the eight years that we have had an online business we've gone through the mill with regard to credit card processors. We initially used Cybercash, which was bought by Verisign, which was bought by PayPal. When PayPal took over, some of the services that we used to get for free became a paid service. We didn't realize that at first, and after a couple of fraudulent transactions (not NEARLY as bad as you've experienced) we had to do the upgrade. As you state, they only checked the basics--when you upgrade to their next level, however, you can determine which items you want them to check. We have it set to reject any card that doesn't have an address, zip code, and CVS code match. I don't know any that match name.

    In the past, we've been told by both Verisign and our merchant bank that even if you have a fully cleared card, delivered to the billing address and signed for by the customer, it still doesn't matter. All the customer has to do is state that they didn't place the order, and they didn't sign for it--actually had that happen. All we could do was to wish the bride all the worst and let karma do it's thing. :(

    Leave a comment:

  • dcox

    Hello everyone,

    I wanted to give you an update.

    The chargeback fight was dropped by PayPal saying "This chargeback type is not covered under PayPal's chargeback policies." I suppose no type of chargeback part of their policy. Luckily I did have a brainfart earlier and I realized it won't cost me $2500, just $1100 (cost of products shipped)... Still a bummer though.

    At any rate, I am now officially looking for another processor. It turns out PayPal's AVS is pretty much worthless (most services may be, I am checking into it.) This is what PayPal checks for a transaction authorization based on the few dozen calls and emails I have been a part of over the past few weeks. To authorize the transaction, PayPal checks the following against the CC company files:

    Security Code
    Expiration Date

    They do NOT check the following:

    Their AVS service checks the following against the CC company's files (AVS does not necessarily have to check out for the authorization depending on your settings):

    First several (5 or 7 I think) digits of the numerical portion of the address
    Zip Code

    I learned all of this because I cancelled a suspected fraudulent order and the refund went to a person who did not place the order. When PayPal was questioned about this, they promised the refund went to the correct person. I then questioned why the transaction was authorized in the first place and I was informed the name was not something that was checked.

    I want a processer who checks EVERYTHING. I ship ONLY to the billing address, so it shouldn't be a problem for these checks. Are any of you aware of anyone who provides this?

    Thank you!

    Leave a comment:

  • dcox
    Yes, I have noticed that only one of my sales have been covered under the policy and that is because they paid with Paypal.

    I am curious to see how this chargeback turns out. I have a bad feeling I am going to have to eat it, which may be the end of the webiste.... I've been trying to decide to keep going with it or drop it (side business that isn't profitable yet). A $2500 hit will be a good reason to shut it down.

    Leave a comment:

  • SarahInc
    I had a issue similiar to this a couple of weeks ago, and I also use Websites Payments Pro. I talked to someone at PayPal, and they told me that their customers (like you and I) who utilize Website Paymetns Pro are considered high risk. Thus no orders placed through our sites where the customer enters their credit card information are covered under their seller protection policy. The only way you would be convered under the policy would be if the customer actually pays through paypal (like through the their express checkout). She then told me that basically all I can do is use my best judgement, weight out the risk.

    The thing I find interesting about that is that they kind of advertise that seller protection is a benefit of using Websites Payments Pro, but it really isn't if it only applys to customers who actually pay through paypal because the vast majority of my customers at least pay though my site not paypal.

    Leave a comment: