12LEE

[rant]
Pi$$ed off.

We budget for ~5% fraudulent transactions at our webstore. Having just been hit with three transactions over the last month I'm in rant mode because although we were suspicious of the purchaser, we got faxed proof of ID and card details from them, yet the transaction was still fraudulent. Adios £1k! Although we plan for fraud, it's still annoying to get caught out, and it'll be annoying for our customers when we stop offering quick service for people with Switch cards/mobile phone contact numbers/free email addresses/out of date address details/etc.

Any concensus from other web retailers on the best course of action? Police and banks are never interested and within reason, I can understand why. I'd love to come up with some form of web community debt recovery service. Even if the goods never came back, there'd be *so* much satisfaction in the fraudsters getting a visit from a bailiff type!
[/rant]

Cheers

Lee.

Pete Croney

Hi Lee

We have been hit and most other Scooby retailers get hit too.

What people don't realise is that the card companies take the money from back from the retailer. Not only have the goods been stolen but we also get charged commision on the fraudlulent transaction.

I have a 50/50 record on getting my money or goods back at the moment and I have given up calling the police.

The last copper that sat in front of me said "well no is actually a victim are they?" WTF!!!

My new methods of recovery are proving must more effective and much more satisfying.

12LEE

Hi Pete

Long time no speak. We must talk ;-)

Cheers

Lee.

David Lock

Hi Lee, Can you be more specific on what actually goes on? Mail me off-line if you want. I assuming that these are mail order sales with a card which is authorised by the clearing house? I ask because I take cards and have been taken but in a much smaller way. The card was valid, had not been reported stolen and yet I still lost out. Thanks if you have a moment. Perhaps you could consider use of the Debt Recovery Boys who don't take many prisoners (if you know where goods are). Even their fax flyers make me shiver!! David





[Edited by David Lock - 10/16/2002 7:15:23 PM]

BuRR

The "cardholder not present" clause makes it very hard for the vendor / retailer to wriggle out of the problem.

DavidHill

Working for a large mail order company, we gets lots of attempted fraud, there are a few v. simple checks you can make to stop getting caught out.

Would agree police/card companies couldnt give a toss about the problem, when so little efford on there part could stop the problem altogther.

Feel free to mail me offline for advice

David

davidhill@dsl.pipex.com

12LEE

Cheers all. Davids, YHM.

roadrunner

We use worldpay for internet transactions. IMO worldpay are very good. Our last attempted fraud was nearly 5k worth of goods over 4 different transactions [img]images/smilies/mad.gif[/img] With the help of worldpay we detected the scam and refunded the cards before the card holders knew there cards had been misused we also managed to recover the goods that had been shipped cos we stopped the delivery the following day...phew

Typical worldpay check is below, they also check on IP address, ISP information etc.

AVS results:
security code comparison - matched
postcode comparison - matched
address comparison - matched
card issue country/contact country comparison - not checked

We also get different levels of cautions for the transaction
Example
WorldAlert result: WARNING
This transaction has been identified as potentially high risk. We strongly recommend further checks before fulfilment of an order. If the transaction has been authorised by the Bank for available funds and you choose not to fulfil you must refund the transaction and contact the Shopper to inform them.


[Edited by roadrunner - 10/16/2002 8:34:37 PM]

Kevin Greeley

Could you clarify this for me please?

1. A card is stolen and the thief tries to buy something from you with it.
2. You contact the credit card company and get authorisation (as they don't know the card has been stolen yet).
3. You send the goods.
4. Credit card comapany says "Sorry, transaction was fraud, you don't get reimbursed"?

Am I missing something?

Thanks

Kevin.

Mr.Cookie

Kevin

1.Fraud transaction made
2.Items delivered
3.Real card owner realises speaks to credit card company who after lenghty process reimburse cardholder
4.Credit card company take money back from vendors
5.Vendor left with bugger all as neither have goods they sent out or money that paid for goods

As i understand it, this is why a few internet and mail order companies will only deliver to cardholders address.

Si

lego

what about the address that you sent the goods to?
surly the police can track the scum down to that?
or an ip address.

12LEE

The police generally won't. Names used are typically false and there's nothing attaching the person signing for the box to the transaction "Dunno anything mate, some geezer asked me to wait here and sign for a delivery". No crime in that!

Clarebabes

Mr C!!!! Hello!

Sorry. Carry on.

chiark

Lee, who's your merchant acquirer? Do they offer the "Verified by Visa" service? Can they offer CVV checking, or the APACS address verification trial? Can you take insurance against this providing you follow certain procedures?

I worked for our card group for a while, so know the troubles your up against...

I also worked for a mail order company part time. Their answer was to only despatch to addresses that they could verify through an independent source. Ended up using BT directory inquiries, which is fine for some but doesn't work for others.

alcazar

iTrader: (2)

Rant mode on:
Why is there always some total scumbag who finds the loopholes, and puts them to their own dirty fraudulent use, thereby spoiling it, or making life more difficult for the retailer, AND the purchaser?
And WHY are the police never interested these days, except in things like speeding, (which kills, you know? Grrrrrr), which appear to make money for them or the gov.t?
I've recently had to leave a trolley load of shopping at the Cherbourg Auchan, and go and get my passport from the Scoob, because they will no longer take any form of payment there except cash from British shoppers, without passport i.d.!!!
Ooooooooh, this makes me so mad! [img]images/smilies/mad.gif[/img]
Rant mode off
Alcazar

12LEE

Nick: we use AVS and CVV2. When we get careless, overconfident or overtrusting, mistakes occur :-(

The annoying thing about AVS and CVV2 is the lack of comprehensive support. Our PSP's records show that:

40% of transactions get all data matching
44% of transactions get CVV2 only
1% are AVS only
10% has no match
4% has no data

In our experience, we get many more customers using Switch/Solo (which don't support any of this stuff). We're seriously considering turning off Switch/Solo.

Edited to add:

Alcazar: I'm with you 110% having just driven to Peterborough and back for a meeting with a client who didn't bother to let me know that he couldn't make the meeting because of illness... I counted 10+ cars this am jumping reds. I've turned into an old git with no respect for country, government, police, public... bah humbug!

[Edited by 12LEE - 10/17/2002 12:42:37 PM]

chiark

Lee,

I would turn off switch/solo! Debit cards are shockingly bad both for you and for the cardholder. I know it costs you less money to have a debit card txn acquired, but the risk is more IMHO.

Incidentally, I'm about to email you about something completely different. Expect a mail

Cheers,

Nick.

muppet paster

I work for a company which does some M/order and we use some software which crosses an addressing program with the electorial roll. This is quite a good system, as to get a credit card you've got to be on the electorial roll for the inital credit checks, and to try to comit fraud in your own name, to your own address, is pretty thick for anyone! Hasn't stopped all the fraudulant transactions, but is a useful tool.

Puff The Magic Wagon!

iTrader: (2)

On my list of "Useful Devices For Courier Services"

Built in camera for taking picture of recipient.

ChrisB

Dabs.com stopped taking Switch / Delta.

http://www.dabs.com/support/faq-arti...ticle=1697&m=s

"Unfortunately, Switch have not yet implemented such measures and as a result, we have experienced unacceptable levels of fraudulent transactions on Switch and Solo debit cards. Whilst we apologise for any inconvenience caused, on May 29th 2002 we decided not to accept payment by Switch or Solo debit cards until further notice, EXCEPT for payment in person at our Counter Collections desk in Bolton.

The new system from MC/Visa has focused fraudsters on Switch instead, and we found that whereas credit card fraud rates have dropped remarkably, Switch fraud increased over five times, reaching tens of thousands of pounds per week."

12LEE

and www.ihavetohave.it has just followed suit.

Sad sign of the times.

David Lock

1) Nice to see a sensible thread for a change

2) Thanks for your mail to me Lee

3) Sorry I am missing something here. Thick I know, but what EXACTLY are these frauds about? Are they stolen (but reported as such) cards which somehow get authorised? Are they stolen but not reported until after sale so merchant suffers? Why should Switch/Solo be worse than Visa, for example?

Above is a genuine enquiry as I take Switch etc for mail order although only small time so don't have the high stake risks that some of you guys have. Thanks, David.

PS. In my limited experience I have to say I think the banks take the p1ss. I pay them a few thousand a year for transaction fees - they then knock me back for a transaction which thay have cleared, when a dodgy customer complains but take f.. all action even when it seems a fraud has been commited. [img]images/smilies/mad.gif[/img]

Mufasa

The card could be still in the owners possession so has not been reported stolen, however the details from that card are being used by the fraudster to obtain goods.

That's what happen to me (Visa Debit) [img]images/smilies/mad.gif[/img]

12LEE

edited to add the first few paragraphs!

CVV2 is the check for the security code on the signature strip of the credit card. +ve CVV2 indicates that the card is in the purchaser's possession.

AVS is address verification, i.e. does the card relate to the address details supplied by the purchaser.

Support for these schemes on Visa and MC is better. Switch support is non-existant, even though they were committed to supporting it a year or so ago.

Basically, if you're a merchant taking cardholder not present transactions and you get a transaction with non-matching (or missing) CVV2 and AVS, you're relying on electoral roll and directory enquiry data to verify cardholder identity. Add electoral roll lags, consumers' tendency to supply mobile numbers for contact and the (understandable) desire to ship to work/non-home addresses into the mix and it's a minefield. We look for all this data, and seek proof of card ownership (i.e. a fax of the card), address and ID if we're concerned. Shame we don't always adhere to this and that there are fraudsters forging these documents (FFS!).

Might go back to trading futures....

[Edited by 12LEE - 10/17/2002 9:00:06 PM]

NOZZER

I got stung 18 months ago for a substancial amount with cardholder not present. Now it is nearly impossible to do a "code 10" call, so i have nearly eliminated mail order unless i know the customer. Have lost lots of turnover but at least i get paid.
I felt so strongly about this i spoke to financial lawers wrote to my MP and went to see him. He was aware of the loophole but banks are too big for anybody to beat them, so tough.
So few people relise it is the retail outfit who gets stung and not the bank/card issuer. PEOPLE need to know this!!!
In a age of very low profit margins, a business can not always soak up a loss.

Kevin Greeley

I didn't realise the banks pass the fraud onto the 'innocent' merchant. This is outrageous!

Why take the risk? Surely ditching credit/debit cards and setting up cash on delivery or pay-first accounts would be an alternative?

Is it a case of accept credit cards or lose the business?

cjones944

Why not simply refuse to ship goods to anywhere other than the cardholder's registered address?

muppet paster

That's what we have started doing. Every other time you tell someone this wilst talking to them on the phone you end up having the same conversation!


[Edited by muppet paster - 10/18/2002 12:26:00 AM]

David Lock

OK so tell me what's wrong with this idea? Having in mind increasing cardholder-not-present fraud using stolen cards. When a customer gets his card then he personally chooses two extra numbers say 18 or whatever (or perhaps letters, say HW) and advises the card issuer of his choice which is then registered against his card. If he is using card for mail order or similar then retailer asks him on phone for this number - which will form part of the transaction clearance but not printed out from terminal machine chitty to maintain security of chosen digits. Wouldn't this prevent authorisation of the vast majority of stolen cards that have not been reported as the card thief would not know this number and could not take a chance with a guess (there are two many combinations). Perhaps this could be extended to when cardholder present but one would need to devise a system for the customer to disclose the two code-number without the world and his wife hearing what it is. I aam not suggesting this as an all out panacea but perhaps it has some merit or am I being naive? David

BoxerFlat4

As a (small) mail order company, we've got a few small procedures which seem to work well for us :-

1. Address: although we will deliver to an address not registered to the credit card holder, we ALWAYS take the FULL address registered to the card anyway. Also, it seems reasonable to assume someone who's having their goods sent to their work address ( its usually obvious when they are ! ), that they're not going to rip you off. I would NEVER send goods simply to another address without a very good reason.

Also, check the address' in Autoroute. Why would someone whose card is registered in Scotland, say, want the goods delivered to a 'work' address in Devon ? Check the locality of it all.

2. Phone numbers : We ALWAYS take a phone number ( not mobile ! ), in fact out credit card provider INSISTS on it, without it we can't make a transaction. We also have caller display on our phones, and always make a note of where calls are coming from. If a number is withheld, we don't take credit cards. No exceptions.


I think these days, despite what the public might think, you need to take the view that allowing a customer to pay by credit card is optional, not a requirement. As so few people realise, it is the retailer that loses out in credit card fraud, not the poor card companies. There are also plenty of other ways for people to pay via cards, that reduce your exposure to risk, NoChex, PayPal etc etc.

What gets me going is the cost of providing credit card transactions : 4%, and you wait 4 weeks for the money ! When your only on a 10% margin on some products, I wonder why I bother to sell the stuff sometimes ! [img]images/smilies/mad.gif[/img]

Paul Houbart
Gecko Motorsport



[Edited by BoxerFlat4 - 10/18/2002 10:51:08 AM]