8 {{ upvoteCount | shortNum }}
8 {{ upvoteCount | shortNum }}

Seeking Security/Fraud Prevention Advice

by Bellerine
7 replies
  • ECOMMERCE
    • |
Hi Warrior Community!

I'm hoping for suggestions on how I can prevent fraud in the form of MitB, VPN use, spoof/phishing claims resulting in unauthorized transaction refunds after they've received the product.

My product is intangible.

Currently, I match the IP geo-location to the address, only deal with verified PayPal users and do nothing until I receive a confirmation response from an auto-generated email. Still, my loss percentage is ridiculously high. I'd like it to be <10%

Any suggestions?

Thanks in advance!
Christy
#advice #prevention #security or fraud #seeking
  • Profile picture of the author Same
    PayPal isn't best idea for intangible products if you do long-term biz to be honest.

    But well yeah, if you have big rate of loss, and if your item is high value, you should consider doing some postal verification, like code match or something to get access to the product.

    But if your product is not long-term or some kind like ebook, cd keys then yeah, 10% is good rate of loss, sorry.

    EDIT: Also set-up USER AGENT security, to check if buyer using real user agent or just spoofing. But yeh it really depends of what you're selling.
    {{ DiscussionBoard.errors[7230713].message }}
    • Profile picture of the author Bellerine
      Originally Posted by Same View Post

      EDIT: Also set-up USER AGENT security, to check if buyer using real user agent or just spoofing. But yeh it really depends of what you're selling.
      Hey Same,

      What do you mean by setting up a User Agent?
      {{ DiscussionBoard.errors[7231562].message }}
  • Profile picture of the author so11
    Hello Bellerine,

    could you give more details of what exactly the problem is?

    Generally speaking, you should take a layered approach.

    1. Verify identity of the buyer
    2. Protect the product
    3. Protect the transaction
    4. Deliver securely the product
    etc.

    so11
    Signature
    www.groupesoloviev.com
    We help businesses manage cyber risk and compliance requirements.
    {{ DiscussionBoard.errors[7230880].message }}
  • Profile picture of the author derekwong28
    I have never heard of merchant having a refund/chargeback rate of more than 10%. If your rate persists at that level, the chances are that you will be banned by PayPal or a merchant provider soon. You really should be a aiming at less than 1%.

    PayPal does not provide much detail for the merchant to decide. I would suggest that you hold one or two days before you ship in case of very large or suspicious transactions.

    As far as merchant account provides do, they often provide
    CVS - security code match
    AVS - security code match

    My experience is that they are not that predictive of fraud. Many customers get them wrong for some reason or another and you would be missing out a lot of business if you insist on a perfect match.

    The biggest indicator of fraud is when the credit card is issued by a bank that is not based on the country of the customer. This is highly indicative of a hacked credit card. You should take extreme caution if you customer is from a high risk country such as Nigeria, Indonesia or Vietnam. The problem is that this data is not offered by 2CO and some other agents.

    Sometimes, we also googled the customer's e-mail and telephone number and see whether we can build a profile of the customer on the Internet.
    Signature

    Do not get between a wombat and a chocolate biscuit; you will regret it dearly!

    {{ DiscussionBoard.errors[7231022].message }}
    • Profile picture of the author Same
      Originally Posted by derekwong28 View Post

      I have never heard of merchant having a refund/chargeback rate of more than 10%. If your rate persists at that level, the chances are that you will be banned by PayPal or a merchant provider soon. You really should be a aiming at less than 1%.

      PayPal does not provide much detail for the merchant to decide. I would suggest that you hold one or two days before you ship in case of very large or suspicious transactions.

      As far as merchant account provides do, they often provide
      CVS - security code match
      AVS - security code match

      My experience is that they are not that predictive of fraud. Many customers get them wrong for some reason or another and you would be missing out a lot of business if you insist on a perfect match.

      The biggest indicator of fraud is when the credit card is issued by a bank that is not based on the country of the customer. This is highly indicative of a hacked credit card. You should take extreme caution if you customer is from a high risk country such as Nigeria, Indonesia or Vietnam. The problem is that this data is not offered by 2CO and some other agents.

      Sometimes, we also googled the customer's e-mail and telephone number and see whether we can build a profile of the customer on the Internet.
      Hey,

      My dad owns online shop for the past 10 years, approved 'fraud' orders rate is always more than 1% but no more than 2,0%. It's still a major threat to online shops. If your shop ( if you have one ) and your fraud rate is less than 1% that means either you reject many 'high risk' offers or you despatch items only to AVS verified address. ( AVS - Address verification system ) Most of good merchants provide good info about AVS from post code verification to house number.

      There is some exceptions when purchasing by credit card, there is still plenty of card which have no AVS function. I'm talking about Entropay virtual cards, or simple prepaid cards, those transactions ( ep vcc ) should be taken to consideration and verification ALL THE TIME. You can't verify their address, you can't even get info about card holder, because it's against PRIVACY POLICY.

      P.S. Nowadays isn't so hard to catch a fraudulent order... You only need a bit of experience of IT and a small knowledge of fraud, it's really simple.

      Ok and back to topic. I can help you more, I have experience in fraud dep., because I was doing some stuff in my dad's eshop.

      The first thing you should tell us how you delivery the product, and what's the product, ( dont need to tell exact what but try to find similar one ).
      {{ DiscussionBoard.errors[7231379].message }}
  • Profile picture of the author Bellerine
    Thanks everyone for the feedback.

    The product I sell must be delivered quickly; it's the nature and draw of the whole transaction. It is a high risk business, this I know. It is proffitable enough that I'm willing to take some loss, but it spiked a few weeks ago. Honestly, I think I was targetted.

    At any rate, I do employ some more precautions now, including IP geo-location, matching address, verifying phone number, a bounceback page (sometimes will strip a proxy), e-mail confirmation checking source and sometimes calling and recording confirmation etc. These have reduced the instances of fraud, but it is still higher than I think it should/could be.

    Specifically, I'm looking for a way to identify those using a VPN, phishing malware, and MitB. Anything else you folks know of that may help as well. I provide a legit service, and I'm tired of being scammed.

    As I only accept PayPal, credit card fraud and prevention is not of particular interest to me at the moment.

    The product is sent via an email, which is tracked.
    {{ DiscussionBoard.errors[7231558].message }}
  • Profile picture of the author Jesse L
    If it was not time sensitive and a digital format then you could record to a dvd and send a physical product giving you delivery verification.

    God I hate crooks! It seems you most likely will be in a constant battle to keep things from getting out of control. Perhaps raise your price to make up for the lost 10%?

    Sorry I couldn't be more help

    Good luck!

    JL
    Signature

    The difference between a successful person and others is not a lack of strength, not a lack of knowledge, but rather a lack of will. – Vince Lambardi

    {{ DiscussionBoard.errors[7231744].message }}

Trending Topics