Fraudulent Card Use and Chargeback
Discussion
RegMolehusband said:
I've just looked back at the online order notification. The billing address is the same as the delivery address in Dagenham. Yet the Capital One card is apparently registered to somebody call Ginger L. Proffitt according to the American fraud information form forwarded from Capital One by Cardnet.
I didn't have 3D secure enabled before this but I do now.
Did the acquirer (and you) do an AVS (address verification) check?I didn't have 3D secure enabled before this but I do now.
Edited by sugerbear on Monday 23 March 16:22
caziques said:
I'd be taking a trip down to Dagenham one Saturday afternoon to have a scope round.
Really? For a £300 loss?The OP knows he's been caught out, he knows what steps he needs to take to make it unlikely to happen again.
I don't realistically see anything good coming of wasting your day off work chasing shadows around Dagenham. Just chalk it up to experience and move on.
sugerbear said:
Did the acquirer (and you) do an AVS (address verification) check?
I've never looked at the SagePay transaction report to review an order. Looking down it now most orders get a good "fraud screening action" score. However this one does get a particularly bad rating. It's a shame that SagePay doesn't send this information through with the order notification.Edited by sugerbear on Monday 23 March 16:22
For some reason SagePay says NOT CHECKED against some of the addresses, including this rogue order, so I'm not sure what that is all about.
I've been trying to bring down the order administration time but it looks like it's worth 30 seconds to log on to SagePay for the larger orders.
I've blocked the use of the card number so "Ms. Olivia Tumecorn" (yes I know, so many things that should ring alarm bells) won't be able to use that card again on my site.
All in a day's work from now.
Hi OP... I use SagePay also across three websites. My procedure for orders over £200 is as follows:
Login to Mysagepay...
Nearly all cards that fail the checks come from US banks.
There is no point notifying the police, they won't do a thing. Even if you have identified the transaction and have a delivery address.
UK based fraudsters will usually put through a test order first for £10-20. Then two weeks later come back with a bigger one. So if you system can flag up repeat customers, that helps too.
Like you, I've only had one in the past four years, was for a similar amount too.
Login to Mysagepay...
- Verify the 3D Secure status (this is the Verified by Visa or Mastercard Securecode). If this has a green tick, you're good to go. You're covered against charge backs.
- Not all cars have 3D secure, some charge cards or company cards don't.
- If there's no 3D secure, check that Address and CV2 have green ticks.
- If there's no Address, CV2 or 3D matched, the order is held until we have made contact with the customer. We use an order status 'Deferred - Please Contact Us'
Nearly all cards that fail the checks come from US banks.
There is no point notifying the police, they won't do a thing. Even if you have identified the transaction and have a delivery address.
UK based fraudsters will usually put through a test order first for £10-20. Then two weeks later come back with a bigger one. So if you system can flag up repeat customers, that helps too.
Like you, I've only had one in the past four years, was for a similar amount too.
jammy_basturd said:
Just out of interest, which ecommerce platforms and SagePay plugins are you guys using that aren't reporting the 3D Secure, AVS and CV2 stuff back into the platform?
I use Magento which does report on AVS etc. However I rarely view the SOP side of Magento as the online order data is imported straight into our accounting software Kashflow using "carrytheone". However this doesn't include the card processing information, neither does the order notification that comes through from Magento. I might have a look to see if it can be configured to do so.Chrisgr31 said:
RegMolehusband said:
I didn't have 3D secure enabled before this but I do now.
Although a lot of sites I purchase from seem to use 3D secure my bank never seems to want me to enter the code, and just approves it.Foreign cards do not go through address checks it seems with Sagepay. I dont know if this is common with all similar companies.
I force 3d secure to try to weed out most fraud as if it passes 3d security the liability is on the bank. Some cards seem to go through when 3d secure is attempted though so you still have to be careful.
I pop on in the morning and scan through the transactions to check the fraud risk status. Usually the address will be a UK delivery address but will fail all AVS checks and 3d security. In sagepay you can then look at the detail and most likely it will be a foreign card. Try ringing the telephone number provided and it will 99% of the time be fake too.
I force 3d secure to try to weed out most fraud as if it passes 3d security the liability is on the bank. Some cards seem to go through when 3d secure is attempted though so you still have to be careful.
I pop on in the morning and scan through the transactions to check the fraud risk status. Usually the address will be a UK delivery address but will fail all AVS checks and 3d security. In sagepay you can then look at the detail and most likely it will be a foreign card. Try ringing the telephone number provided and it will 99% of the time be fake too.
We use a different payment provider to sage or worldpay but they are checked by credit call and flag up any issues with a points scoring system.
We had one yesterday, card holders address in the USA delivery to Vietnam, flagged up high risk as the IP address were not in USA or Vietnam. Did not process the order, got a phone call late in the day from a lady in Perth scotland, her card had been used and she did some googling and found us, she was worried that we were going to lose the goods which was nice of her.
I later looked at the order again and it had passed 3D sec so will wait and see when the charge back comes through the post.
We had one yesterday, card holders address in the USA delivery to Vietnam, flagged up high risk as the IP address were not in USA or Vietnam. Did not process the order, got a phone call late in the day from a lady in Perth scotland, her card had been used and she did some googling and found us, she was worried that we were going to lose the goods which was nice of her.
I later looked at the order again and it had passed 3D sec so will wait and see when the charge back comes through the post.
Well got one yesterday, stuck out like a sore thumb...
Value of order £243.50 (not unusual), paid through our website via 'telephone order', so they have to call us with their card details. No call, so I called the customer. Mobile phone number rings with an overseas tone. Chaps provides card details which, surprise surprise, don't match the address on the order. Google satellite shows the property does not have a swimming pool (we sell pool supplies).
Looked up the card details, it's supplied by CMB China. Emailed CMB China with the details, no response from them.
Come into to another 'paid by telephone' order this morning from the same chap, this time for £233.50.
So either it's an overseas chap with a UK mobile having stuff shipped overseas by someone in a rough area of Gainsborough, or its as dodgy as f
k. I'm going with the latter.
Value of order £243.50 (not unusual), paid through our website via 'telephone order', so they have to call us with their card details. No call, so I called the customer. Mobile phone number rings with an overseas tone. Chaps provides card details which, surprise surprise, don't match the address on the order. Google satellite shows the property does not have a swimming pool (we sell pool supplies).
Looked up the card details, it's supplied by CMB China. Emailed CMB China with the details, no response from them.
Come into to another 'paid by telephone' order this morning from the same chap, this time for £233.50.
So either it's an overseas chap with a UK mobile having stuff shipped overseas by someone in a rough area of Gainsborough, or its as dodgy as f
k. I'm going with the latter.Gassing Station | Business | Top of Page | What's New | My Stuff