HI,

I just had a charge back from the bank. I usually check the person details by using the white pages. Initially, when I received the order I checked his name on the white pages, and it was listed with his name and phone number which he supplied me. i called his home number to confirm the order.
What happened now is that number has been disconnected.

I was wondering if you could share how you do verification checks for credit card orders. My customers are all from Australia, as I do not accept overseas orders.

I rarely get chargebacks as I'm quite stringent on checks, but I only use white pages.

Regards
Annie
www.digitalfunstuff.com.au

Hi

Its strange to get such a blatent chargeback from Australia.

You did the right thing by looking him up and calling him - Personally thats all I would have done (unless there were other factors making the order look sus)

The new version of ezimerchant Pro 3.8.2 does have a new fraud checking feature - which would give you a 'fraud score' between 0 and 10.
There are also some premium fraud features (available at a small additional cost) that would have told you the ISP that they used to connect to the net and also what bank issued the credit card that they used to purchase the goods - This can be useful, for example if you get an order from Australia, delivered to Australia but the card is issued by a forign bank I would immediatly get sus and do some more digging before accepting the order.

You can get the new version from our updates page on www.ezimerchant.com

HI David,

Just downloaded the update version and looked at the fraud detection figure.
You mentioned that there are also some premium features available. Can you please provide me with more information and pricing on that?

Regards
Annie
www.digitalfunstuff.com.au

Hi

There is a more information button in the fraud data tab in the download orders section of ezimerchant. When you click this button you can find out all about the free and premium fraud data features and the costs.

I would look at the ip addy and see if it is located close to the address given, It wouldn't surprise me if the guy did this deliberately knowing the phone number may appear geniune but is disconnected, quite co-incidental don't you think? I mean, how would a fraudster know the number was disconnected in a current white pages? I'd say there is more of a chance the fraudster knows this person or is that person and has done this a number of times. I don't know if the Police and the banks can determine if this person has done chargebacks of recent and of large volume etc. The question is, is that card declared missing or stolen? I know it costs about $50 to do a search on this but depending upon how much you lost it might be worthwhile persuing it.

Also, I ensure it is a street addy and not a PO Box unless the location is whoop whoop where there is only one pub in town. I never accept mobile phone numbers either. I usually email or rarely phone them to provide the details I want.

I would also suggest we have a permanent topic that includes fraudulent transactions so we all can use it as another safeguard.

Hi Nikko,
Well at present the bank has sent me letter to provide details of the transaction as the card holder says they did not make the transaction. I have provided all the information I've got to them and they will analyse it. Not sure if it will be a 100% charge back yet, but from my understanding if the transaction is a mail order/telephone order, basically, it's a chargeback.
Now when I think about it, even if the customer is white page listed, how on earth do you know the credit card they have provided you belongs to them. They maybe white page listed, but it does not mean the card belongs to them. Or sometimes, they say the phone number is listed under their wife's maiden name (which is can be the case). Therefore, in most instances, you will need to card holder to fax a copy of their card and license to prove they are the genuine holder. But the question is: majority of customer are hesitant to fax over their details (license/credit card front and back) to you as they are scared of their details being leaked out.

All in all, the merchant is the one who bears all the risks, especially with what were're selling (digital cameras and accessories, high risk area according to the banks).

I am using the fraud checker, it does give me an indication but it's not 100% accurate.

Sometimes, when you think about it, internet in the way to go, but there are so many issue relating to fraud which needs to be addressed by the banks.

Annie

Hi Annie and everyone else.

Its true that chargebacks are a problem facing internet businesses however as long as your aware of the risks its not to hard to manage them.

You should set yourself some rules that you follow with every order.

For example:

1. Credit Card orders over $X (say $200) should be contacted via phone/email. You could ask them who issued their credit card - Compare this with what our premium fraud check data tells you. If they are a fraudster and 'generated' the card number then they wont have any idea what bank issued the card.

2. Credit Card orders over $X (say $500) require a signed authorisation AND a copy of the credit card front and back and drivers licence.

3. Credit Card orders over $X (say $800) require a signed authorisation AND a copy of the credit card front and back and drivers licence.



You can also give high order value customers the option of paying via COD, or Direct Deposit etc.

In another post you have asked about BPAY, I have done some investigating and we are going to attempt it. No time line as to when it will be ready but we will try to get it done as soon as possible.

HI David,

Thank you for your reply. Yes, I have asked about BPAY and I think it would be great if Ezimerchant could apply it to the program. Using BPAY would protect merchants and genuine card holders rights.

I suppose customers who buy low ticket items wouldn't mind paying by direct deposit or COD, but for big ticket items they would rather use credit card (due to accumulating points, interest free days...).

At present we will be attempting to do BPAY manually, but I await Ezimerchant to incorporate in in the program so it makes it easier for us.

Regards
Annie

Hi Annie,

Just want to share with you a list of my fraud minimisation techniques:


1. Use maxmind.com (which is now integrated with ezimerchant I think) to obtain various information including: distance of customer's IP address to CC billing address, and if indeed in Australia, whether anonymous proxy is being used etc.
2. Use http://www.searchbug.com/peoplefinder/verify-email-address.aspx to check the validity of the email address given. (without having to contact the customer)
3. Use http://www.whereis.com/whereis/home.jsp to verify that the street number & name actually exist in the suburb given. (my first order/fraud was from a street number that didn't exist)
4. For all orders over $1000 customer will be asked to fax a copy of both sides of their credit card alongside their driver’s license. Failure to do so will void the order.
5. Do NOT accept email addresses that are provided for free & hence anonymously such as yahoo or hotmail. ( I notice you already do this)
6. Don’t allow international orders ( for now anyway)
7. Refuse orders with incomplete information
8. Record the customers CVC2 number
9. Maximum credit card order of $3000. (if someone orders $2999 worth of goods the alarm bells start ringing)
10. Only one of each item can be purchased per order
11. Do not accept PO Boxes as delivery addresses
12. Signatures are obtained on delivery by utilising Australia Post’s ‘Person to Person’ service for all orders. This service requires the credit card holder to show ID and sign for the goods.
13. Utilise Australia Post’s ‘Domestic Delivery Confirmation’ which is explained on the Australia Post website as: “…fill out a delivery confirmation card and send it with your Registered Post article. This card is signed by the recipient, then postmarked and returned by post to you, giving you proof and peace of mind that your article was delivered”

Having said all of the above, the NAB was not convinced and refused my merchant application. I currently have to pay the 5.4% charge to use Paymate. NAB will only accept my application if I offer Verified by Visa and/or SecureCode. Unfortunately I dont think my Gateway provider offers this (awaiting their reply) and hence it is not integrated into Ezimerchant.

Was it dificult to set up B-pay. What are the charges?

Regards,

Maybe have a word with another bank. I left ANZ because they forgot about what being a bank is all about. Switching to Bendigo Bank was the best move I ever made. As I import and oftern pay by TT I find that some banks like the Commonwealth charge your creditcard for international orders at around $17. Bendigobank don't charge on foreign exchange with creditcard at all, nor charge for my cheque account which ANZ did. Overall I am charged less by Bendigo Bank and they were fine with my letter as to what fraud prevention I had or will have in place to then give me my merchant facilities. They even sent me a CD with such information.

Bendigo Bank charge me less than 2% on all transactions.

As with PO Boxes, out in the country side I accept PO Boxes but city dwellers must provide an actual street address and landline. I specify this on my web site and it may be a bit of a deterent for those who would otherwise try.

Another trick these fraudsters do is supposedly pay by cheaque/money order or paypal. As Ezimercahnt says "Not verified" I always check to see if the a payment has been made before shipment and I wait for the cheaque to clear before I send goods.

If no payment has been made then I email the customer and if they do not respond I delete the order.

I looked into B-Pay but reneged, I think it was because of the charges being fairly high, was quite a long time ago.

niko,

Thanks for the advice.

I'm reluctant to change banks but it may be my only option.

Niko,

Are you a purely online merchant? ie did the Bendigo Bank accept that you make 100% of your credit card sales without obtaining a signature?

All of these checks and rules are nice and logical, but its only once in a blue moon that i get an order with a full name, server-based email address, landline phone number and fixed address. What's more, quite often asking for extra details results in furious customers either demanding that we refund their order, or threaten (and one day will) to make a chargeback on the order. People want their anonymity because they're buying adult products, and many get offended and offensive when you appear to question them (and try to protect their security!). We're painfully stringent on fraud checking, and have upset many people (who may have been dodgy...) who have supplied mobile numbers, PO boxes and free emails because they don't want their family seeing what they buy. Any thoughts?

Use pay pal!
the customers can still pay by credit card but it is more scrutanising in making sure that the cardholder is genuine.

A little more expensive with fees but worth it!

I do have a shop front, from home in a big shed. For a little while I had a shop front proper and am looking for another one at the moment. I cannot remember if I told them any specifics but I was working from home then. They just wanted me to provide info on how I would implement a system to limit fraudulent transactions and so wrote a letter stating I use anti-virus, anti-spyware, aware of fraudsters such as those from Ghana/Nigeria/Indonesia, told them I am aware of Physhing, that the customer must provide a point system, such as physical address, a landline as a minimum so I can contact the individual etc etc etc. I give country/rural a break if they supply a PO Box as most of them supply a landline anyways plus a bigpond email account. Seemed to have worked.

I advise you mention the included anti-fraud facility ezimerchant has. Read their anti-fraud bizo on their web site and tell them you are aware of their recomendations for avoiding fraudulent transactions. If you appear Naiive then of course they are going to struggle with it.

As to the sextoys issue, certainly uphill. I could suggest working with someone from here who has such facilities. However, I would expect payment first before I carry out the transaction so that you wear the chargeback etc. After a while you may be able to get a POS if you can show no serious losses from fraud.