How to tell if its Fraud?

[Forum4Hosts-Jo]

OK.

So far i have had no fraud orders at all, worldpay says if a card has been rejected etc which is nromally due to the wrong expiry date or something lik that.

How do you guys go about checking for fraud, how do you get their IP address and when you do, what do you use to check this against their info?

Im sure it sounds like a basic question but it is something i need to know before we can expand.

Thanks in advance

 

[WD]

Hi.

You can gather IP addresses from your raw log file. We have a list of "trouble" IPs and run a check against those.

Most of the fraudulent orders we've had will contain "fishy" information, such as mismatched addresses, invalid phone numbers, free email addresses (hotmail) used in registration, etc. This isn't foolproof, of course, because sometimes there are reasons why addresses don't match (ie: Joint venture. One person pays for hosting, another person registers.)

When in doubt, you can always verify the order by telephone. We've done that a few times when things didn't seem right.

 

[shost]

I know this is an old topic, but I am suprised that I haven't seen anyone else post on this.

You should get their IP number right on your order form. either formmail or a more robust order system, you should always gain their IP number when they put down card info.

Personally, I have found a great program to trace down IPs and make sure they are at least from the area they say...
visualroute makes a low cost program that you can put right on your desktop and trace any IP. It shows you where in the world that order came from, and if they say New York city, yet their IP traces to the middle east,, easy call there........

Also, unlike WD posted above,, I have found that most of our recent fraud orders do contain all of the corect data, and a simple phone call will let you talk to the card owner who is usually unaware of the card use. ( if the IP traces wrong). I do make those calls, and if possible, I let the people know their card info is being used by a thief on the internet so they can cancel their card.

1. get their IP on your order form - ALWAYS
2. use something like visualroute from visualroute.com to trace it back to see where that IP is from.

You have little rights as an internet merchant, so it is up to you to reduce your charge backs before they happen.

Best wishes,

Tim L

 

[OffshoreRacks]

If someone wants to commit fraud on your site, they will use IP from a decentralized VPN, where they connect using a non-traditional VPN (residential IP), if you wish to accept this client's credit card, ask for a phone and call, most fraud will go away or go silent after asking that.

Also, you can create a "Creditcard authorization form" (example attached) where you request him to sign this along with a passport or country ID scan.

99.99% no chargeback after doing that.

regards
Fran

 

[DediRock]

If a user is using a VPN, it can make fraud detection more challenging, but there are still ways to identify and mitigate potential risks.
1. Services like MaxMind, IPQualityScore, or FraudLabs can help detect whether an IP address belongs to a known VPN, proxy, or Tor network. These tools analyze IP reputation and flag high-risk connections.
2. Even if a VPN is used, suspicious behavior such as multiple failed login attempts, abnormal transaction velocity (making multiple purchases in a short period), or accessing from inconsistent locations can indicate potential fraud.

 

[sahostking]

I would recommend using 2 things.
1. Email verification
2. Fraudlabspro or alternative.

Better to play safe.

 

[OnTheCloud.co]

I know this is an old topic, but I am suprised that I haven't seen anyone else post on this.

Also, unlike WD posted above,, I have found that most of our recent fraud orders do contain all of the corect data, and a simple phone call will let you talk to the card owner who is usually unaware of the card use. ( if the IP traces wrong). I do make those calls, and if possible, I let the people know their card info is being used by a thief on the internet so they can cancel their card.

Tim, I'm going to take it another year down the road... you typically get the correct phone number of the person who's card is used? There's nothing to verify email or phone with card companies, sadly... there's got to be a better way to prevent card theft / fraud.

Back on topic overall, FraudRecord along with MaxMind are both great tools besides your own investigation!

 

[bigredseo]

We used to use MaxMind Phone Verification back in the day. I don't know if MaxMind still does that or if it was pieced out to someone else. But essentially we had 3 checks that happened;

1) AVS - the credit card must match exact for street, city and zip - we were very aggressive on AVS
2) Automated phone call to verify the transaction. If it couldn't be automated, we manually called to introduce ourselves (new users LOVED the personal touch)
3) Manual verification - if it looks like fraud, it's fraud - so we checked IPs and domains being setup etc

We also didn't have automatic account creation. The account had to be verified and then manually approved by staff at which point the account was created. All of this was outlined before users signed up - and nobody seemed to mind a 1 hour or 4 hour delay in setup.

These days, while I'm no longer in web hosting, I still physically make or schedule a phone/video call with each person that requests info from us.

 

[CSRDP]

What an old thread, 2002, this is the first time I've ever seen such a thing
It's unbelievable