How To Prevent Fraudulent Credit
Card Transactions
by
Christoph Puetz
What Are
Possible Signs of Fraudulent Transactions seen at Web
Hosting Companies?
- Customer
wants to pre-pay for a year
- Domain
Name Registration for 5 years or more
- Orders
using free email address providers like
Hotmail, Yahoo, etc.
- Usage
of multiple cards to complete order.
- International
address. AVS can not validate those
international addresses.
- Multiple
purchases in a short time period.
- The
customer and billing addresses are different.
AMEX,
VISA, and MasterCard implemented a security
feature known as “CVV2” and “CVC2”.
These are the three-digit or four-digit numbers
printed on the back side or front side (depending on
card company) of the card (signature panel) to the
far right. The three/four-digit code helps to validate
that the cardholder has the card in his possession. You
can include the code in your transaction processing
and need to receive a match to successfully complete
the transaction. If you are using a shopping cart for
your hosting sign-up process, make sure that it is
capable of collecting and processing these numbers.
IMPORTANT: The ToS of the credit companies state that
you are not allowed to store these numbers.
Use Address
Verification Service (AVS) on all US transactions to
verify the billing information provided in the order
with what is on file with the card issuing bank. As a
bare minimum, the zip code should successfully match
before the transaction is approved and you hand out
the account information. You should retain the
response information for some time in case of a
chargeback.
The possible
AVS messages are:
Y – Exact
match on street address and 5 or 9 digit zip code.
A –
Address matches, zip code does not
Z – zip
code matches, address does not
N – No
match.
U –
Address information is unavailable or Issuer does not
support AVS. These transactions are only applicable
for Visa and the merchant isn't responsible for
chargeback liability.
R – Issuer
authorization system is unavailable, retry later
E – Error
in address data – unable to complete check.
G – non-US
Issuer not participating in AVS - Visa only. The
error messages will vary from one provider to the
next. Contact your provider for more information.
S –
Address information is unavailable or Issuer does not
support AVS - MasterCard only.
The most
important warning sign of fraudulent transaction are
international orders. It is very sad to be so
generic with this statement but the percentage of
having a fraudulent orders goes up immediately if the
order comes from a non-US location. Be aware of
cities or countries with high rates of fraudulent
transactions. Malaysia, Indonesia, and most countries
of the former Soviet Union tend to be source of many
fraudulent orders.
The most
effective way to help eliminate fraud or chargeback's
is to simply call the customer. A confirmation over
the phone is most definitely advised for any large
transactions. If you process a fraudulent
transaction, not only do you lose the funds, but the
product/service as well. A phone - even if it is
international will save you a lot of hassle in the
long run.
What if you
find a transaction to be suspicious? Contact your
authorization center and let them know you are
concerned about the transaction. They will look at
the transaction and may give you advice. You should
also call the customer to request additional
information (copy of drivers license or Passport as
an example). Check the IP address of the sign-up and
see where it is globally. Does it matches the
customers address at least by country? Send a
confirmation email to the customer verifying their
order.
It may be a
good policy to only accept orders with identical
Customer and billing addresses.
Maybe you want
to scrutinize international orders as your protection
against these consumers is very minimal and not
accepting them could be a wise choice for your web
hosting business.
Placing
fraudulent notices, buttons and images on your web
site and order forms will help discourage any person
trying to place a fraudulent order. Make sure that
the customer will se upfront that you are recoding
the IP address and that you will notify the law
enforcement agencies if needed. It might not protect
you in every case but eventually it will help to cut
down the number of fraudulent orders.
____________________
About The
Author
Christoph Puetz
is a successful small business owner (Net Services
USA LLC) and international author.
Guides,
Tutorials, and Articles for small businesses - www.webhostingresourcekit.com
Add
to Favorites