Credit Card Fraud For Membership Site (Digital Goods)

I've recently experienced credit card fraud for the first time on my site. It's a small membership-based site. All information is digital and accessed for a monthly fee (cc or paypal). I use the authorize.net gateway for transactions, but it seems to be limited in checks. I can use AVS check, but that still only works for the US and even then doesn't prevent fraud every time (this case slipped by).

I'm wondering two things:

1. The card owner contacted me regarding the transaction. I gave him the limited information I had on the user (email address) as all the other information matched the owners (address, card, name). There is no shipping address to compare with billing address since it is a membership site with no physical goods. The owner stated his bank would be contacting mine to refute the transaction or whatever. I imagine this would result in a chargeback. I refunded the transaction while on the phone - will a chargeback still occur if the transaction has already been refunded?

2. What steps can be done to prevent credit card transaction on a site like mine? I cannot compare billing-shipping addresses since no shipping is required. I perform AVS check, but that can be passed as long as the fraudulent user can get the correct address and name. It's membership site, so the price is set and I have no need to watch for 'large transactions' or 'multiple transactions' from the same person. I realize authorize.net has the fraud detection suite available now for an added monthly fee, but most of what it covers doesn't seem to apply to me.

The only thing I have read that would work for me is require a non-free internet account. However, after looking at most past transactions, many people are using free ones such as yahoo or gmail these days - I would as well - I don't even check or remember my password for my ISP email these days....Finally, if I did choose this method, I wouldn't know how to do it. Either find an automatic way that integrates with authorize.net or manually review transactions (possible at this point, but doesn't scale well).

Any other ideas? Is it worth the trouble? It's a small business and transactions are all under $40. The only thing I want to avoid is paying a $20 chargeback fee (and if I have too many, losing the merchant account). Since it is digital, I am not really at a loss by offering a refund every now and then for transactions, so the chargeback is what will affect me.

Any insight would be greatly appreciated.

 

there is nothing you can do other then changing to e-gold.con or e-bullion.com...

i use to have the same problem... which is why now i dont use PayPal anymore for business....

 

Thanks for the response. However, the problem doesn't stem from Paypal. It is Authorize.net credit card transactions. I realize chargebacks can happen and accept it as part of the business. While I want to avoid them, I hope to prevent fraud in the first place to help eliminate the chargebacks - I'm not so much worried about people buying and then doing a chargeback to get the product for free.

I just want to protect customers and users against credit card fraud, so I'm trying to see what the best options are for preventing (or stopping attempts, at least) fraud in the first place.

 

i want to sell digital goods as well so this is a very interesting issue.
anyone know how to prevent charge backs and other possible fraud?

 

unfortunally noway to prevent this.
if the scammer know the real CC information and using the victom country IP and the card is valid,no merchant can stop this if he got the victim full info.!
NO MERCHANT. because verified merchant accounts like authrize.net verisign and verified by visa will ask for more details and information like SSN and so,and still if the scammer know all this info he will pass all this.
Thanks

 

yes your right... most of the scammers have all the info that is needed to use the stolen credit card... so there is no way to find out whether the payment is authorized or not... but there is a solution to this problem....

 

Superman ....The best way to avoid credit card fraud is by asking the buyer to send across the scan or fax of his front and back of the credit card, In this way you can be sure that the legitimate owner is using the card, This is a bit tedious but is the only possible way to bring down the charge back cases.....

 

There is not much we can do about chargebacks in dealing with credit card transactions. A way to minimize fraud is to change payment processors to moneybookers , where it's harder to issue a chargeback or switch to e-gold where they have a no refund policy. The downside to these is that not many people use them so it's hard to get a buyer or seller willing to accept these payment processors.

 

onlything you can do is

+ stop all membership when this happen.
+ require card scan or ID scan, must match name, first and last 4 number of card number.

 

Youbest solution is to switch to a better gateway one that actually scrubs each transaction proberly.

You can then set the score low and keep away the high risk orders. Ideally your gateway should authenticate using 3D secure (Verified by Visa and SecureCode). That way most of the obvious stolen cards will liability shift from you the merchant to the issuing bank.

However that wont prevent customer fraud where they customer actually placed an order but is lying to their bank that they didn't.

 

It doesnt work actually because scammers are pretty smart. They probably bought a template for the credit card so they can fill in the card number using Photoshop.

Superman859 needs a get the order scrubbed better. For low value transactions you are turning off your real customers if you try asking for forms anyway.

 

any recommendations?
also are there cheap solutions?

i plan on having a pay site for digital goods, unfortunately I will need to keep my expenses down as I start out.

 

now why the hell someone going to send a scan copy of his credit card? by sending both fornt and back side of a CC will expose the CC... and i dont think anybody would send the scan copy from the front side either.... so this is not a solution.... however i am writing a ebook that will solve all the problems....

 

okay credit card fraud i might know abit about it.

background knowlage:

If you have a persons details i.e. adress and credit card info you can acess and buy products from most internet site!!!!

Lets call these details C5'S
so a C5 is somes adress and credit card info.

c5s are really easy to obtain. for example if you have a friend that works in a call centre they collect c5's allday and can copy some for there own use.!!

paypal is very good!! credit card fraud is extremly hard on paypal
CC is shit can credit card fraud is soooo easy on there.

ideally remove cc because i can garantee all the faud will happen from there.

so if i wanted to do fraud on ur site all i need is a c5 and that is all, thorugh cc i will have acsess to ur site.


like i said the best thing is to remove CC otherwise it would be hard to not allow farud.

Hope this helps

regards

 

I don't think this is a good attitude, it sounds like your saying:

"don't try to prevent fraud, when fraud happens, prevent the people who got scammed from getting their money back"

Chargebacks happen. The best course of action I'd recommend is going with a payment processor that covers chargeback fees for you. So on your end they amount to just having to issue a refund. Some payment processors also allow you to set the level of fraud protection thats applied in the payment process.

You said you have a membership site for digital content, the companies I'd recommend that provide monthly recurring billing, cover charge back fees and that allow a high level of fraud protection are:

ecsuite - if mainstream
ccbill - if adult

 

ECsuite? Never heard of them although they look a bit better than the usual fly by night trash ewallets pushed on this forum.

SWREG is okay for software but beware if you have other content they dont like they are very arbitrary about freezing out your account. They like to do it just a week or so before the monhtly payday.

 

Nothing new here -

Maybe start asking for address when registration ( Give explanation its for better security ) , there are other methods also which help you identify inconsistencies in payment.

Also look into MinFraud ( CC Fraud Prevention ) and ChargeBack File they help prevent access after payment is made and you your self have reviewed the payment.

Also disable payment access from proxys .

 

"Pervert-For-Life" user gives wrong information.
Beware of eGold or eBullion, both are fraud companies controlled by FBI now.

You must:

Ask for ID Card (Both sides).
Ask for Credit Card (Both sides).
An acceptation of credit card payment form (downloadable in your site) sign and filled by owner of credit card.

It is required in all disputes with CC companies and you.

If you don't want to do it, change your payment gateway to other without chargebacks like HooPay or Moneybookers. They ask for the above information themselves. For example, in HooPay you sent these info when you verify your credit card, they check and if all is fine you can upload funds without restrictions. With that they are covered by the same fraud that you had in your website. Moneybookers make different process but same way.

I hope to help you

Cheers

 

But come on now iseree who are you kidding mentioning Hoopay?

Who pay? more like.

There are so many flash in the pan ewallets like this floating around out therre. here one year gone the next.

Stick with WorldPay, CCNOW or SWREG (if you sell software and dont care about antifraud and dont sell anything controvertial), or MoneyBookers if you want an ewallet like PayPal.

 

Whos your merchant provider?