Are there any services anyone is using that they would recommend for detecting/preventing fraud? We created a custom status to hold orders that appear suspicious to us (multiple billtos/shiptos withing 14 days, different billing/shipping high value or expedited orders, name on card doesn't match billing, etc).
We stumbled upon minFraud by Maxmind, and Kount, but I've never spoken with anyone that has actually used the services. Also thinking something like PeopleFinder.com might be useful for checking validity of addresses/phone numbers/emails when we do flag suspicious orders for review.
Thoughts?
Detecting Fraud :?:
Re: Detecting Fraud :?:
I do several checks for fraud that include:
1. Is the source IP from a non-US location
2. Does billing match shipping
3. Is the item something high-tech and easily resold like a GPS or personal electronic device
4. Is it overnight shipping
5. Does the name of the email address match the bill-to name
6. Is the area code of the billing phone number geographically near the source IP
7. Can you google-map the billing and shipping address
8. Can you street-view the billing and shipping address. Is it an empty lot? Is it a UPS store?
9. Did AVS do a full match
10. Did the CVV match
Contrary to popular belief, AVS does NOT qualify the card holder name. Only the issuing bank can do that. The first 6 digits of a credit card indicate the assigned issuing bank. It's known as the BIN code. You can look up the issuing bank for the card to see the issuing country here http://www.exactbins.com/bin-lookup
I modified my store to prevent shipping to an address other than the billing address when order amount is over $ 200. That's helped a great deal.
I also helped a client several months ago by implementing GeoIP in the admin Order Summary. The mod color-codes every order based on specific rules like billing <> shipping, source IP <> USA, etc. Yellow and Orange rows are suspect and easily identified for further review. It's really helped them cut down on their fraud orders.
1. Is the source IP from a non-US location
2. Does billing match shipping
3. Is the item something high-tech and easily resold like a GPS or personal electronic device
4. Is it overnight shipping
5. Does the name of the email address match the bill-to name
6. Is the area code of the billing phone number geographically near the source IP
7. Can you google-map the billing and shipping address
8. Can you street-view the billing and shipping address. Is it an empty lot? Is it a UPS store?
9. Did AVS do a full match
10. Did the CVV match
Contrary to popular belief, AVS does NOT qualify the card holder name. Only the issuing bank can do that. The first 6 digits of a credit card indicate the assigned issuing bank. It's known as the BIN code. You can look up the issuing bank for the card to see the issuing country here http://www.exactbins.com/bin-lookup
I modified my store to prevent shipping to an address other than the billing address when order amount is over $ 200. That's helped a great deal.
I also helped a client several months ago by implementing GeoIP in the admin Order Summary. The mod color-codes every order based on specific rules like billing <> shipping, source IP <> USA, etc. Yellow and Orange rows are suspect and easily identified for further review. It's really helped them cut down on their fraud orders.
Joe Payne
AbleCommerce Custom Programming and Modules http://www.AbleMods.com/
AbleCommerce Hosting http://www.AbleModsHosting.com/
Precise Fishing and Hunting Time Tables http://www.Solunar.com
AbleCommerce Custom Programming and Modules http://www.AbleMods.com/
AbleCommerce Hosting http://www.AbleModsHosting.com/
Precise Fishing and Hunting Time Tables http://www.Solunar.com
Re: Detecting Fraud :?:
Thanks for replying. Great information! We do several of the same things utilizing Authorize.Net's Fraud Detection Suite and FedEx's Address Validation Service. Our order volume is too large to go though all individual orders, so we flag high-risk and/or high-value orders that look suspicious for further review.
What services are you using to determine whether the area code, postal code, and IP addresses are geographically close? Do you have websites you use and manually submit for every order, or are you using web services and handling it automagically?
Unfortunately we've been burned a couple times where the AVS and CVV are a full match, the bill to was exactly correct, and the ship to was in the same geographic area.
I think something like MaxMind's minFraud would help catch a few more of those by flagging IP addresses and proxies that have been known to commit fraud. It looks like they can do some stuff based on username, password, email address, credit card, and ship to information as well, but it seems like passing things like password and credit card would violate PCI-compliance rules and open us up to much bigger problems.
Hoping someone has experience with this or a similar service that can provide some feedback.
What services are you using to determine whether the area code, postal code, and IP addresses are geographically close? Do you have websites you use and manually submit for every order, or are you using web services and handling it automagically?
Unfortunately we've been burned a couple times where the AVS and CVV are a full match, the bill to was exactly correct, and the ship to was in the same geographic area.
I think something like MaxMind's minFraud would help catch a few more of those by flagging IP addresses and proxies that have been known to commit fraud. It looks like they can do some stuff based on username, password, email address, credit card, and ship to information as well, but it seems like passing things like password and credit card would violate PCI-compliance rules and open us up to much bigger problems.
Hoping someone has experience with this or a similar service that can provide some feedback.