I'm sure most of you resellers have experienced the problem of credit card fraud. There is this one particular customer that constantly tries to place orders on my site with false credit card detials. While this is picked up by our credit card processor, it is starting to be a burden from sifting through the "false" order forms.

Does anyone have any ideas on how to stop this person from even entering my site? I know it sounds kinda difficult to do so, but to at least minimise the risks? I do have his IP address and all I know is that he/she is using a computer from Soeul, Korea.

Any ideas?

Ban his IP from the order page. Simple as that really. You can use any sort of scripting you like ASP/PHP, and redirect to another page stating that they are banned.

James

The problem is that his IP is dynamic so I can't ban a single IP address. Unless I ban a whole country!!

Ah... you shoudl be able to ban his IP block though. DO you have server control?

James

You may have a larger volume of accounts than I have but there are a few things you can do without banning any IP's. Probably the best is automatic verification of credit card details. Unless this fraudulant customer has all the details of the credit card including billing address the order won't even make it through your system to burden any employees who have to weed the good from the bad. I think this is the best method.

I have a variation which is more manual but offers more control. The first thing that happens when accounts are requested is billing. I, or one of my very helpful assistants, go to a page on the internet, which I could use in the above manner but choose not to, and enter in their credit card info. If it is rejected I CALL (I SAID CALL) the supposed customer. It's easy to give bogus e-mail addresses. It's hard to give bogus phone numbers.

I personally *try* to call and welcome all new customers. Using the phone is a powerful tool. I think we have all had our share of attempted frauds. It was funny because my first one happened the very same day I began to do any kind of serious advertising. I was hoping that wouldn't be a sign of things to come and it wasn't I can say I've had only 10 attempts in 5 years and all were caught.

While calling your clients is a great thing, I think that when you get a good amount of signups per day, that is not something that that is feasible, coupled with the normal workload. There is also a large cost to this as well, unless you cater to a certain market like only US customers or only Canadian customers, or whatever country you are from. Once you start getting international customers, that is when calling becomes very expensive.

There are many things that you can do to workaround the banning of an IP or an IP range.
Ban free e-mail accounts for signups, as they must use ISP e-mail
Run an arin whois on the IP that signed up.
Run a trace on the IP
Check whois records if domain is already registered, and many more.

-Steven

Address verification in CC processing is based on the numbers in the customer's address, not the full address. So a fraudulant order could use the right numbers and still be a wrong address but you wouldn't know at the time of charging them.

One thing you may want to do is see if he is using the same kind of card each time, like if he selects Visa or Mastercard. Call the company and see if they are CC numbers that have been sent out in the mail and waiting to be turned on. I know of people that have been using card numbers that were not activated yet and they are fined large sums of money or even out in jail.

Well someone was listening to this post because since I posted it I have been getting fraudulant orders almost every day. Someone wanted to test my theory and I got lazy and didnt call everyone. One or two orders slipped through. Theya re all cancelled now and all the customers have been notified.

The odd part is this criminal used the same IP most of the time. I hope he is on cable or dsl because I reported him to the police. Maybe he will make it on the stupid criminal show.

Is there any other logging that can be performed? Some kind of thumb print the computer leaves? IP's change but computer names don't. I wonder if it is possible to log the name of the computer or something unique to the computer this will aid us in repeat fradulant orders.

In any case I will still have to call my customers, it is very expensive but so sould giving access of your server to a hacker or spammer that will only take advantage of your server and harm your reputation.

Seems like the culprit is doing it form the same machine each time. I don't know about other details you can log but you could aslo grab some more info from the HTTP headers. The more you have the better, I know it's not totally uniqu info but the browser info would give you something that looks like this:

Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)

More on browser detection here : http://www.htmlgoodies.com/beyond/msiepage.html

Oh I've logged all that, printed it and passed it on to the fbi. http://www1.ifccfbi.gov/index.asp