We have experienced an attempt to order goods using stolen credit cards, their greed alerted us, but I imagine some organisations may fall foul as it was not completely obvious.

Anyone know who I can report this to, to try and relieve the ecommerce world of these cretins! :mad:

We have experienced an attempt to order goods using stolen credit cards


Good grief, really?!??


Anyone know who I can report this to, to try and relieve the ecommerce world of these cretins! :mad:

You can report it to the police, they will give you a crime number for your records, but that will be the extent of their actions.

The bottom line is no one cares, no one wants to know about it, and no one will do anything about it.

We get tens of fraud attempts daily - every so often one gets through. We have yet to find anyone - including the police and banks - remotely interested.

Hey perhaps we should make a career of online fraud if its that easy ;) Or we could set up a vigilante group to personally track them down...I'll be quiet before this thread is removed....I am joking by the way moderators :)

Its just a shame that they get away with it, this incident would have cost us £500 if it wasnt spotted...

sadly the authorities are apathetic towards cybercrime in the UK.
we'll lets face it they are apathetic to most crime!

http://www.pcadvisor.co.uk/news/index.cfm?newsid=106449

Actually...... there was a very interesting supplement which came with The Times yesterday which was on the subject of Fraud. I read it from cover to cover as I battle with online fraud daily.

There are quite a few new technologies and plans afoot. If you can get hold of a copy it is worth a read.

Or we could set up a vigilante group to personally track them down...

http://www.thescambaiter.com/

Best thing to do is phone your acquirer and tell them data time and authcode of the transaction in question. They can then blacklist it and the inform the card holder. You may not be able to do anything legally with it but you can certainly help the poor sod whos card they are shopping with.

Best thing to do is phone your acquirer and tell them data time and authcode of the transaction in question. They can then blacklist it and the inform the card holder. You may not be able to do anything legally with it but you can certainly help the poor sod whos card they are shopping with.

I don't suppose you have a list of numbers which actually get you through to someone who is interested, do you?

We used to try to do this, but our calls were always met with blank incomprehension. We gave up in the end, and no longer bother.

I don't suppose you have a list of numbers which actually get you through to someone who is interested, do you?

We used to try to do this, but our calls were always met with blank incomprehension. We gave up in the end, and no longer bother.

And Paypal is even worse..... (and the cause of most of the fraud IMO)

Its a very sad and frustrating situation - the retailer loses, the customer loses but the people responsible for it (the card issuers / banks)...

I have even heard of people who refund the fraudulent transactions and then get chargebacked anyway and have to fight to get the refunded money back!

Be especially wary of over the phone orders and even more wary if they are adamant that it is shipped immediately!

the customer loses

I don't think the customer ever loses. And many of them are to blame for responding to phishing emails etc.

It's always the retailer who loses unless it is a cloned card, chip or pin transaction or 3D secure in which case it's the bank.

It's a crying shame that no one is interested as it's our businesses that always pay

Until the banks are held responsible for processing the fraudulent transaction in the first place nothing is going to change

Businesses pay through the nose for fraud and lose the following:

- the product if shipped (or downloaded digitally)
- the cost of the product (because it's chargedback)
- a chargeback penalty (£10 for worldpay)
- the credit card processing costs (because these are never refunded)

*sigh*

Good grief, really?!??



You can report it to the police, they will give you a crime number for your records, but that will be the extent of their actions.

The bottom line is no one cares, no one wants to know about it, and no one will do anything about it.

I had my card cloned about two months ago (it was a credit card that I only ever used twice, and can pretty much guarantee where it was cloned).

Then, on the 10th of this month, a letter from MBNA tellin me to contact them immediately.

Thankfully, I'm getting my money back, but nobody really seemed that interested in following it up.

I know that this isn't really just in relation to Online, as it was used in a chip-and-pin machine, but just so you know, it's not just the e-commerce world that's being affected right now.

Even those people on this amazing highly secure "CHIP AND PIN" crap are being abused ;)

One area where CC fraud is rife, is long-stay car parking, as a colleague of mine found to his cost. A couple of weeks after returning from a business trip to the US, he discovered, upon receiving his Visa statement, that his card had been used (to the tune of £8K) in his absence. He got his cash back, but it took the bank WEEKS to re-imburse him (why??), despite him proving that he was not even in the country at the time, and that he had his card with him whilst in the States.

Now consider this even more worrying scenario:
* They (the airport car park operatives) know your name and address (as you will have pre-booked on-line.)
* They have your card details, including the security code.
* They know how long you will be out of the country.

and ..as an added bonus...

* They also have your car and keys!!

I agree with sysops on this one :) Nobody gives a toss, and its worse.

If you have 50 crimes to report from your site you have to do them individually at the station were the order was being delivered to so that could be 50 stations.

Joke ! we had a breach in security at a clients, our cctv caught the guys taking paper work, the police would not even turn out !!! it took 4 weeks to sack one of them the other got a warning !

it cost us the retailer the whole chargeback, why should the banks and police care it costs them nothing

Hi, I'm new to the forum but thought I'd post on this thread as I was on the phone to Protx today and the guy said that all on-line transactions were 100% fraud protected.

When I asked about phone transactions processed though the virtual terminal he said that they were not protected in the same way. He suggested that the best thing to do is give the caller of high value orders an incentive, such as a website promo discount code, to encourage them to do the transaction on-line and then you get your fraud protection.

Hi, I'm new to the forum but thought I'd post on this thread as I was on the phone to Protx today and the guy said that all on-line transactions were 100% fraud protected.

Hi and welcome.

Lesson 1. They lie :-)

(They are probably talking about 'verified by Visa' and other such schemes. Strangely, the fraudsters just use something else.)

Hi, I'm new to the forum but thought I'd post on this thread as I was on the phone to Protx today and the guy said that all on-line transactions were 100% fraud protected.


lol, yes protected for the banks, not the business

Peter....

Do you see fraud for digital delivered plans?

Wouldnt have thought they would appeal to a fraudster since they cant be traded....and (I think) you have a moneyback guarantee anyway...so the only "frauds" you will get are not technical, but people who think the product is great, but ask for the moneybakc anyway...

It was the guy from Lloyds TSB who told me that my online transactions through Protx (not virtual terminal) would be 100% protected against fraud. So is he making this guarantee on behalf of Protx or the bank itself?

It was the guy from Lloyds TSB who told me that my online transactions through Protx (not virtual terminal) would be 100% protected against fraud. So is he making this guarantee on behalf of Protx or the bank itself?

He's just talking total boll0cks - ask to see the contract and T&Cs. You are NOT protected against chargeback unless all your transactions are through systems like Verified by Visa or similar systems. Anything else is your problem.

I
Joke ! we had a breach in security at a clients, our cctv caught the guys taking paper work, the police would not even turn out !!! it took 4 weeks to sack one of them the other got a warning !

When I had a retail business we had four guys come to the back door with balaclavas and crowbars and intent - all caught on CCTV.......the girls were scared sh*tless - ran the automatic steel shutters down - and did not dare leave the premises till the police came......it took them 3 HOURS AND 2 REMINDERS TO COME.

So forget white collar crime...

Just to clarify I've just spoken to Lloyds TSB Cardnet and they said our online transactions would be 100% protected by Verified by Visa and Mastercard 3D Secure.

Obviously these systems require an extra level of participation by the customer. Do you think this will put off a lot of potential buyers or are they reassured by these extra security precautions?

Just to clarify I've just spoken to Lloyds TSB Cardnet and they said our online transactions would be 100% protected by Verified by Visa and Mastercard 3D Secure.

Obviously these systems require an extra level of participation by the customer. Do you think this will put off a lot of potential buyers or are they reassured by these extra security precautions?

They put a lot of customers off and to people that are unused to it it looks like a phishing attempt. If a customer hasn't signed up to the scheme they have to go away and do it before they can buy something from you.

Not every bank supports it - although more are doing now.

The real problem though is that until it's universal the fraudsters will use the normal methods and unless you only accept 3D secure etc (and therefore turn away customers) you'll still be vulnerable.

So what is the best compromise then?

That's your decision and it will depend a lot on the type of business you run, the amount of orders you take and the average value of each.

We have decided not to use 3D secure etc until they are universal and rely on our own fraud checking which is pretty sophisticated and totally over the top for normal use. (Telephony is a big fraud target).

Protx own system does a reasonable amount of checking but if you are nervous you could limit the size of order you are prepared to take on line and give a small discount for bank transfer etc.

Protx gives you a lot of info on the order and the trafic light system help

The only real check is to look at the order and check things like email address, mobile phone number, unusual order size or selection, does not show up on 192.com

If you think it's to good then treat it as a fraud untill confirmed OK

As I have said a thousand times... Common Sense is your biggest defense. Until you are 100% familiar with the traffic patterns your business model receives review every single order. It is time consuming but it will pay off. If there is any doubt at all just do not send the goods/service.

The card companies don't care. They actually make money from it works like this.

You sell something. The buyer pays with a dodgy card. You lose your goods. Or if the card is stollen, you lose your goods and get a chargeback from the real card owner. The card company then dips into your cash and takes a little bit for "THEIR" trouble too. Nice little earner for them.

Its a very sad and frustrating situation - the retailer loses, the customer loses but the people responsible for it (the card issuers / banks)...

I have even heard of people who refund the fraudulent transactions and then get chargebacked anyway and have to fight to get the refunded money back!

Be especially wary of over the phone orders and even more wary if they are adamant that it is shipped immediately!

Thats a big problem - especially when most phone customers are adamant the order is shipped immediately!

Personally I worry about new anti-fraud schemes. I worry that they may go down the route of anti-pirate methods that effectively mad everyones life harder not just the crooks. And ultimatley the crooks seem to find a way round anyway and all your left with is inconvenienced honest customers.

It would almost be better to accept its always going to happen and just try to personally vigilant at all times and on the look out.

the worst thing can be if you send out the goods. the real card holder obvoiusly wants their money back and the bank do a "claw-back" and you as the supplier are left without the goods or the money!

yes your right greed usually shows the order up before it is shipped - hopefully

best of luck

gary

(http://www.brandoa.co.uk)

The charge back system must be punitive by nature. Besides you hard working UKBF merchants there are lot of merchants who just do not take the time to learn about how to protect themselves. Or dare I say merchants who are not so above board.

Say for example you had a company doing low value sales ATV of 5 GBP. Let also say that this company was not actually sending anything out. Now because of the low value of the transactions most people would maybe send a couple of emails, maybe call a few times. The staff may be very helpful and apologetic and promise to sort things out. Eventually some people will just give up as it is not worth the bother because of the value, some people will continue to harrass and eventually get their product, a small percentage will chargeback, and lastly and most worringly some people will buy again.

Companies like this are very diifficult to shut down. Police do not understand the crime and because of the low amounts involved not many people would be willing to take a civil action against the company.

Part of the charge back program says how many charge backs you may have. The numbers changed not so long ago and I do not have them to hand but its around 1% of total count with some other factors.

The above example is a real example and although the company was clearly exploiting the consumers and card schemes there was not much we could do. If we switched of processing they would head somewhere else. The only way was to get the card schemes involved, which was suprisingly easy.

Needless to say the merchant is gone and the directors black listed. They tripped 1 flag on the chrgeback system but that was enough to get them shut down.

You guys the Merchants see very little of this or only rarely if its big enough to hit the news but it is shockingly common. But its still only one half of the concept.

The other is that the chargeback amount should be high enough that it is a deterant to the Merchant to get it wrong. If you are getting a lot of chargebacks then its either you are not protected properly or there is a flaw in your business procedures. You get some merchants who work in high risk sectors that have never had a charge back or an insignificant handfull.

Lastly the 3D secure programs do not protect you from chargeback administration. If you break the card scheme thresholds for chargebacks you may still be put on the charge back monitoring program.

The other is that the chargeback amount should be high enough that it is a deterant to the Merchant to get it wrong.

I don't think honest merchants have a problem with the amount. I think they do have a problem with the credit card companies profiting from it.

Do you see the conflict of interest there?

Simon

As I have said a thousand times... Common Sense is your biggest defense. Until you are 100% familiar with the traffic patterns your business model receives review every single order. It is time consuming but it will pay off. If there is any doubt at all just do not send the goods/service.

Luckily the fraudsters are getting more brazen and easier to spot.

I had one yesterday in a very English name, with an American registered credit card with delivery to Israel. When I checked it out, the Lady's Facebook photo showed her to be a blond girl not long out of her teens. The order amount was 10 x average, the email address was hotmail and the delivery address when I googled it turned out to be a refugee camp in the Gaza strip!

Luckily the fraudsters are getting more brazen and easier to spot.

I had one yesterday in a very English name, with an American registered credit card with delivery to Israel. When I checked it out, the Lady's Facebook photo showed her to be a blond girl not long out of her teens. The order amount was 10 x average, the email address was hotmail and the delivery address when I googled it turned out to be a refugee camp in the Gaza strip!

You have just given me an idea for a thread :)

You have just given me an idea for a thread :)

I've got lots! Will join the other thread. We can't give too much away though in case the fraudsters are reading this?

Before I get flamed, I just want to say I'm pretty much with many of you guys here, in believing plod is not much use when dealing with certain crimes, fraud etc. However, I thought the following might be worth a mention:

A year or so back, I came across a spoof site selling musical keyboards, digital cameras etc. I'd been looking at buying a keyboard that retailed around the £3k mark. The site had exactly the one I wanted but at £1500!! Obviously a scam, so I did some digging, (a long story), and got some facts together. I Googled 'fraud squad' and ended up with the necessary contact details and emailed the 'facts' I had garnered.

Within an hour, I'd got a call back from a fraud squad officer, who thanked me for the info and said he'd look into it. We got chatting, as you do, and it transpired they have a department set up solely for eradicating this type of scam site.

I checked back a couple of hours later, and the site had been pulled. I've no idea if the scammers actually got caught, but the quick actions of the fraud squad saved anyone parting with their cash.

To say I was gob-smacked by the whole episode is an understatement. I never even expected a reply. Maybe I was just lucky.

Paul

The charge back system must be punitive by nature. Besides you hard working UKBF merchants there are lot of merchants who just do not take the time to learn about how to protect themselves. Or dare I say merchants who are not so above board.

.

What a pompus statement to us all.

The chargeback should not be punitive, we have done nothing wrong except that you have agreed to take money off a card and then blame us for your failing to check it was genuine, but happy to still charge us for your failings.

All we ask is for a fair hearing that we dispatched the goods in good faith and can prove say delivery of the goods to the address that you checked was ok. Or did you check?

If internet companies are misusing the system I am sure you would soon contact the police and stop them trading with cards, but next to nothing is done to the crooks who use stolen or cloned cards, you dont even give us a method of calling up suspicious transactions to check them out, why for instance can i not ring up visa and check out a suspicious purchase attempt and they contact the rightfull customer and check its validity (I will answer for you, to lazy and to expensive. easier to make a chargeback)

I for one would never use your company if thats the attitude to us retailers

Hi Chris,

We are a payment gateway and as such have no involvement in the charge back process. In fact we do not even know when something is charged back unless the merchant contacts us. We are in fact if anything strongly on the merchants side for improved processes that get the CB information back to the merchant quicker so they can head off potential charge backs.

For example Deutsch Bank/Paygo send it out electronically same day. This allowed for us to tell the merchant via an email a charge back request had been made within a couple of hours of it being made. In many cases this allowed for goods to not be sent and our the consumer contacted to try and work something out. Many times a chargeback was due to things like wife not recognising a charge to her card made by her husband. Because the CB is only in the request phase it can be recalled saving time and money.


All we ask is for a fair hearing that we dispatched the goods in good faith and can prove say delivery of the goods to the address that you checked was ok. Or did you check?


As stated above in this post and previous is the key failing of the UK system is the time it takes for the chargeback to get to the merchant. The initial time alloted to contest has elapsed. As such the only option available to you guys is to send in an appeal to the acquirers letter which I believe is a 21 day window, might be 14 days. By this time they have taken the funds off of you.

The reason there is such a delay is some very legacy systems and business procedures at acquirer level. This is not the merchants fault and yet they are punished for it financially. It was not the intention of the previous post to say its okay for the merchants to suffer because the banks can not get the information out quicker.

The post was meant to illustrate a primary reason why the chargeback system is there in the first place that had not so far been raised in the discussion. And that is intentially fraudulent merchants and merchants who have a chargeback problem that can be resolved through improvements to their business processes.


why for instance can i not ring up visa and check out a suspicious purchase attempt and they contact the rightfull customer and check its validity


You can. The process is the following.

1. Get the date, time, amount, authcode, first 6 or last four of the card from your PSP managment system.
2. Phone you acquirer and go through their security checks.
3. Give the details to call center person and ask for an "Issuer Authorisation Check".
4. Do not send anything until your Acquirer gets back to you.
5. Make your decision to send or not to send.

As far as acquiring banks ranking in vast sums of money from the chargeback system I would question that actually. Most acquirers will get rid of merchants who consistently have high charge back rates.

For example at Deutsch/Paygo they would write off any charge back under 35 EUR. They charged 15 EUR for the chargeback so the charge back amount where it was unfeasible to contest was 50 EUR. This meant regardless the merchant was not out of pocket as the acquirer covered it regardless.

UK banks ALWAYS ask what a merchants chargeback rate is. If banks were out to make money off of charge backs they should be looking for merchants with higher charge backs rates and this is 100% not the case.

Thats not to say if they could make money they wouldn't. Having worked on both the acquiring side and processing side I would say card companies hate chargebacks just as much as merchants.

Can acquiring companies do more? - Absolutly.
Should they? - Absolutly

Ar they going to? - I would imagine so. But I can not see an industry wide change. One acquirer will figure out this is a massive issue and put out a solution. the rest will follow in who knows how many years.

What do I do until then? - Good T&C's, contracts, business policies. If you get a chargeback then learn from it.

If you get an attempted fraud, there should be some facility where you log it and the card is put on hold or stopped till the customer is contacted.

This would in itself stop a lot of card fraud, why is it not an option just now ??

As far as acquiring banks ranking in vast sums of money from the chargeback system I would question that actually. Most acquirers will get rid of merchants who consistently have high charge back rates.


This is very much a numbers game for the card companies. If there are persistent chargebacks from a single merchant then of course they will act. They would not want to be seen to be encouraging it would they. But lets take Visa, how many merchants process with them? Millions upon millions. If one merchant gets a chargeback then Visa gets some cash as does the bank. If another merchant gets a chargeback then Visa gets some more cash and the bank too. Times those individual chargebacks by the millions that must happen daily then it is not too hard to see this is a nice little earner at least for Visa.

If you get an attempted fraud, there should be some facility where you log it and the card is put on hold or stopped till the customer is contacted.

This would in itself stop a lot of card fraud, why is it not an option just now ??

See my previous post for instructions on what to do.

hi,
I am doing a study on paypal users and i was wandering why do users not trust paypal for transactions?

I know it has problems for example
CC chargebacks
Fraud
Buyerseller issues (understatement)

Do you think people only use paypal because its convenient and probably the easiest system on Earth to use?

I personally have had a few problems with paypal, I reclaimed money from a seler for not sending an item twice actually.

Are their other payment systems that are as easy to use?

To help you prevent fraud you should look into maxmind they have some pretty good Anti Fraud protection tools and the fees are low.

Iridium, thaks for that bit about contacting acquirer.

I use Protx and settle through HSBC, is it HSBC i contact, and if the transaction is suspicious, do they get the customer contacted to verify the transaction.

Iridium, thaks for that bit about contacting acquirer.

I use Protx and settle through HSBC, is it HSBC i contact, and if the transaction is suspicious, do they get the customer contacted to verify the transaction.

It will be HSBC you need to phone. The number should be on the statement.