Online Fraud

Posted on January 17, 2008
Filed Under Uncategorized | | Written by Gary Reid

Back in 2000, just 3 weeks after launching my first online business I came face to face with my first chargeback. After 8 years it still leaves me feeling the same.

One thing is for certain your merchant account or PayPal can and will do nothing to help, some are worse than others, Wordlpay for example who used to rely entirely on the processing banks address checks. Not sure if they still do, but you could process a Bank One credit card with Mickey Mouse as the name and Disneyland as the address and Wordlpay would process it.

Last night I got the latest fraudulent transaction through Paypal, now we’ve picked it up before PayPal, in fact at point of sale so we won’t get a chargeback as we’ll refund the payment.

But, what can you do?

It really depends how far you want to take it.

I remember posting on WebHostingTalk that we had banned whole country blocks of IP’s and some people thought that was harsh. But, if all you’ve ever had is fraudulent transactions from Vietnam then what the hell. At the time it was the only way. You get the range of IP addresses used by a whole country and add them to your deny list, either at firewall level or .htaccess level.

Of course you then have open proxies to worry about, but generally you can get lists of these from open proxy sites, such as proxyserverprivacy.com they also provide country lists of IP’s as well.

Today things have moved on and MaxMind runs a neat service, a basic one that is free, which can check each order. You pass over the IP address, city, state, zip, country of the buyer and they will check against the open proxy list, they can also score email addresses.

We have found that by just using PayPal fraud has declined, it probably is harder to get access to a PayPal account than buy a list of credit card numbers, but we still get it. In 2002 5% of revenue was fraud, today it’s around 2%.

I’m sure the fraudsters think it’s a victim less crime, well it’s not, it’s us small businesses that pay, we lose the goods, we lose the money and we get charged anything between £10 and £25 for the pleasure plus the processing fees. The banks lose nothing, the merchant account providers lose nothing, so I guess there is no real reason for them to do anything, which is exactly what they are doing.

In PayPal’s defence they will try and fight chargebacks, but with digitally delivered products it’s of no use.

Article Tags>> |

Comments

One Response to “Online Fraud”

  1. Compare Merchant Accounts on January 17th, 2008 10:25 am

    Hi Gary. Credit card fraud is a real problem for merchants. As you said, the onus is on the merchant to protect themselves and if it happens (and it does) then they pay for it.

    Thanks for the link to MaxMind! I haven’t heard about that service, but I’ll certainly be taking a look.

    For what it’s worth, a merchant account provider ends up taking most of the risk in the long run. If they get a fraudulent merchant who steals money from their customers and then disappear into the night, the merchant company is the one left holding the bag.

Leave a Reply