What Are Possible Signs of Fraudulent Transactions see at Web Hosting Companies?
– Customer wants to pre-pay for a year
– Domain Name Registration for 5 years or more
– Orders using free email address providers like Hotmail, Yahoo, etc.
– Usage of multiple cards to complete order.
– International address. AVS can not validate those international addresses.
– Multiple purchases in a short time period.
– The customer and billing addresses are different.
AMEX, VISA, and MasterCard implemented a security feature known as “CVV2” and “CVC2”. These are the three-digit or four-digit numbers printed on the back side or front side (depending on card company) of the card (signature panel) to the far right. The three/four-digit code helps to validate that the cardholder has the card in his possession. You can include the code in your transaction processing and need to receive a match to successfully complete the transaction. If you are using a shopping cart for your hosting sign-up process, make sure that it is capable of collecting and processing these numbers. IMPORTANT: The ToS of the credit companies state that you are not allowed to store these numbers.
Use Address Verification Service (AVS) on all US transactions to verify the billing information provided in the order with what is on file with the card issuing bank. As a bare minimum, the zip code should successfully match before the transaction is approved and you hand out the account information. You should retain the response information for some time in case of a chargeback.
The possible AVS messages are:
Y – Exact match on street address and 5 or 9 digit zip code.
A – Address matches, zip code does not
Z – zip code matches, address does not
N – No match.
U – Address information is unavailable or Issuer does not support AVS. These transactions are only applicable for Visa and the merchant isn’t responsible for chargeback liability.
R – Issuer authorization system is unavailable, retry later
E – Error in address data – unable to complete check.
G – non-US Issuer not participating in AVS – Visa only. The error messages will vary from one provider to the next. Contact your provider for more information.
S – Address information is unavailable or Issuer does not support AVS – MasterCard only.
The most important warning sign of fraudulent transaction are international orders. It is very sad to be so generic with this statement but the percentage of having a fraudulent orders goes up immediately if the order comes from a non-US location. Be aware of cities or countries with high rates of fraudulent transactions. Malaysia, Indonesia, and most countries of the former Soviet Union tend to be source of many fraudulent orders.
The most effective way to help eliminate fraud or chargeback’s is to simply call the customer. A confirmation over the phone is most definitely advised for any large transactions. If you process a fraudulent transaction, not only do you lose the funds, but the product/service as well. A phone – even if it is international will save you a lot of hassle in the long run.
What if you find a transaction to be suspicious? Contact your authorization center and let them know you are concerned about the transaction. They will look at the transaction and may give you advice. You should also call the customer to request additional information (copy of drivers license or Passport as an example). Check the IP address of the sign-up and see where it is globally. Does it matches the customers address at least by country? Send a confirmation email to the customer verifying their order.
It may be a good policy to only accept orders with identical Customer and billing addresses.
Maybe you want to scrutinize international orders as your protection against these consumers is very minimal and not accepting them could be a wise choice for your web hosting business.
Placing fraudulent notices, buttons and images on your web site and order forms will help discourage any person trying to place a fraudulent order. Make sure that the customer will se upfront that you are recoding the IP address and that you will notify the law enforcement agencies if needed. It might not protect you in every case but eventually it will help to cut down the number of fraudulent orders.