Our website has been inundated with fraud orders over the past week

[cheezy321]

We have been trying to figure out where all of these fraud orders are coming from. It has been constant over the past week, and before we had absolutely no problems with this sort of thing. I have been scouring the internet to see if we got listed in some "carders" forum, or if there has been some big release recently of stolen credit cards.

Has anyone done this before, and how did you go about it? I want to get to the bottom of it, because we are seeing about 20 - 30 orders a day that we know are fraud.

Can anyone help?

 

[venkman]

sry ill stop

 

[PepePeru]

one of my friends got a call this morning about fraud on his CC...

 

[TechBoyJK]

Originally posted by: cheezy321
We have been trying to figure out where all of these fraud orders are coming from. It has been constant over the past week, and before we had absolutely no problems with this sort of thing. I have been scouring the internet to see if we got listed in some "carders" forum, or if there has been some big release recently of stolen credit cards.

Has anyone done this before, and how did you go about it? I want to get to the bottom of it, because we are seeing about 20 - 30 orders a day that we know are fraud.

Can anyone help?

We've been getting them too, but just as of this past week. We call every person that places an order and ask some verification questions before processing it.

 

[slag]

check your webserver logs and see if its the same IP or block of IP addresses. IF it is, contact the authorities and have them perform an investigation.

Had to do that at our old job. You should also be able to put filters on your firewall to block this ip range or whatever.

 

[Blieb]

Originally posted by: slag
check your webserver logs and see if its the same IP or block of IP addresses. IF it is, contact the authorities and have them perform an investigation.

Had to do that at our old job. You should also be able to put filters on your firewall to block this ip range or whatever.

Yeah I had a group of sites that were getting bombed with orders. Blocked the .ru-skies and voila!

 

[FelixDeCat]

What are some things that tell you an order is fraudulent?

 

[techs]

Originally posted by: FelixDeKat
What are some things that tell you an order is fraudulent?

Probably starts like this:

DEAR SIR,

URGENT AND CONFIDENTIAL BUSINESS PROPOSAL

I AM MARIAM ABACHA, WIDOW OF THE LATE NIGERIAN HEAD OF STATE, GEN. SANI ABACHA. AFTER HE DEATH OF MY HUSBAND WHO DIED MYSTERIOUSLY AS A RESULT OF CARDIAC ARREST, I WAS INFORMED BY OUR LAWYER, BELLO GAMBARI THAT, MY HUSBAND WHO AT THAT TIME WAS THE PRESIDENT OF NIGERIA, CALLED HIM AND CONDUCTED HIM ROUND HIS APARTMENT AND SHOWED HIM FOUR METAL BOXES CONTAINING MONEY ALL IN FOREIGN EXCHANGE AND HE EQUALLY MADE HIM BELIEVE THAT THOSE BOXES ARE FOR ONWARD TRANSFER TO HIS OVERSEAS COUNTERPART FOR PERSONAL INVESTMENT.

 

[sao123]

what site?

 

[Nik]

Originally posted by: techs

Originally posted by: FelixDeKat
What are some things that tell you an order is fraudulent?

Probably starts like this:

DEAR SIR,

URGENT AND CONFIDENTIAL BUSINESS PROPOSAL

I AM MARIAM ABACHA, WIDOW OF THE LATE NIGERIAN HEAD OF STATE, GEN. SANI ABACHA. AFTER HE DEATH OF MY HUSBAND WHO DIED MYSTERIOUSLY AS A RESULT OF CARDIAC ARREST, I WAS INFORMED BY OUR LAWYER, BELLO GAMBARI THAT, MY HUSBAND WHO AT THAT TIME WAS THE PRESIDENT OF NIGERIA, CALLED HIM AND CONDUCTED HIM ROUND HIS APARTMENT AND SHOWED HIM FOUR METAL BOXES CONTAINING MONEY ALL IN FOREIGN EXCHANGE AND HE EQUALLY MADE HIM BELIEVE THAT THOSE BOXES ARE FOR ONWARD TRANSFER TO HIS OVERSEAS COUNTERPART FOR PERSONAL INVESTMENT.

:laugh:

 

[cheezy321]

Originally posted by: FelixDeKat
What are some things that tell you an order is fraudulent?

Here are the main things:
- Different Ship to - Bill to address
- Expedited shipping (lots of fraudsters dont do this anymore because it raises red flags)
- High $ / easy resale products (For us this would be products like stethoscopes or workout machines)
- Fake email address

We also do a reverse lookup of the phone # they give us with every order. If the phone number doesnt match either name on the ship to / bill to address then its usually fraudulent.
We usually check the address as well to see what type of establishment its going to. Sometimes a google search will result in showing the home as foreclosed or abandoned.

EDIT: We also check the IP with what the billing / shipping addresses are. It seems like a lot of these fraudulent orders are coming from inside the US :-/

 

[ViviTheMage]

Do you have a merchant account? Paypal? GCheckout? How do they pay?

 

[cheezy321]

Originally posted by: ViviTheMage
Do you have a merchant account? Paypal? GCheckout? How do they pay?

Our merchant account is with Authorize.net

We also accept paypal. Most of the fraudulent orders are coming thru with credit cards tho.

 

[Appledrop]

maybe u have a competitor that hates you, and wants to get your merchant acc suspended :x

 

[RagingBITCH]

Originally posted by: cheezy321

Originally posted by: FelixDeKat
What are some things that tell you an order is fraudulent?

Here are the main things:
- Different Ship to - Bill to address
- Expedited shipping (lots of fraudsters dont do this anymore because it raises red flags)
- High $ / easy resale products (For us this would be products like stethoscopes or workout machines)
- Fake email address

We also do a reverse lookup of the phone # they give us with every order. If the phone number doesnt match either name on the ship to / bill to address then its usually fraudulent.
We usually check the address as well to see what type of establishment its going to. Sometimes a google search will result in showing the home as foreclosed or abandoned.

EDIT: We also check the IP with what the billing / shipping addresses are. It seems like a lot of these fraudulent orders are coming from inside the US :-/

We've been noticing a lot of fraudulent orders as well. (We are a 3PL that does work for some large name companies, we go through CyberSource) We had a small rash right before Fathers Day, and our largest single day of volume is on July 3rd. (Least according to the client) We're expecting to see a few rings try to hit us.

 

[ViviTheMage]

Originally posted by: cheezy321

Originally posted by: ViviTheMage
Do you have a merchant account? Paypal? GCheckout? How do they pay?

Our merchant account is with Authorize.net

We also accept paypal. Most of the fraudulent orders are coming thru with credit cards tho.

What billing software do they go through/integrate authorize.net's API? can you integrate maximind? Works great, keeps all that crap out of my system.

 

[cheezy321]

Originally posted by: ViviTheMage

Originally posted by: cheezy321

Originally posted by: ViviTheMage
Do you have a merchant account? Paypal? GCheckout? How do they pay?

Our merchant account is with Authorize.net

We also accept paypal. Most of the fraudulent orders are coming thru with credit cards tho.

What billing software do they go through/integrate authorize.net's API? can you integrate maximind? Works great, keeps all that crap out of my system.

We use ASP.net storefront. We were actually looking into maxmind this morning. So you would say its worth the cost?

 

[ViviTheMage]

I get it free through my merchant luckily, and I love how well it works...and easy it is to configure.

Worth the cost? That's up to you and how much you think it's worth.

If you ask, they may give you a free trial...I assume it'll knock out all of those fraudulent orders, but don't hold me to that. It'll take some tweaking with the fraud settings. Each business is different, depends on what your market is (geographically) ... If you want some help with those, you can PM me and I can give you what I use.

 

[yllus]

You may want to consider an account with a site like MaxMind, which provides you with an API to pass the customer's information to and let them determine how high a fraud risk they are. They're very effective.

Edit: Apparently I need to read closer. Personally, I recommend them.