Full Disclosure mailing list archives

Re: Chargebacks and credit card frauds

From: Steven Anders <anderstev () gmail com>
Date: Tue, 22 Sep 2009 11:36:16 -0700

Thanks Andrew for the suggestion.
Yes, it does make sense to do all the checks you described. These days, as
manual process, we just make a phone call and do a follow-up email.
We ask for a copy of the credit card to be faxed and a proof of ID. Many
times the fraudsters do a reply with very "bad English"  - sometimes it is
funny.
And you're right - a lot of the orders are placed on non working hours.


On Mon, Sep 21, 2009 at 10:29 PM, Andrew Haninger <ahaning () mindspring com>wrote:

On Tue, Sep 22, 2009 at 12:26 AM, Steven Anders <anderstev () gmail com>
wrote:

I am now tasked with improving our backend checks to make sure we don't

have

any more fraudulent order, and would appreciate any pointer or insights

into

this matter. Any theories, insights, or information would be very useful.

I have three ideas. Two are quite complicated and the other a little
simpler. None are fraud-proof. Some may be impractical if your work is
being done "after the fact".

1) Have a robot call or text the customer a CAPTCHA-type string to
enter into a website.

Workaround: Register a cell phone or VoIP number in the victim's area
code and take the call. You could possibly require a hard-wire
landline, but those are becoming so uncommon that it would create
trouble for many of your customers. And then there are those darned
dialup users.

Perhaps do this only after a first "offense". Though, I'm guessing
fraudsters only use the accounts once and then avoid them.

2) Have a Flash or Java applet check for common remote desktop servers
running on the ordering PC.

Workaround: Disguise the server software as something harmless, if it
isn't already.

3) Check to see if the order was placed outside normal waking hours or
during normal working hours.

Workaround: Not hard to work around, but might hassle the criminals.

Andy

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Chargebacks and credit card frauds Steven Anders (Sep 21)
- Re: Chargebacks and credit card frauds BMF (Sep 21)
- Re: Chargebacks and credit card frauds Andrew Haninger (Sep 21)
  - Re: Chargebacks and credit card frauds Steven Anders (Sep 22)
    - Re: Chargebacks and credit card frauds T Biehn (Sep 22)
- Re: Chargebacks and credit card frauds Iadnah (Sep 22)
- Re: Chargebacks and credit card frauds mrx (Sep 22)
- Re: Chargebacks and credit card frauds Anıl Kurmuş (Sep 23)
  - Re: Chargebacks and credit card frauds T Biehn (Sep 23)