Six easy tips for preventing credit card fraud…

How To Stop Suspicious Credit Card Transactions In Their Tracks

Some time ago I got two orders, in rapid succession from Singapore. It was a new customer and the orders totalled well over $400. Since Singapore is known for Internet fraud, I thought contact I’d this customer just to confirm that they were who they said they were. I called the number left on my order form and got a “This voice mailbox is full” message, so email was next. Here’s what I sent… (I’ve changed all the contact information and taken out any identifying information).

===============================

Hello (Customer),
Recently, two orders come through from you, for the (Item 1) and for (Item 2), thank you.

Could you please provide me with the credit card issuing bank name, the customer service telephone number as well as the CVV2 number–all from the back of your card?

To find the CVV2 number, please turn your card over and look in the signature strip. You will find (either the entire 16-digit string of your card number, OR just the last 4 digits), followed by a space, followed by a 3-digit number. That 3-digit number is your CVV2 number. My credit card processing company requires these pieces of information on orders from Singapore. Sorry for the inconvenience and I appreciate your cooperation. Unfortunately, I can’t ship your order without this information.

Also, I noticed, on the first item, your name was spelled “Different spelling of customer name” and your city was listed as “dingspore.”

I assume that “(Customer)” and “Singapore” are correct. Please let me know whether or not my assumption is correct.

Sincerely,

(me)

PS, I called the phone number you left on my order form but received a “This voice mailbox is full” message.

===============================

My Interpreter Strikes Out!

I sent a couple more emails and got no response. I really wanted to find out whether or not this order was for real though. The sale came through a new affiliate of mine and he was thrilled to get his first sale. So I decided to call this guy again. Lo and behold, someone answered. When I got the customer on the line, he didn’t speak English well enough for me to communicate with him. I had someone standing by that speaks several dialects of Chinese and they were able to communicate in Mandarin. The “customer” had received my emails but had ignored them. His logic was that, since he’d already gotten an email receipt (from me) that there was no reason I should need any further information.

I explained the situation (through my interpreter) as best I could but he still refused to give me any additional information. When it was obvious we were at an impasse, I asked him for suggestions about what we should do. He suggested I send another email explaining the situation and he would take a look at it. Here’s what I sent…

===============================

Hello (Customer),
I just got off the phone with you. Unfortunately, I can not ship your order until I receive the customer service number from the back of your credit card. I will use this number to call your credit card company and make sure you are the legitimate credit card holder. Once again, I am not asking for your credit card number, I already have that. I am asking for the customer service number telephone from the back of your card. This is a standard practice when taking orders from high risk countries such as Singapore.

On this page, you can see this procedure is a standard way to prevent fraud.
http://www.wiscocomputing.com/articles/ccfraud.htm

On this page, you can see that many orders from Singapore are fraudulent.

http://www.cartserver.com/americart/faq-fr.html
Geographical Tips:

The vast majority of orders from the following countries are FRAUDULENT:
Romania
Indonesia
Singapore
Ghana
Ukraine
Uganda
Nigeria
Hungary
Belarus
Estonia
Latvia
Lithuania
Slovak Republic
Russia
Yugoslavia
Macedonia
Phillipines
Thailand
Malaysia

Once again, I will use the customer service number from your credit card to call your credit card company and make sure you are the legitimate card holder. If you are, I will ship your orders. If I don’t receive this information by Monday morning my time, I’ll cancel the orders and refund the card.

Sincerely,

(me)
===============================

OK, I’m done!

I got no response so I refunded the transaction and sent this final email…

===============================

Hello (Customer),
I’m sorry to say, I have cancelled your orders. Your credit card has been refunded. No products will be shipped to you. It is difficult for me to understand why a legitimate customer would refuse to provide the customer service number from the back of the card. It makes me think this may have been a fraudulent transaction.

In case it was not, let me explain further…

A lot of stolen credit card numbers end up in Singapore. The criminals then order large amounts of products and have them shipped. When it is discovered that the credit card numbers have been stolen, it is the merchant (me) who loses out. Even though the transactions had been approved, the credit card processing companies take the money out of my bank account. I’m also charged a charge back fee. If there are too many chargebacks, I lose my ability to process transactions.
In short, for a fraudulent transaction, I lose…

1) The products
2) The shipping
3) The charge back fee

In your case, this would amount to several hundred dollars in losses.

Keep in mind, the vast majority of thieves do not possess the actual credit card but just the credit card number and the expiration date. That is why it is standard procedure, when an order comes in from a high risk country, to ask for additional information from the card, such as the customer service telephone number from the back of the card and the CVV2 number. A legitimate card holder would have this information but a thief would not.

There were several reasons I suspected your order might be fraudulent…

1) It was from Singapore
2) It was a high dollar amount from a first time customer
3) You used a hotmail address (thieves often use free email accounts such as hotmail or yahoo)
4) On the first order, you requested the more expensive shipping option (thieves do not care how much shipping costs, someone else will be paying for it)

In case this is all just a misunderstanding, feel free to call you credit card issuing bank and explain to them that you bought something on the Internet and the merchant is requesting the customer service telephone number form the back of the card. Ask them what you should do. If I am able to verify you as the legitimate card holder, I’ll charge your card and send out your order as requested. As it stands now, your card has been refunded and no products will be shipped.

Sincerely,

(me)

===============================

The way my shopping cart/credit card processing works is that as soon as an order is place, the card is charged real time. In this case, I would have preferred the order not be charged but left in accounts receivable. That way, I could have contacted the customer and said “I haven’t charged your card yet because I need this additional information.”

Fortunately, my shopping cart (UltraCart) has the ability to do this without any intervention on my part. They use a fraud prevention scoring system which looks at where the order comes from, if the IP address of the computer matches the billing location, whether the order comes from a high-risk country, whether the card holder uses a free, “throw-away” email account and other factors. If the transaction scores too high on this fraud scale, the order is not charged real time but goes into “Accounts Receivable” where I can take a look at it, contact the customer for more information, or reject or approve the order. After this “Singapore incident,” I changed the threshold on this system so that more orders would be flagged.
I also switched my shopping cart to collect the CVV2 information during the buying process. As I said in my email to this customer, credit card thieves rarely have this number because they don’t actually steal the credit cards, they steal a database that contains CC #s and expiration dates–not the CVV2 and not the customer service number on the back of the card!

Six easy tips for preventing credit card fraud…

• If your shopping cart has this capability, ask for the CVV2 # upon checkout.
• If you can collect the IP address during the sale do so. You can check to see if the IP address matches the billing location.
• Check to see if the customer is from a high fraud country.
• Check to see if the customer uses a free, throw-away email address such as Hotmail, Yahoo etc.
• If the order is for a high dollar amount from a first-time customer, get suspicious.
• If the customer chooses the most expensive shipping option, it’s a red flag (credit card thieves don’t care how much shipping costs but they do care that the merchandise gets to them before anyone figures out that they’re thieves).

If you feel an order might be fraudulent, call the customer up and have a chat with them. Legitimate customers will be happy you’ve called and get the impression that you have wonderful customer service. Just tell them you’re checking to make sure the shipping address is accurate before you ship. Most fraudulent orders have bogus telephone numbers, so you’ll find out really quick.

Also, most thieves order several high-priced items and may not remember what they’ve ordered or what card they’ve used.