www.modernbill.com
Questions? Call 1-502-566-7754 or Email Presales
  
 
 
Fraud Prevention

Witten by Jon McCarrick, VP Sales/Marketing, ModernGigabyte, LLC.

The Web Hosting industry is currently enjoying a period of aggressive growth that has made it an attractive venue for many new entrepreneurs. Unfortunately for these new businesses, they are the potential target of fraud. Fraudsters (the unofficial euphemism for fraud perpetrators) have been honing their skills and are very skilled at removing money from the unsuspecting pockets of novice business owners.

The first thing that we have to recognize is how widespread the problem. Recently, news sources have reported that as many as 1/3 of all computers have at least one virus program running on it. These virus programs can be used to create drone computers for fraudsters and record keystrokes to provide personal account information to the fraudster. Other news reports have addressed the new phenomenon of phishing, the process of duping unsuspecting consumers to go to phony websites and enter the account info. This practice even targets legitimate financial institutions like banks. Other news accounts report on the massive failure of security systems to protect personal customer information. In short, fraudsters have a large and growing repository of credit card information to attempt fraudulent charges with. The problem has become epidemic and will only get worse unless massive changes are made to the way information is stored and protected.

The next thing that we have to recognize is a change in the types of information that these fraudsters are accessing. Not very long ago, an online retailer could feel safe if they enabled CVV2 and AVS matching on their gateway. Today the fraudsters not only have the credit card owners name and number, but also CVV2, AVS, home phone, address, and every other piece of information about that customer to steal that customer's virtual identity. This places the retailer in the uncomfortable position of having a 100% authentic looking order in their system.

As a side note, most new businesses do not realize that it takes very little fraud activity in their account to cause their provider to cancel their account. Most providers will not tolerate more than a 2% chargeback rate. This rate not only has to account for fraud but also irate customers and white collar fraud whereby a bona fide purchasers requests chargebacks on good sales. This thin margin for error and the high cost of fraud places most new business at a high risk of early trouble.

Fortunately there are many new products and tools on the market for aiding in the fight. Many of these tools are freely available and others are inexpensive enough that every business should be using something. According to a recent survey by the Merchant Risk Council (www.merchantriskcouncil.org), merchants who use fraud prevention tool have a much lower incidence of fraud.

The Tools

Attempting fraud prevention can be as much art as it is science. No one process will work for every company. Even Web Hosting companies can have their needs vary based on the makeup of the population accessing the offer. Therefore when putting your processes together, put yourself in the place of the person who might try to attempt to defraud you.

Website Review - If the order is coming from someone who has an existing website, go look at it. This will do several things for you. First, it is a step toward confirming that the customer is a legitimate business. Look for a "Contact Us" link. Compare listed phone numbers, addresses and email address to those in the order. Second, it allows you an opportunity to test their support, especially if they have live chat. This live chat feature will usually allow you to converse directly with the owner. Third, it will allow you to avoid businesses that you would prefer to avoid. Many companies in need of hosting bounce from supplier to supplier because they host adult sites, spam services, warez or other illegal or objectionable services. A quick look can save you the heartache of the having multiple chargebacks from these unsavory characters.

IP Address - The IP Address is a primary tool for detecting fraud. Be sure that your order collection process includes the ability to collect the IP address of the orderer. It will allow you to determine the actual locale of the order and whether that customer is hiding something. You need to be cognizant of the fact that there are in fact locales that have high incidences of fraud. Some of the locales include Singapore, Malaysia, Nigeria, and Vietnam. That is not to say that orders from these places are all fraudulent, but that there is an increased likelihood for fraud. IP locating will also help detect fraudsters who are utilizing drone computers to place their orders.

The IP can be traced in a number of ways once you have it. Traceroute programs are very common and there are many free versions available. Unfortunately most do not tell you about the actual location of the server. VisualRoute from Visualware.com give both a graphical and text display as to the actual location of the fraudsters computer. They have several free demos online that allow you to immediately start accessing their service. Once you have identified IPs as fraud, be sure that your order process has a way to ban these ips as these fraudsters will continue to make attempts from the some ip using different info.

Whois - Do a whois search on the domain name they are going to use if they have one already. Match the whois info against the order info for proximity of the order to registered address. A critical item to look for is whois info that is blank or being hidden by a proxy. This is a clear tippoff that the domain owner doesn't want to be identified. Keep in mind, that some legitimate companies use these services but it is just another factor to consider. Another item that can gleaned from the whois is the current dns of that domain. This may give you some idea as to who their current provider is. Also look for when the domain was created. This will give you some idea of the history of the company.

Netcraft - Netcraft.com is an invaluable tool in tracking the history of a particular domain. The free service they offer allows you to track how frequently a particular domain name has been moved. You will be looking for short stays and frequent moves as indicators.

Merchant911.org - This group is dedicated to alerting merchants to particular incidents of fraud. They send out regular reports of fraud incidents to all of their members as well as updates about the state of the industry. It is a nice supplement to the information you can get for yourself. They also devote portions of their website to fraud protection strategies.

Phone Calls - When in doubt, call the phone number provided in the order. An increasing number of fraudsters will use the person's actual phone number. The customer will flat out tell you that they did not make the charge. Also, many fraudsters put in random digits, hoping you won't call. Out of order messages on a phone number is a clear tip off that the order is suspect. Also, use the country, area, and exchange numbers to verify the phone number against the address location.

If you are still not sure, locate the bank and then call it. Banks don't want you taking fraudulent payments either. They can be very helpful in confirming the validity of a card.

Google - Putting a customers name in Google will sometimes produce unexpected results. If you are in doubt, google the customer to find other shady business practices that they might have been engaged in. Particularly with reseller hosting, a bad reseller's reputation will precede them. You want to avoid serial offenders.

Price - There are two types of accounts you want to be particularly wary of with price: your most expensive package and your cheapest package. Fraudsters are up against a time limit to commit fraud before they are found out. Therefore, you will want to be suspect of any order for your most expensive package. This is the one they will choose if given a chance. Also watch for one and two dollar orders as the fraudster may be testing the validity of the card. The chargeback fee will be the same for both and they don't care about your feelings.

Velocity - Be on the lookout for repeat orders from the same credit card. Once a fraudster has found that they can beat your process, they will attempt to do so as frequently as possible. If they get through more than once, they will tell all their friends and before you know it, you will have many fraudsters tagging your site.

Email Address - Another factor to consider is free and service provider email addresses. If the email address is attached to the domain you will be hosting then you know where the email will be heading. People can create and destroy a free email account in a few minutes to hide there identity. Again, not full proof but a factor to consider.

Your Gut - You come pre-equipped with the best defense you can get: your gut. If an order doesn't feel right, don't take it. You do not have to take every customer that comes along. "Hungry indeed is the beggar that doesn't occasionally pass up a door." Those orders are the ones that will always come back to bite you.

The Products

If all of this sounds like a lot of work, it should. It can be a very time intensive aspect of your business. Fortunately, there are a few automation products on the market to make tightening the purse strings a little easier.

FraudGuardian - In the interest of full disclosure, I work for Moderngigabyte, the makers of ModernBill and FraudGuardian. These products were created with automation in mind. Our ModernBill customers informed us of their inherent fear that complete automation would open them to fraud. We knew this was the case from our own experiences. This experience also informed us that complete automation is what customers desire and reduces support costs. So we designed an automation tool that duplicates many of the steps that a host might otherwise have to do.

When an order is made on ModernBill (or any other order process integrated to the FraudGuardian API), the information in the order is run through FraudGuardian. This service compares the various vectors in the order information like IP address, order address, AVS, bank location, free email and proxy checking. By measuring these vectors against an algorithm, FraudGuardian produces a fraud score and a fraud report. The report is emailed to the administrator and the score is recorded in ModernBill. ModernBill has a threshold system which can control how automated an order is by its fraud score. FraudGuardian is just the first line of defense and will sort out the vast majority of good orders while holding the suspect ones.

Varilogix - Varilogix is another automated fraud screening tool. This product will actually call the phone number listed in the order form at the time of the order. If the phone is answered and completes the required prompts, the order is passed through. This automates the phone checking process listed above. It uses IP phone technology to keep costs low.

Verified by Visa - The Verified by Visa program will inform you whether the customer making the charge has applied to the program. By implementing this technology, customers who have applied will have to enter their password before the order can be processed. While this is not a full proof model, as it requires active participation of the customer to the prescreening process, you can feel confident that the orders that come through that process are good. The system fails over gracefully for cards that are not registered and allows the process to continue.

Chargeback Bureau - This organization, at chargebackbureau.org, maintains a database of known chargeback artists and fraudsters. By tying your order process to their API, you can check for repeat offenders who have been previously reported to the system. This system gets stronger over time due to the nature of the reporting. Each user can report their own chargebacks to the system. The only drawback is that occasionally it will refuse a customer who has made a legitimate chargeback on a prior occasion.

In Summary, you should use a combination of these tactics to ward off fraud and protect your good business name. Be alert, be diligent and never let them see you sweat.

License pricing

Become a reseller

Free 30 day trial

Download V5

Order online

Call 1-502-566-7754
 
 

ModernBill: Billing Software | Products and Services | MBAPI | Resellers | Forums | Support | Partners | Events | News

© 1999 - 2010 ModernGigabyte, LLC
Design by: ModernGigabyte, LLC.
[ home | feedback | site map ]
ModernBill Articles