Page 1 of 1
Block individuals (human) from shopping
Posted: Wed Aug 22, 2007 2:24 pm
by patrikG
The problem is the following: a client of mine has a shop (an OsCommerce installation). However, the shop is hit by repeated attempts at fraudulent transactions, i.e. fraudulent credit card numbers. The only loss is the time to filter out these numbers & ban the account. Apparently, it is one user in particular who is using anonymizer to cloak his real IP - hence IP-banning or IP-range banning is ineffective.
I've suggested implementing CAPTCHA - email-verification (i.e. send out to user) is already in place. However, CAPTCHA only closes the door to machines, not humans.
The only other solution I can think off of the top of my head is implementing
3D-secure, however that has the downside of adding another layer of complexity to the shopping experience and turns away real customers.
Are there other, better solutions to this problem?
Posted: Wed Aug 22, 2007 3:01 pm
by Christopher
I am a little confused about these "fraudulent credit card numbers"? Do you first check that the number is in the form of a valid number? And then you to check that the card is valid by using a payment processor, either during the actual checkout or sometime later before shipping? I am not sure how the fraud is occurring?
Posted: Wed Aug 22, 2007 3:03 pm
by jason
arborint wrote:I am a little confused about these "fraudulent credit card numbers"? Do you first check that the number is in the form of a valid number? And then you to check that the card is valid by using a payment processor, either during the actual checkout or sometime later before shipping? I am not sure how the fraud is occurring?
Stolen credit card numbers. Valid information, invalid user.
As for a solution:
http://www.maxmind.com/
Learn it.
Love it.
Use it.
Posted: Wed Aug 22, 2007 5:22 pm
by patrikG
jason wrote:arborint wrote:I am a little confused about these "fraudulent credit card numbers"? Do you first check that the number is in the form of a valid number? And then you to check that the card is valid by using a payment processor, either during the actual checkout or sometime later before shipping? I am not sure how the fraud is occurring?
Stolen credit card numbers. Valid information, invalid user.
As for a solution:
http://www.maxmind.com/
Learn it.
Love it.
Use it.
Either that or one of those credit card number generators. Excellent link, thanks Jason

Posted: Wed Aug 22, 2007 5:32 pm
by Christopher
I mostly use Verisign or Authorize.net and just haven't seen those problems. I know the generated numbers don't work because I have tried them. I think maybe I've dealt with one stolen credit card. Maybe it is the types of businesses.
Posted: Wed Aug 22, 2007 6:56 pm
by patrikG
It's not fraudulent transactions, it's simply that someone signs up with some email, tries different fraudulent credit cards - no transaction is made - so no actual harm done. The problem is, the way my client's organisation is run, these fraudulent ones have to be filtered out by the person in the department responsible - a far cry from efficient, but they've come a long way...
Posted: Wed Aug 22, 2007 7:15 pm
by Christopher
Ahh ... that's the difference. I usually write custom code and don't use a package. And I don't create an order entry until the credit card transaction is completed successfully.
I do get work writing custom checkout and order processing systems for
former osCommerce users though.
