Fraud prevention

[Dan1]

I've been having a problem lately with fraudulent transactions in my shop. My problem is not determining which orders are fraudulent. The merchandise I carry doesn't appeal to the average criminal. I have the address, zip code, and security code settings with Authorize.net set to decline the transaction if they don't match. I have a good feel by now for which transactions look suspicious, and call the customer if necessary. Also for the higher risk items I have a module installed that makes it obligatory for the shipping and billing addresses to be the same. All in all I feel well protected this way and haven't lost an item in 2 years.

 

My problem is the following. Looks like my shop is being used to check credit cards. The scammers choose an arbitrary product and try to put an order through. Of course all the orders get declined. But I still get charged by my processor a fee of $0.25 per declined transaction. Over a course of 2 days they did this 100 times so it added up to $25, which I can't afford to lose on a regular basis.

 

The only thing close to a solution I found so far is the Advanced Fraud Protection Suite from Authorize.net. It has a bunch of features but the only useful one is the IP hourly velocity filter. How it works is you set a max number of transactions per hour and enable the filter. If this number is reached by one customer from the same IP in one hour, further transactions by this customer will be blocked. Actually I'm not even sure for how long such a customer will be blocked, I need to check with Authorize.net.

 

Not only does this fraud protection suite cost an additional $10 per month with Authorize.net, IMO they should include it free, it also doesn't work very well. All the scammer has to do is use a proxy to get a different IP, or wait an hour until they're unblocked, then continue running cards.

 

I think another solution is needed. Looking at how these scammers operate, it seems they're after checking as many cards as possible the easiest way possible. Which in prestashop all it requires is changing the credit card info on the last checkout page. Maybe a module that would block the customer's profile from making further orders if they've used a certain number of different credit cards. Having to re-register every 5 different credit cards may be enough of a deterrent to make them move on.

 

Is there such a module? or something that will help my situation?

Edited September 22, 2012 by Dan1 (see edit history)

[clayton29657]

Hello Dan1

 

Sorry you're having all these issues. Why don't you just ban their IP addresses for the customers who keep doing this? I am sure that would be a lot easier than having to worry if the module works right. Not sure how many different people are trying this but if it's only a few that's what I would do if it were me and my store.

 

Good luck and sure hope you can fix this solution quickly

Clayton

[Dan1]

The transactions are done at night and I only find out the next day, by then the damage has been done. If I block the IP they just use another through a proxy.

Edited September 22, 2012 by Dan1 (see edit history)

[clayton29657]

I will do some research see if I can help you find something I am sure there is as I am curious also seeing I have authorize dot net but i use others as well do my payments range totally different

[Dh42]

Block all access to your site from proxy ip addresses and TOR exit nodes. It helps. Have a message that will display and let the users know why they are blocked and what they can do to prevent it.

[PrestaHeroes USA]

Sorry to hear you are having problem.

 

Do they create new accounts each time or use the same customer account? If they are creating customer accounts (I suspect using a program) i.e. if you disable the account do they just create another?

 

do you have a human verification at registration?

 

you have probably seen this:

http://forum.bigcommerce.com/f8/credit-card-fraud-spammers-9693/

 

This gives me some good ideas on how to expand our geoip work we just published and move into the fraud arena. I hate spammers.

Edited September 22, 2012 by elpatron (see edit history)

[Dan1]

I read the thread. It pretty much describes my problem but doesn't give a solution. I've deleted accounts, and new ones have been created. But I don't think robot registration is a factor in this case. Still I'm interested to know how to implement human verfication into one page checkout. Can you point me in the direction of this information? I suspect it will piss off legitimate customers though. It's important for a checkout to be quick and easy.

Block all access to your site from proxy ip addresses and TOR exit nodes. It helps. Have a message that will display and let the users know why they are blocked and what they can do to prevent it.

Thanks. How do I do this?

[Dh42]

If you are using opc and not using guest checkout, this can help also. http://addons.prestashop.com/en/front-office-features-prestashop-modules/4721-captcha-for-prestashop-forms.html Notice that you can use it with account registration.

[Dan1]

Designhause, your link just goes to the prestashop addons page. Please explain how you block proxy and Tor IP addresses.

 

As far as my original problem, the fraudsters seem to have taken a break from my site. I achieved this by taking the following measures, and acting instantly the moment the fraudulent transactions came in over a period of two weeks.

 

1. Paying $10/month for the Advanced fraud protection suite from Authorize.net. The only useful tool in the suite is the IP hourly velocity filter. I have it set to 5, after 5 declined transactions from the same IP within one hour, the IP gets blocked. Further transactions are not processed without the fraudster knowing why they were declined. This way I only run up a bill of $1.25 (the cost is $.25 per declined transaction) before I'm onto them. I immediately receive a notification email. I normally access my emails almost immediately and once the user and his transactions are identified as fraudulent, which is easy to see by their order; normally the smallest most inexpensive item I have in the shop, or the first item from the first category, or a very large order of electronics, I then proceed to the next step.

 

2. I bought and installed the Ban IP module. I check the IP used for the transactions and ban it. I have it set so that banned IPs can't view my shop, instead they get redirected to an address I choose.

 

3. I made up a web page with a red widget across the top that identifies the user's IP and ISP, and says something to the effect that the information was forwarded to the FBI internet crimes center for investigation. Under that I set up Iframes that display the FBI site so the whole page looks official.

 

I don't know if the fraudsters are actually worried by the page, although there's always an element of uncertainty when you're confronted with such a notice, but the fact is I haven't had a fraudulent transaction in a couple of weeks. It may be that just acting fast and forcing them to re-enter the registration information and log in and out of proxies often, was too much hassle and it was easier to move on to sites that don't react so quickly. In any case I'm happy it worked. But I'm not happy that now I'm stuck paying another $10/month to Authorize.net for the rest of my life. I think it should be possible to write an IP hourly velocity filter module that would replace this service from Authorize.net, that should be available for free IMO. If someone makes this module I'll buy it.

Edited October 30, 2012 by Dan1 (see edit history)

[berta recchia]

Isn't it ironic how cc processors are making money from this, no matter which direction you take? I think it's really suspicious the fact that the hacker keeps doing it even though he sees that 500 attempts don't go through on the same site? Call me paranoid but he must be paid to do this.

 

Is anyone coming up with a module that blocks the user's account after a set number of declines? Why give banks the money?

 

Blocking IPs and proxies means blocking potential real customers woriking in corporate offices or VPN....

[Becks]

If your sales volume is less than 500 orders per month, you can consider the http://www.fraudlabspro.com/ fraud screening service.

 

The Micro plan that they offer is FREE and you can screen up to 500 orders per month.

 

Among the features is the IP velocity check which is what you are looking for. They also have a lot of other checks like IP Geolocation, etc.

 

No harm checking it out and see if what they offer fits your requirements.

[Dan1]

I'm still looking for an order velocity filter module. In other words a module that will block orders from a certain IP after a set number of declines.

[waldiPL]

to block ip addresses i use free vekia's module to block ip address, for me it works

[MaXi32]

Seems like an old threat but valid question as today so many cases like this one.

Since you ask about how to block proxy sites or tor exit and you need this in free way, i suggest that you use a firewall that come with this feature such as Config Server Firewall (CSF)- This is free and it has blocklists setting where you can block tor exit users and list of proxies used by internet users to make this fraud transaction.