| LED Digest 1761: The Ins and Outs of Online Fraud |
|
|
|
================================================== The LED Digest Moderated Discussion List "Effective Online Advertising, Since 1997" pair Networks: The LED's Web Host Hosting and Domain Reg. from a Trusted Leader pair.com for Hosting | pairNIC.com for Domains ================================================== List Moderator: Published by: Adam Audette LED Digest adam,led-digest.com http://www.led-digest.com ................................................ March 4, 2004 Issue #1761 ................................................ .....IN THIS DIGEST..... ==== CONTINUING ================= --== Fraud ==-- ~ Charles Bennett "The automated systems are the easiest to beat." ~ Miracle Wanzo "A little research goes a long way. It's your money." --== Mozilla vs Internet Explorer ==-- ~ Veronica Yuill "Just avoid 'bleeding edge' techniques..." ==== BILLBOARD =================== --== CSS Problems ==-- ~ Viggie Bala ===== CONTINUING ================================= From: Charles Bennett Subject: Fraud > I was the victim of [fraud] because I was not aware that my > credit card processor would approve a credit card when the > name and address did not match. As long as that card is active, > they approve it leading a merchant to believe the order is legitimate. - Sandi Dettman, LED 1760 Yes, your CC merchant provider will approve a card without the correct name. If you read your contract it is up to YOU to verify the name, address, expiration date and user of the card or number. If you deliver without a signature you automatically lose any right to recourse. So if the customer has a signature waiver on file and you do not override it, you lose. Also from experience you can refund an expired card, an incorrect card number, a different card number than the charge was place on and the expiration date does not need to match the card. You are dealing with a computer unless you talk to a live person for authorization. The automated systems are the easiest to beat. I have had credit cards faxed to me when I've asked for identity verification. They were perfect and the charges would go through. A month later they were fraudulent. The large directory sites that let you host a storefront are easily beaten and you will still pay their 'fees' even after the order is found to be fraud. They have your credit card for filing fees and again, you have to read your contract carefully. I won't mention names as they read this list. A new favorite is for the order call to come in via an ATT wireless operator explaining the call is being translated for a visually impaired person. Translation, they are trying to hide their ISP tracks. It's usually a Sprint wireless account routed through ATT. They will give you a good card and an address to ship to. The ATT operator specifically asks if you work with a disabled person in place an order. A lot of people let their guard down because of the disability ploy and fear of not being ADA compliant (American Disabilities Act) which websites are subject to. A terrorist attack expected for 2004 is for mass fraudulent orders to be placed through internet businesses. It is expected to originate from India, where most of the call centers with credit card numbers are based and where some of the most sophisticated programmers in the world reside. With billions of fraudulent orders placed at once, many many will get through. It will be 2-4 weeks before the chargebacks and disputes start. By that time, hundreds of billions of dollars are expected to have been lost. The purpose is to crash the US banking systems and bankrupt as many small businesses as possible. Chargeback fees and fines for three chargebacks in a 30 day period can be much more than the loss. I believe this was brought up to Congress before the end of 2003 and my merchant provider is aware of the threat as we have spoken about it. It was published on News.Google Fraud doesn't have to be to receive goods for free, it can be to break a business or other reasons. I had a large order placed three weeks ago. The card checked out, the phone number checked out, the address checked out and the persons email checked out. I shipped the order. I got a call from my merchant provider that the charge was being disputed. The person never placed the order. It was from an ex that had their account number and was playing vengeful games. The person was good enough to ship back almost $1,000 in merchandise. I only lost shipping both ways. If I had not required a signature for delivery, I am not sure if I would have had any recourse. The ISP number used to place the order was traced to the ex. My wife's card was swiped with a pocket scanner in a ladies store in an upscale community. Everything is on that magnetic strip. Within 48 hours almost $30,000 in orders were placed over the Internet. The only tip we got was when someone used it for a $15 porno access site charge and our bank called as it was out of the normal buying pattern. One seller on eBay had shipped almost $15,000 for two fur coats using the card. She was a consignment seller and had to cover the loss. It was three weeks before she called us frantic. The police would not file a report as there was nothing they could do. It was up to us and our bank. Another easy way is to place an order with the real card holders name and address, but put in the nine digit zip code where you want the order shipped to. A lot of the deliveries will automatically be routed to the nine digit zip code and not the address on the shipping label. I constantly fight with FedEx because customers will reroute the order after I ship. It costs me $20 for the delivery change. I never authorized it. And the goods have been delivered to someone else. It's simple enough to place an order and use the legitimate persons address. Then you merely call and say 'hey no one will be home to sign for that. Can you deliver it to my work instead?' All they have to do is wait for the FedEx truck in front of the business and say "is that the package for Joey Johnson? I've been waiting for that!" They sign, and leave or walk in the building and walk out the back door. The driver will not think a thing of it and no one in the business realizes they were used for a drop. Hey, even a 1% success rate can amount to thousands of dollars in a days work. Charles Bennett my website and email address are not important. ------- new post - same topic ------- From: Miracle Wanzo Subject: Fraud > I was the victim of [fraud] because I was not aware that my > credit card processor would approve a credit card when the > name and address did not match. - Sandi Dettman, LED 1760 All credit card issuers are like this. When I would first hear of merchants who didn't know, I thought it was the issuers fault for not making it known. Then I took the time to read the documents they send when they open a merchant account, or the help documents online with your gateway. They make this extremely clear, they do not hide the way AVS or even CVV2 or the authorization system works. Visa, Mastercard, AmEx, etc. also have special documents sent to card not present merchants to help them avoid fraud. I can't help but feel that people who "didn't know" just didn't do the slightest bit of research. We have websites and have proven ourselves to be capable internet searchers, we research the shopping cart software we want to use, we research the search engines and many other things. But for some odd reason, most new merchants fail to research the most important part -- how they are getting paid. Sandi -- I don't mean to be harsh. But if you're relying on AVS and CVV to determine the legitimacy of orders, you will get burned again. I can just see a post from you a few months later that you lost a chargeback even though you had a signature. Or because you didn't know about all the US based fraud, drop boxes, mail forwarding companies, apartment fraud and plain old customer claims they didn't get it when they know they did fraud, among many other types. A little research goes a long way. It's your money. Miracle Wanzo ------- new post - new topic ------- From: Veronica Yuill Subject: Mozilla > I accept the notion that WC3 compliance may well be > a good thing... But as for browser, well they are entitled > to their differences, compliance or not. - Steve Marriott, LED 1760 You make good points Steve, but there is one thing I think is worth pointing out: whatever impression some standards zealots may give, it isn't actually that difficult to design a site that is valid W3C-compliant HTML, and looks great in IE *and* in other browsers -- thus supporting the diversity that you value. We do it all the time, without using any esoteric hacks, and so do many other designers. Basic (X)HTML and CSS standards are not actually that constraining. Just avoid "bleeding edge" techniques (that usually add little value anyway) and you can build sites that are both accessible and attractive. Regards Veronica Yuill, Moderator I-Design http://www.marketingwonk.com/lists/idesign/35363/ ==== BILLBOARD ==================================== From: Viggie Bala Subject: CSS > ... if I want to put space between li-s in ul lists, I've > mostly found it necessary to add br br. However, on > some pages, this just leaves a huge space... The > other main problem is getting different levels of li-s > to display as I want. - Tom Anson, LED 1760 I haven't looked at the site too deep, but for space between li-s you can try margin-bottom or margin-top for different li classes in your style sheet. A CSS editor will make life easy for creating error-free style sheets. One such is available at http://www.bradsoft.com/topstyle/index.asp. They even have a free version TopStyle Lite available at their download section. It may help improve your CSS skills dramatically (personal experience). You can even remove all those table tags in your html and help search engine bots to index the content easily. Good tips are available at http://www.glish.com/css/ . A good understanding of position (CSS) tag is required for proper display of DIV. Even if you feel you know CSS, a formal tutorial might surprise you with the level of control CSS offers. I would suggest http://www.htmldog.com/ and http://www.w3schools.com/css/default.asp . That said, cross browser compatibility with CSS is still trial and error. Viggie Bala Helping websites to work http://www.viggie.com ------------------------------------------------------- The LED Digest is sponsored by pair Networks: pair.com for Hosting | pairNIC.com for Domains Copyright 1995-2004 Adam Audette. All Rights Reserved. ----------------------------------------------------------------- "Because I could not stop for Death -- He kindly stopped for me -- The carriage held but just ourselves And immortality." - Emily Dickinson |
