Marketing & SEO Discussion List - LED Digest

 
Home arrow Featured Posts arrow International Orders and Credit Card Fraud
International Orders and Credit Card Fraud Print E-mail
Written by Ron Coble
February 7, 2007

Beating the Fraudsters

I debated all week about adding my 2 cents to the subject of International sales because this post could easily evolve into being being a book sized post. But a large order from South Africa prompted me to jump in with some comments and suggestions.

Our international trade marketing services business attracts fraudulent orders like moths to a light on a summer night. The primary reason for these orders has been the directories we offer that contain the contact information for importers around the world with about 12% of them having email addresses.

The fraudsters (as I like to call them) attempt to use one form of fraud (credit card) when purchasing our directories which they then use to email their infamous "Nigerian" scam emails (which are no longer limited to Nigeria but still primarily centered from countries on the African continent).

Our "fraud flood" actually started about 5 1/2 years ago and hit the $150,000 mark sometime early last year when I stopped keeping a tally because we were literally receiving 5 fraud orders for every 1 legitimate order. The order that sparked me to post this came from South Africa (becoming a fast 2nd or 3rd to Nigeria).  It was for two Mexico Business directories with a total cost of $1,390.00...

Initial Fraud Checks

The order upon initial review, looked fairly legit, spelling was good, the first and last names were not reversed (an easy sign to spot from new, not too educated fraudsters). The email was from a free email account, that is a definite security flag but the IP address on the order checked out for South Africa - things were looking fairly positive.

Let me divert for a moment - in regards to the IP address capture. I installed this little bit of script on our order forms in September 2006 and almost overnight it reduced our fraud order rate from about 5 to 1 by about 90%.  I 'guess' because their IP address shows on the order form as they are filling it out and they cannot change it that it scares some of them away?

By the way, whois.sc is about the best and fastest IP checker I have found on the Internet - just copy the IP from the order and visit whois.sc and paste and hit enter - very fast and more details than any other I have used yet.

Security Flags are Raised

The next check was the first 6 digits of the credit card with our merchant services bank lookup.  The 2nd BIG security flag is raised. The bank is in Mumbai, India.  I then request the customer submit a faxed or scanned copy of the front and back of their credit card via fax or scanned attachment to an email and the "TOP" portion of a recent billing statement so we can verify the billing address he has submitted (we emphasize the top portion because we don't need to see their transactions - just their address).

This morning, I have a two page fax waiting for me. The first page goes on to assure me that because he is currently on travel and does not have a billing statement but assures me that he is the owner of the card (we emphasize in our email requesting this data that it is meant to protect legitimate credit card owners as it does us).

Now what was interesting about the copy of the credit card was that it had the number, expiration and name imprinted on it but you could not see any bank info, logo or other details?  On the back side the number in the signature area and the CVV number matched but the card was not signed and again, none of the other info you normally see on the back of a card was there, nothing??

An Anxious Buyer

The icing on the cake came when I got a call from this individual shortly after reviewing the fax.  He was asking how quickly he would get his order, whether there was a download link where he could get it rather than waiting for a CD to arrive.  Very, very anxious.

Enough flags, I called the issuing bank in India and believe it or not they helped me by advising me the card's billing address was in India, not South Africa.  I usually do not bother replying to these fraudsters but I sent him an email telling him what I learned and advised him that we would only accept payment via Western Union.

I am sure (based on a lot of experience) I will never hear from this slug again since he has crawled back under the rock from where he came and will be looking for his next fraud venture.

Conclusions

The main point for making this long post is to hopefully pass along some of the experiences we have had over the years and some of the ideas and resources we use to help combat this growing problem. It is also meant to alert those to the fact that you cannot be complacent in what you use to evaluate the validity of an order because as you can see from this post, they may very well have adapted or have a means of imprinting cards?

If anyone has ever seen a credit card like I described here, I would be very interested in hearing about it?  My thoughts were that the actual owner may have been on travel in South Africa and had a card copied at a hotel or something and the copy was used with us?  It is a new one so any feedback would be appreciated.

Hope this helps someone avoid getting burnt.

Ron Coble
Coble International Marketing Services


Comments (4)add comment

Yates said:

  The practice of imprinting cards has been happening for awhile now. The thieves somehow secure long series of "correct" CC numbers and then use these as the keys to make fakes from blanks. The whole thing is very professional and industrial, somehow I think the mob is involved *smile*.

Thanks for the great tips here, by the way. I use whois.sc and lots of other tools depending on the country of origin. You can usually smell the fraudulent orders right away, but every now and then a legit one comes over that looks phishy.
February 07, 2007

Tom Aman said:

  Comment about your post first - that was a great one. Just wanted to mention that whois.sc has changed their name (and address) to - http://www.domaintools.com.

Tom Aman
February 09, 2007 | url

Robert said:

  Hi Ron

Thank you for a great article in LED Digest, I sure picked up some great tips on how to avoid getting burnt.

Thanks again
Robert
February 20, 2007 | url

Dave said:

  I wish staff where I work read this about a month ago.

After we accepted the transaction of $8000 (for payment of the goods and freight), we were instructed to pay $3000 for freight costs to Africa. This was done, to a bank account that is now empty and closed..

Later on, we are advised that the $8000 has to be given back to the bank because of fraudent card.

Bye bye $3000... lucky we caught the goods before they left, or it would have been worse.


2 days ago, we received an email from a new customer, with a new order... Wonder if there is a way to get back at them.
March 20, 2007 | url

Write comment

security image
Write the displayed characters


busy
 
[ Back ]