John -
Thanks for this informative post. My experience with online CC
transactions, and in talking with many resellers about this issue tells me
you are right on the mark. FWIW, what countries have you found to have high
charge back rates (besides Russia)?
Thanks again,
sA
At 02:27 PM 8/10/01 -0400, John Capo wrote:
>Quoting [EMAIL PROTECTED] ([EMAIL PROTECTED]):
> >
> > It's a pretty good test for fraud, as one rarely gets
> > the card holders address and zip code along with their
> > card number.
>
>Its Friday so I'm gonna ramble a bit about credit card fraud, one
>of my favorite subjects.
>
>I was in the on-line credit card processing business for for the
>last 3 years. We were doing several hundred thousand transactions
>a month. I know a little bit about charge backs.
>
>AVS is good but it only works for the US and parts of Canada.
>Anyone with a merchant account should be using AVS and rejecting
>transactions that do not pass both the address and zip test. If
>one test fails ask the card holder for the correct zip/address.
>
>Hello OpenSRS, the ability to pend on a transaction by transaction
>basis would be really nice!!!!!!!
>
>There are two types of credit card fraud. Real fraud is where a
>card has been stolen or data about the card has been stolen. There
>are a LOT of credit card records floating around that have all of
>the data you need to pass the verification tests. If you have a
>merchant account you have the same information, card number, name,
>address, and more. Someone hacks your system and now they have
>that information. This is not uncommon at all, credit card
>transaction records are stolen every day.
>
>Anyone want to buy a few million, verified, guaranteed valid, credit
>card transaction records. Just kidding!!
>
>The other type of fraud is "Friendly Fraud" and it costs merchants
>millions each year. Just call your bank and say, "I didn't authorize
>this transaction", and presto, your account is credited for the
>charge. The merchant pays the original transaction fee plus the
>charge back fee.
>
>The issuing bank and the card company have nothing to loose so they
>promote the idea that on-line credit card transactions are safe
>and you will never be responsible for a charge you didn't authorize.
>The issuing banks and the card companies have to follow this mantra.
>They are on the side of the card holder and the card holder is
>where they make their money.
>
>Our system had a very large negative database acquired through 10
>years of transaction processing. We had several types of thresholding.
>We matched the issuing bank with the bank name printed on the card.
>We required that the country match the country of the issuing bank.
>We matched IP address to country. We blocked countries where the
>charge back rate was insane even though Visa's rules prohibit this
>practice. We did everything we could and it was still very difficult
>to keep the charge back level low enough to avoid entering the fine
>program and losing merchant accounts.
>
>An interesting aspect of our fraud control system is that it was
>used by people that had credit card data to verify that the data
>was valid. If the card number was accepted by our system it was
>a good card and could be used elsewhere. This type of fraud was
>only detected by manual inspection. The clever card data holders
>always use proper punctuation and provide full addresses even though
>AVS only uses the first 5 or 6, I forget exactly how many, address
>digits and zip code. We would catch these guys because they would
>choose junk characters for a user name or the same user name dozens
>of times.
>
>You have to evaluate the risk reward ratio of accepting credit
>cards for a card not present transaction. It is IMPOSSIBLE to
>prevent fraud but it can be reduced by using a negative database
>and fraud screening. Falcon is pretty good. I know their system
>is available through Signio, now Verisign, grrrrr, and maybe other
>processors. Charge backs will happen, its part of the cost of doing
>business.
>
>If you make more money accepting credit cards than you do not
>accepting credit cards, then its a no brainer. If charge back fees
>eat all your profits then you stop accepting credit cards.
>
>I would be very interested in hearing what you folks are seeing in
>terms of charge back percentages and what percentage of those charge
>backs are US vs. non US cards. My guess is its not enough to worry
>about and definately not high enough to endanger a merchant account.
>
>John Capo
>IRBS Engineering, Inc.
Scott Allan
Director OpenSRS
[EMAIL PROTECTED]
