Thanks Andrew for the suggestion. Yes, it does make sense to do all the checks you described. These days, as manual process, we just make a phone call and do a follow-up email. We ask for a copy of the credit card to be faxed and a proof of ID. Many times the fraudsters do a reply with very "bad English" - sometimes it is funny. And you're right - a lot of the orders are placed on non working hours.
On Mon, Sep 21, 2009 at 10:29 PM, Andrew Haninger <[email protected]>wrote: > On Tue, Sep 22, 2009 at 12:26 AM, Steven Anders <[email protected]> > wrote: > > I am now tasked with improving our backend checks to make sure we don't > have > > any more fraudulent order, and would appreciate any pointer or insights > into > > this matter. Any theories, insights, or information would be very useful. > I have three ideas. Two are quite complicated and the other a little > simpler. None are fraud-proof. Some may be impractical if your work is > being done "after the fact". > > 1) Have a robot call or text the customer a CAPTCHA-type string to > enter into a website. > > Workaround: Register a cell phone or VoIP number in the victim's area > code and take the call. You could possibly require a hard-wire > landline, but those are becoming so uncommon that it would create > trouble for many of your customers. And then there are those darned > dialup users. > > Perhaps do this only after a first "offense". Though, I'm guessing > fraudsters only use the accounts once and then avoid them. > > 2) Have a Flash or Java applet check for common remote desktop servers > running on the ordering PC. > > Workaround: Disguise the server software as something harmless, if it > isn't already. > > 3) Check to see if the order was placed outside normal waking hours or > during normal working hours. > > Workaround: Not hard to work around, but might hassle the criminals. > > Andy >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
