You could run IP against spam bl's, ISC lookup, dronebl, proxybl for flagging.
-Travis On Tue, Sep 22, 2009 at 2:36 PM, Steven Anders <[email protected]> wrote: > Thanks Andrew for the suggestion. > Yes, it does make sense to do all the checks you described. These days, as > manual process, we just make a phone call and do a follow-up email. > We ask for a copy of the credit card to be faxed and a proof of ID. Many > times the fraudsters do a reply with very "bad English" - sometimes it is > funny. > And you're right - a lot of the orders are placed on non working hours. > > > On Mon, Sep 21, 2009 at 10:29 PM, Andrew Haninger <[email protected]> > wrote: >> >> On Tue, Sep 22, 2009 at 12:26 AM, Steven Anders <[email protected]> >> wrote: >> > I am now tasked with improving our backend checks to make sure we don't >> > have >> > any more fraudulent order, and would appreciate any pointer or insights >> > into >> > this matter. Any theories, insights, or information would be very >> > useful. >> I have three ideas. Two are quite complicated and the other a little >> simpler. None are fraud-proof. Some may be impractical if your work is >> being done "after the fact". >> >> 1) Have a robot call or text the customer a CAPTCHA-type string to >> enter into a website. >> >> Workaround: Register a cell phone or VoIP number in the victim's area >> code and take the call. You could possibly require a hard-wire >> landline, but those are becoming so uncommon that it would create >> trouble for many of your customers. And then there are those darned >> dialup users. >> >> Perhaps do this only after a first "offense". Though, I'm guessing >> fraudsters only use the accounts once and then avoid them. >> >> 2) Have a Flash or Java applet check for common remote desktop servers >> running on the ordering PC. >> >> Workaround: Disguise the server software as something harmless, if it >> isn't already. >> >> 3) Check to see if the order was placed outside normal waking hours or >> during normal working hours. >> >> Workaround: Not hard to work around, but might hassle the criminals. >> >> Andy > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on http://pastebin.com/f6fd606da _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
