http://www.practicalecommerce.com/articles/721/Interview-AuthorizeNet-President-On-Fraud-Prevention/ User submitted comments to Practical Ecommerce's article entitled Interview: Authorize.Net President On Fraud Prevention en-us Copyright 2007 Confluence Publishing Wed, 30 Apr 2008 06:08:03 -0600 http://www.practicalecommerce.com/rss/ Practical Ecommerce v2.0.1 Ecommerce kmurdock@practicalecommerce.com bgetting@practicalecommerce.com 60 http://www.practicalecommerce.com/articles/721/Interview-AuthorizeNet-President-On-Fraud-Prevention/#comment9638 I treat all international orders as fraudulent. Our policy is to offer bank wires as the only form of payment. Indonesia, Malaysia, Nigeria, and India are 99.9% fraudulent transactions. I do make certain concessions with Australia and New Zealand, I haven't had any issues down under. The fraudulent orders I have received from these countries have all had valid CVV codes. You have to wonder how they get these. Typically the AVS are not supported overseas. What we need is an internet based bank wire transfer system that will work with international orders. If there is such an animal, please post it!!! Wed, 30 Apr 2008 06:08:03 -0600 http://www.practicalecommerce.com/articles/721/Interview-AuthorizeNet-President-On-Fraud-Prevention/#comment9638 http://www.practicalecommerce.com/articles/721/Interview-AuthorizeNet-President-On-Fraud-Prevention/#comment9503 I am new to this, but I would like to hear more or suggest companies that use IP addressing to locale of purchaser? Little off the subject.. but always wondered why credit card companies do not have pins for all credit cards and not just debit cards - to easy to just sign. One more question - if I get a new credit card, there should be a mandate that the credit card ask you for a question and answer. Then when you buy at a site. That question would come up on the checkout process and your answer would be typed in as a verifier along with the CVV, AVS, and IP addressing with local. A thief would not know the question/answer part?? Am I close or way off?? Fri, 25 Apr 2008 19:06:17 -0600 http://www.practicalecommerce.com/articles/721/Interview-AuthorizeNet-President-On-Fraud-Prevention/#comment9503 http://www.practicalecommerce.com/articles/721/Interview-AuthorizeNet-President-On-Fraud-Prevention/#comment9484 We here at www.ZenosPizza.com use Authorize.net also. For us it has been great, the AVS & CVV code as been OK. We have had like others here have stated difficulties with the verification though. Orders have been declined and with us we have noway to save them at least at this time. We also have an inherent problem with the bank only verifying only the street # & zip. This is a potential problem we see in some of our new and up coming markets. Over all though we are happy once our clients know why these declines on occasion happen and explain it to them they are OK with it and have always come back. This is not the most perfect systems available however it is the best at this time and it works OK for now. They (Authorize.net) are (on there own at their end) as well as we (ZenosPizza.com) are (on our own internally, at our end) working to improve things all the time. But there will always be a criminal somewhere trying to break through. Fri, 25 Apr 2008 13:30:29 -0600 http://www.practicalecommerce.com/articles/721/Interview-AuthorizeNet-President-On-Fraud-Prevention/#comment9484 http://www.practicalecommerce.com/articles/721/Interview-AuthorizeNet-President-On-Fraud-Prevention/#comment9492 The great thing about the Internet is that you can reach customers from anywhere around the world without the presence of the physical store. However, given the ease of buying things online and the anonymity offered by the Internet, fraud has become rampant. As long as the fraudsters have access to the credit card information, traditional checks such as AVS and CVV will not work as well. Often times, you can look at other characteristics about the transactions to get a sense of the risk of the order. For example, you can take a look at the customer's IP address and compare that against the billing address to get a sense of where they are located and how risky that transaction may be. For example, if the user is located in Nigeria but is using a US credit card, then the transaction statistically would be considered suspect. It'll depend on your tolerance for risk whether or not you want to deal with such a transaction. There are many companies out there that provide these type of... Fri, 25 Apr 2008 13:29:55 -0600 http://www.practicalecommerce.com/articles/721/Interview-AuthorizeNet-President-On-Fraud-Prevention/#comment9492 http://www.practicalecommerce.com/articles/721/Interview-AuthorizeNet-President-On-Fraud-Prevention/#comment9464 I was very surprised to hear that many merchants do not use AVS. We have had a few orders declined because of AVS mismatch (forget about P.O. boxes or international addresses), but have always been able to salvage the sales by email or telephone. And after having many attempts at fraudulent orders that were thwarted by AVS and CVV matching, I would never disengage those features. I also think that customers prefer buying from sites that check the veracity of their card information; it gives them confidence that we will protect that information. Thu, 24 Apr 2008 21:11:33 -0600 http://www.practicalecommerce.com/articles/721/Interview-AuthorizeNet-President-On-Fraud-Prevention/#comment9464 http://www.practicalecommerce.com/articles/721/Interview-AuthorizeNet-President-On-Fraud-Prevention/#comment9440 We use Authorize.net on our site www.envirosafety.com and we have discovered that there is no perfect solution. Our government customers often have no idea where there credit card gets billed to and results in a declined transaction. Also, with the CVV code we also have found numerous banks that do not support it and many of our older customers get confused when entering it. I know one site that does over $30mil a year and they do not use either the AVS or CVV since it declined so many of their orders. However, they review every order over $250 to see what information did match up correctly. Thu, 24 Apr 2008 10:33:32 -0600 http://www.practicalecommerce.com/articles/721/Interview-AuthorizeNet-President-On-Fraud-Prevention/#comment9440 http://www.practicalecommerce.com/articles/721/Interview-AuthorizeNet-President-On-Fraud-Prevention/#comment9439 I've had several chargebacks where everything matched. AVS and CV are correct. But the criminal was able to make the changes to the address and other card information. Thu, 24 Apr 2008 10:15:29 -0600 http://www.practicalecommerce.com/articles/721/Interview-AuthorizeNet-President-On-Fraud-Prevention/#comment9439 http://www.practicalecommerce.com/articles/721/Interview-AuthorizeNet-President-On-Fraud-Prevention/#comment9429 The AVS system is flawed. Functionality varies from bank to bank. While the system is supposed to parse out the numeric portion of the address, many banks have their systems set up incorrectly to read both alpha and numeric. This cause false negatives, and customers get declined when they should not. Yes, it is free, and it is flawed. Maybe that is why it it free. I know of at least one very large bank that does not have their system set up correctly. AVS needs to be standardized, so that all of the banks implement it in the same way. Thu, 24 Apr 2008 09:33:12 -0600 http://www.practicalecommerce.com/articles/721/Interview-AuthorizeNet-President-On-Fraud-Prevention/#comment9429 http://www.practicalecommerce.com/articles/721/Interview-AuthorizeNet-President-On-Fraud-Prevention/#comment9430 Good comments on Internet security. I am disappointed that Authorize.net doesn't offer the sophisticated fraud prevention such exclude countries or transactions by time of day that was mentioned. In order for someone to take advantage of such features, you would have to integrate your site with a supplier like MaxMind. If people know of other providers, let me know. Thanks. Thu, 24 Apr 2008 09:33:04 -0600 http://www.practicalecommerce.com/articles/721/Interview-AuthorizeNet-President-On-Fraud-Prevention/#comment9430 http://www.practicalecommerce.com/articles/721/Interview-AuthorizeNet-President-On-Fraud-Prevention/#comment9431 It is quite surprising how many online buyers do not update their billing information with their cc company when they move to a new address. When I used the address verification tool and there was not a match, the buyer just assume my cart/site had an error and abandoned the purchase. My cart would send the order but the payment would not show up. I can access the declined transaction and immediately see the address did not match. I was able to call the customer and try to salvage the order. Using the CVC tool is the most important factor. Your customer has the card in hand. Not just a 12 or 13 number copy. I have been lucky; since 12/99, only one chargeback and that was reversed because the customer lied to Visa. Documentation is everything. Hard copy of the order, shipping confirmation, delivery confirmation. Having said that, I have seen there is even a bigger issue with PayPal and unconfirmed addresses. 1 of every 4 orders I receive via PayPal has an unconfirmed address. No... Thu, 24 Apr 2008 09:32:46 -0600 http://www.practicalecommerce.com/articles/721/Interview-AuthorizeNet-President-On-Fraud-Prevention/#comment9431 http://www.practicalecommerce.com/articles/721/Interview-AuthorizeNet-President-On-Fraud-Prevention/#comment9432 As an Authorize.Net user, I know these services help us at www.gThankYou.com If a transaction bounces because of a bad address, the only thing to do it get to the bottom of it. Sometimes it's a simple mistake (e.g. home vs. workplace address for the credit card) other times, when you say the address is incorrect, the "customer" knows the jig is up and disappears. Thank you for an informative post. Rick Thu, 24 Apr 2008 09:32:30 -0600 http://www.practicalecommerce.com/articles/721/Interview-AuthorizeNet-President-On-Fraud-Prevention/#comment9432