Practical Ecommerce

Effective Tools to Detect Stolen Credit Cards, Part 1 Of 3

There are hundreds of branded tools that ecommerce merchants can turn to for help in catching fraudulent credit card orders. Some tools are free, and some come bundled or offered as additional features in payment processing systems like and Google Checkout. Others can be subscribed to, purchased as software or outsourced. As yet there doesn’t appear to be any all-in-one solution, although some come close.

Many online merchants are already on board with fraud detection technology. The average merchant uses 4.4 fraud detection tools according to the 2008 “Online Fraud Report”; from CyberSource, a major electronic payment and risk management solution provider. The trick is to wade through all of the tools to determine which ones are best for your type of sales, your type of data storage and your type of customer. These articles should give you a sense of where to start or what you might be missing.

Online merchants are one step ahead of the game if they can catch fraudsters in the act of making fraudulent credit card purchases. There are many real-time options for checking the authenticity of data entered into online order fields.


This tool runs the card information through the credit card issuer’s network. It’s a free service to merchants using real-time processing. It can check with the bank to see if the card has enough credit capacity to cover the purchase and has not otherwise been reported lost or stolen. Some advanced authorization tools, such as ones offered by Visa, will also check the number against lists of breached data. Cards that don’t pass the authorization step are declined, and the potential customer must enter another form of payment or correct any manually inputted errors. Authorization does not confirm if the person using the card is authorized to use it.

Address verification services

Numbers in addresses, such as street numbers and zip codes, can be checked as a card is authorized or with a merchant-placed phone call to the credit card company. This tool determines whether the billing address on the order form matches the address where the customer gets their credit card statements. But it’s not failsafe. The customer could have moved recently, the AVS computer could be down, the person could be traveling or stationed somewhere else or the customer could make a simple mistake.

Merchants with the best AVS acceptance spell out that the billing address must be the address where the potential customer’s credit card statement is mailed. Even so, “a sophisticated cyber thief is going to be able to pass that,” says Dan Clements of, a subscription service that catalogs stolen credit card numbers floating around the Internet. “Ninety-nine percent of the [stolen] cards that we see are accompanied by the full and valid address.”

Thieves provide the valid address for AVS approval, but request that their package be shipped somewhere else. Sure, gifts can happen. So savvy e-merchants are setting up additional safeguards for orders with different ship-to addresses. Some are charging fees for delivery signatures on different ship-to addresses. Others, like, simply won’t ship certain products, like MP3 players or other electronics items, out of the U.S. unless the billing address and shipping address are the same.

Credit card verification method

Eighty percent of merchants in CyberSource’s survey requests that customers input their card-code-verification or card-verification-method numbers. These three- or four-digit numbers can be checked during authorization to make sure it matches. Found on the back of most cards and on the front of American Express, these codes are known by different initials: CVV2 for Visa, CVC2 for MasterCard, and CID for American Express and Discover.

“;Since most fraudulent transactions result from stolen card numbers rather than the actual theft of the card, a customer that supplies this number is much more likely to be in possession of the credit card,” says Terry Jepson, a business software developer for Wisconsin-based Wisco Computing who has researched credit card fraud for the Association for Shareware Professionals. “Reports from VISA say that using AVS with CVV2 validation for card-not-present transactions can reduce chargebacks by as much as 26 percent.”

Turning on this option with your merchant account or payment gateway is “as easy for me as checking the appropriate box in the administrative functions,” says Jepson.

It’s still not failsafe: “This used to be a good tool to determine if a card was stolen or not, but we see hundreds of stolen cards each day and they all seem to have a valid [CCV] number,” Clements says. “But still run the tool to detect the ones that don’t pass.”

Jennifer D. Meacham

Jennifer D. Meacham

Bio   •   RSS Feed


Sign up for our email newsletter

  1. Legacy User April 29, 2008 Reply

    That's all? Weaksauce content.

    — *Tai Kahn*

  2. Legacy User April 30, 2008 Reply

    Ah Tai, this is just the first dozen or so paragraphs of a much longer article on the subject — with steps ranging from basic, like the ones above, to more complex, like geolocation and fraud detection technologies offered by such companies as MaxMind. The article will be running, in its entirety, in the next edition of Practical eCommerce the magazine.

    — *Jennifer D. Meacham*

  3. Legacy User April 30, 2008 Reply

    Yes, these are the basic and just the beginning of an article. Most most people (Like me) will breeze through this first article. The information provided is good information to those just starting out. I look forward to the more in-depth articles to come.

    Tips that I use are to look over the order and look for any signs that it could be fraudulent. Things like a Gmail Email account. Sent a question to the email to that address and see if you get a reply. You can simply just ask them to reply for there protection. That don't prove who they are, but now you have a legitimate piece of information that can be investigated should the order be fraudulent. Mind you that is just one little simple step to I use to check orders. Another tool I use is checking the address with Google Earth. That don't prove who they are but it's another method I use to see if the address is legit. Note: I also keep in mind that it could be a New subdivision or a brand new address that might not be recorded by Google Earth yet.

    There are many sites that let you do a reverse address look up. I have just used this because I needed to ask the customer a question to make sure they were not confused about an item because they ordered two accessory items that went to two different Models of the same product. With the reverse address look up, I was able to find the home phone number. I called it and no one answered so I left a message to make sure they were not confused and in minutes they responded to me saying "Thank you for looking out for me, I never had a store look out for me like that before" I now know this is a legit purchase. Took me about 20 minutes but I felt more comfortable about it.

    I would not advise these Phone call steps if you sell products that may not be Family friendly. you will most likely get someone upset with you.

    I know my methods may not sit well with some people. But they seem to work with me. If the billing address and the shipping address do not match. I will use what ever I can to make sure the order is legit before I charge the card.

    — *Larry Hagedorn*

  4. Legacy User April 30, 2008 Reply

    I do like Larry does and call the customer.
    I have found that most fraud orders have different bill to and ship to states. I do a reverse lookup on both addresses. If it does not make sense I get the phone number of the billing address and call it. I either get someone who says they did not place the order and they get all freaked out because someone stole their information, or I get someone who says "thanks for checking" My charge back rate is almost NIL!

    — *Dani M*

  5. Legacy User May 5, 2008 Reply

    Great tips Larry and Dani. Thank you for weighing in!

    — *Jennifer D. Meacham*

  6. shopkeeper November 25, 2008 Reply

    I perused your 3-part article with such hunger . . . The tools and resources you have so thoughtfully compiled are priceless . I have met and dealt with "stolen cards" and with this pool of resources, I will safer shipping out an order.

    Thank you for this practical and small merchant-friendly advisory on the subject. I have saved all the links to my favorite resources and I will be using them all.

    More power!

    —- Shopkeeper

  7. Cynthia Delk September 25, 2016 Reply

    Please tell me how to find out if a credit card is stolen. I have been talking to someone on line and he give me a credit card number to send money to him. I am scared that it may be stolen. I sent him $500.00 and then i sent jim $499.00. I’m scared now that i may get in trouble. He swears that it is his credit card but now im not sure. Can you please help i don’t want to get in trouble.thank you. Please contact me as soon as possible

    • Jennifer Meacham February 8, 2017 Reply

      Cynthia Delk,

      I apologize that I didn’t see your comment until now! How did things turn out? This is so unconventional that I can absolutely see why you suspected fraud. Here’s the report form for the FBI if needed: