cancel
Showing results for 
Search instead for 
Did you mean: 

Credit card fraud issues

Credit card fraud issues

I'm running Magento 1.9.0.1 and over the last month have started seeing a large amount of credit card fraud. It looks as if the offenders are using a script to test large amounts of cards on my shopping cart (running a new card number every few seconds) until they find a card that works. Then, presumably, they go and use that card other places. I've never actually shipped anything to these people and have caught all the transactions, but my credit card processor is saying that all this fraud is an increased risk to them and if it keeps happening they will have to close my account. One suggestion they have is to add a captcha to the checkout page which would prevent them from running all the transactions with a script as they would have to enter the captcha by hand. However, I can't find anyway to implement such a thing as it's not native and I haven't seen any extensions which will do that. Does anybody have any thoughts? Have any of you had these same issues?
2 REPLIES 2

Re: Credit card fraud issues

What are the carding attempts your receiving like? Do they appear to know all of the information (name, address, cc#, expiration, cvv2)? Does your implementation use AVS?

 

If, for example, you are using Authorize.net they have velocity filters which allow you to limit the number of credit card attempts per IP/hour. Check with your processor to see if you can set a limit per ip.

 

A captcha wouldn't be a bad idea IF you only made it appear after 4+ miskeys.

Chris / Placement Edge

Re: Credit card fraud issues

The name and address that they are using are the same for every card so, those are not accurate. The CC#, expiration and cvv2 appear to be good. Yes, I'm using the Auth.net fraud detection suite which are catching almost all of the transactions, the problem is, the processor still has to run an authorization on the transactions which is still a few and they're saying they don't like the risk. I have the transactional ip velocity filter set to 10 transactions  per hour. I suppose I could lower that.

 

I wish there was a way I could block the script or something, but that's a little above my level of knowledge. I still like the idea of a captcha triggering after 3 or 4 bad attempts, but I'm not aware of any such thing existing. This is really frustrating especially because I want to fix the problem, but I have no way to do so. :-(