Would this stop credit card fraud?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • NWB Guy
    Registered User
    • Mar 2012
    • 55

    #1

    Would this stop credit card fraud?

    Hi folks,

    I just want to run this method of fraud-prevention past you and get your feedback.

    My main problem with fraud is with one guy, apparently in Brazil, who uses stolen credit cards to buy videos from my websites and then uploads them to the file lockers. Almost 100% of my piracy issues and about half of my fraud is generated by this one guy.

    Here is what I would like my biller to do, in order to stop these transactions.

    Change the code in the credit card approval step of the process include an IP address check, comparing the IP address of the town/city of the credit card owner/customer with the actual IP address of whoever is buying a video/members access.

    If there is a difference of more than 200 or 300 miles, the credit card transaction would be declined.

    I don't write computer code, but this does not seem to be impossible to me. Is this doable?

    I ran this past CC Bill and was given the incredibly lame excuse that this would harm the customers who are traveling and want to make a purchase from their hotel room. I am not kidding, this was their response to my attempt to cut down on credit card fraud.

    Are there any billers who do this, because if there are, I will seriously consider swapping over to them. There is no reason to live with stolen credit cards if I don't have to.

    Thanks,

    Jeff
    www.northwestbeauties.com
  • slapass
    Too lazy to set a custom title
    • Nov 2002
    • 14625

    #2
    I would have issues as I travel a lot but otherwise it is a good idea.

    Comment

    • ottopottomouse
      She is ugly, bad luck.
      • Jan 2010
      • 13177

      #3
      my mobile usually shows up as not even in the correct country, and my home internet connection doesn't locate to within 200 miles because of where the block of IP addresses is registered to.
      ↑ see post ↑
      13101

      Comment

      • Sly
        Let's do some business!
        • Sep 2004
        • 31376

        #4
        Your guy that tries so hard to circumvent the process would simply catch on and use an IP within the XXX mile radius of the credit card holder. So it may slow him down a bit, I don't see it stopping him though.
        Vacares - Web Hosting, Domains, O365, Security & More - Paxum and BTC Accepted

        Windows VPS now available
        Great for TSS, Nifty Stats, remote work, virtual assistants, etc.
        Click here for more details.

        Comment

        • iSpyCams
          Amateur Gynecologist
          • May 2009
          • 4436

          #5
          With Netbilling you can decline sales where the card issuer country is different from the IP address.
          - As soon as I think up a good sig it's going here.

          Comment

          • adulttraffic
            Confirmed User
            • Mar 2006
            • 797

            #6
            Originally posted by NWB Guy
            Hi folks,

            I just want to run this method of fraud-prevention past you and get your feedback.

            My main problem with fraud is with one guy, apparently in Brazil, who uses stolen credit cards to buy videos from my websites and then uploads them to the file lockers. Almost 100% of my piracy issues and about half of my fraud is generated by this one guy.

            Here is what I would like my biller to do, in order to stop these transactions.

            Change the code in the credit card approval step of the process include an IP address check, comparing the IP address of the town/city of the credit card owner/customer with the actual IP address of whoever is buying a video/members access.

            If there is a difference of more than 200 or 300 miles, the credit card transaction would be declined.

            I don't write computer code, but this does not seem to be impossible to me. Is this doable?

            I ran this past CC Bill and was given the incredibly lame excuse that this would harm the customers who are traveling and want to make a purchase from their hotel room. I am not kidding, this was their response to my attempt to cut down on credit card fraud.

            Are there any billers who do this, because if there are, I will seriously consider swapping over to them. There is no reason to live with stolen credit cards if I don't have to.

            Thanks,

            Jeff
            Their gripe is legit and using ips to geo locate someone is not very accurate. Your best bet is to monitor all signups and kill off ones this guy is making.
            Respect My Authoritah!

            Comment

            • Zeiss
              Confirmed User
              • May 2012
              • 5189

              #7
              That sucks big time, Jeff. I don't know what to recommend but what you suggest (the IP thing) is not a good idea. IP is easier to get than stealing credit card data...


              Adult Webmasters Guides

              Comment

              • Adraco
                Confirmed User
                • May 2009
                • 3745

                #8
                I have internet access via an office network, and that IP shows as if I'm located in Holland no matter where in the world I connect from. So that would effectively prevent me from buying anything at all online.
                ----------------------------------------------------------------------------------
                The truth is not affected by the beliefs, or doubts, of the majority.

                Comment

                • 2MuchMark
                  Mark of 2Much.net
                  • Aug 2004
                  • 50977

                  #9
                  Hi Jeff,

                  Netbilling does this for you already. But if you're not with netbilling you can do this on your own. Sure he can use proxies but Netbilling also blocks known proxies from buying if you enable it.

                  If you can write basic code you can write a small program to filter out IP addresses you don't want, or write a program to display all of your sales along with the IP addreses. Link the IP addresses to a GeoIP location service (there are lots of free ones) and when you see the geo location fall within the range you want to block, delete his account and refund the purchase before it becomes a chargeback.

                  Comment

                  • directfiesta
                    Too lazy to set a custom title
                    • Oct 2002
                    • 30135

                    #10
                    Isn't this what MaxMind does ewhen integrated in a shopping cart ???
                    I know that Asspimple is stoopid ... As he says, it is a FACT !

                    But I can't figure out how he can breathe or type , at the same time ....

                    Comment

                    • NWB Guy
                      Registered User
                      • Mar 2012
                      • 55

                      #11
                      Thanks for all of the replies folks.

                      I did not take mobile devices into account. I have a picture in my mind of a customer sitting at his computer, but I realize the world has changed and lots of customers are using smart phones and such.

                      How about this: have the user name and password randomly generated and only available through email. That would force the thief to use an actual email address in order to log in.

                      Would it be feasible to track someone down via their email address?

                      I realize that there are some thieves who will be able to work around anything we try to do, but unless they are making tons of money, would it be worth their while?

                      I just wish that the credit card industry and billers would take a more proactive role in fighting against theft and abuse, rather than just writing it off as a loss on their income taxes. If the general public knew that efforts were at least being attempted, they might think twice.
                      www.northwestbeauties.com

                      Comment

                      • iSpyCams
                        Amateur Gynecologist
                        • May 2009
                        • 4436

                        #12
                        Originally posted by NWB Guy
                        Thanks for all of the replies folks.

                        I did not take mobile devices into account. I have a picture in my mind of a customer sitting at his computer, but I realize the world has changed and lots of customers are using smart phones and such.

                        How about this: have the user name and password randomly generated and only available through email. That would force the thief to use an actual email address in order to log in.

                        Would it be feasible to track someone down via their email address?

                        I realize that there are some thieves who will be able to work around anything we try to do, but unless they are making tons of money, would it be worth their while?

                        I just wish that the credit card industry and billers would take a more proactive role in fighting against theft and abuse, rather than just writing it off as a loss on their income taxes. If the general public knew that efforts were at least being attempted, they might think twice.
                        Yeah 5 years ago I could effectively scan for duplicate IP addresses and limit a lot of fraud that way, these days doing that gets you about 80% false positives because there are just so many people with mobile phones and a lot of those mobile carriers only have a handful of proxy servers that they route all their customer's traffic through.
                        - As soon as I think up a good sig it's going here.

                        Comment

                        • Barry-xlovecam
                          It's 42
                          • Jun 2010
                          • 18083

                          #13
                          AVS or Address Verification System
                          http://en.wikipedia.org/wiki/Address...ication_System

                          It can be rather heavy handed when used as a scrub -- the fraudster can circumvent it. However, there are ways to detect VPNs or proxies and get the user's real IP.

                          ^^ Mobile networks are an known issue
                          Last edited by Barry-xlovecam; 06-24-2013, 05:09 PM.

                          Comment

                          • DVTimes
                            xxx
                            • Jun 2003
                            • 31658

                            #14
                            The saftest way would be if you were sent a confirmation email or text (to your phone). You would have tyo confirm this before payment went through.

                            Your email or text would be registered at the time you got your card.

                            This way only the person who owns the card could make payments.
                            XXX

                            Comment

                            • adulttraffic
                              Confirmed User
                              • Mar 2006
                              • 797

                              #15
                              Originally posted by DVTimes
                              The saftest way would be if you were sent a confirmation email or text (to your phone). You would have tyo confirm this before payment went through.

                              Your email or text would be registered at the time you got your card.

                              This way only the person who owns the card could make payments.
                              Great idea!, who the fuck wants to manually approve signups all day? lol
                              Respect My Authoritah!

                              Comment

                              • spunky99
                                Confirmed User
                                • Jan 2004
                                • 3462

                                #16
                                we compare every ip to the location given when signing up, its amazing how many americans travel to ghana and nigeria and signup for our sites, they really like the big boob girls too

                                Comment

                                • Paully
                                  www.Max-Hardcore.com
                                  • Nov 2005
                                  • 1556

                                  #17
                                  I get card rejects from Zombaio for this routinely. They call it a BIN mismatch. Meaning the customers banking id number(banking branch) and his IP are too far apart. Dont know how far that is though. I think it requires a form of id or at least contact from the user to make the sale if theyre traveling.

                                  If you have your own merchant acct. check with Net Billing fo sho. I like those guys and have only heard good shit about them.

                                  Paully

                                  CCBill Affiliates Let's Make Some Monies!

                                  Paullybadboy [@] gmail.com ICQ 631384423

                                  Comment

                                  • NETbilling
                                    Confirmed User
                                    • Jan 2002
                                    • 8598

                                    #18
                                    Originally posted by NWB Guy
                                    Hi folks,

                                    I just want to run this method of fraud-prevention past you and get your feedback.

                                    My main problem with fraud is with one guy, apparently in Brazil, who uses stolen credit cards to buy videos from my websites and then uploads them to the file lockers. Almost 100% of my piracy issues and about half of my fraud is generated by this one guy.

                                    Here is what I would like my biller to do, in order to stop these transactions.

                                    Change the code in the credit card approval step of the process include an IP address check, comparing the IP address of the town/city of the credit card owner/customer with the actual IP address of whoever is buying a video/members access.

                                    If there is a difference of more than 200 or 300 miles, the credit card transaction would be declined.

                                    I don't write computer code, but this does not seem to be impossible to me. Is this doable?

                                    I ran this past CC Bill and was given the incredibly lame excuse that this would harm the customers who are traveling and want to make a purchase from their hotel room. I am not kidding, this was their response to my attempt to cut down on credit card fraud.

                                    Are there any billers who do this, because if there are, I will seriously consider swapping over to them. There is no reason to live with stolen credit cards if I don't have to.

                                    Thanks,

                                    Jeff
                                    Hi,

                                    You can easily do this in our system and have full control over almost ALL of the fraud tools (except a few secret things that we do on the backend).

                                    Please contact our sales department for a demo/walkthrough. You will be impressed.

                                    Mitch


                                    Mitch Farber
                                    CEO - NETbilling, Inc.
                                    Email / Phone: 888-357-8166 / 661-252-2456
                                    Transaction processing & 24/7 call center services with exceptional rates and flexibility, since 1998!

                                    Comment

                                    • PhoneSexKing
                                      Confirmed User
                                      • Jun 2013
                                      • 190

                                      #19
                                      The only sure way to stop credit card fraud is to stop taking credit cards.

                                      Comment

                                      • paffie
                                        Confirmed User
                                        • Mar 2013
                                        • 116

                                        #20
                                        I think CCbill's concerns are legit... About 50% of the time, I use a VPN... So, altough i'm a legit user, i might signup from london, login from toronto, but my credit card is issued in Belgium....

                                        I think it might give you a lot of negative publicity by every security freak out there (including myself)...

                                        The other concerns are legit to... Even the GeoIP database is not that accurate, it might cost you a lot of visitors.

                                        I do like your other idear: having to verify your cellphone. On the other hand, maybe it'll harm your signup ratio?

                                        you would think a credit card company would file a complaint agains this guy, and put a lot of good researchers on his case? But even then, if you use a good VPN, combine it with a good proxy (or a proxy chain), and the best researcher in the world will have troubles tracking you down :-(
                                        Last edited by paffie; 06-25-2013, 01:32 AM.
                                        Need a VPS? I use Ramnode, great uptime, friendly support and only $62/year (after their lifelong coupon) for an openVZ VPS => [email protected], 512Mb ram, 512 Mb swap, 120 Gb SSD, 1Gbps port, 2 Tb bandwith, 1 IPv4, 16 IPv6, weekly backups

                                        Comment

                                        • fuzebox
                                          making it rain
                                          • Oct 2003
                                          • 22351

                                          #21
                                          Originally posted by PhoneSexKing
                                          The only sure way to stop credit card fraud is to stop taking credit cards.
                                          So true. One of the costs of doing business.

                                          A city-specific scrub would grind your legitimate signups to a halt

                                          Comment

                                          • NETBilling-Andy
                                            Confirmed User
                                            • Aug 2002
                                            • 182

                                            #22
                                            Hi Jeff,

                                            After having worked for CCBill for over 10 years, I understand your frustration with the fraud system there. While they do have a small number of different fraud profiles, you really cannot tinker with it yourself, or have control over it at all. With NETbilling - it's just the opposite. You have complete control over the fraud settings and can customize it perfectly to fit your needs as a business owner. All the while, processing payments at a much lower cost than CCBill. I'd love to give a short demo of the fraud system to you and see what you think! If interested, shoot me a message and we'll set it up. Thanks!
                                            Andrew Kiefer Sales Account Executive / Merchant Relations
                                            (888) 357-8166 | (661) 252-2456
                                            ICQ: 685463252 | Skype: andyk9876

                                            Comment

                                            • AdultKing
                                              Raise Your Weapon
                                              • Jun 2003
                                              • 15601

                                              #23
                                              The OP should email all the details of the files downloaded and any other relevant information to [email protected]

                                              We have a fairly good database of uploaders now and may be able to slow him down a bit by having his Paypal and other payment accounts shut down.

                                              Comment

                                              • NWB Guy
                                                Registered User
                                                • Mar 2012
                                                • 55

                                                #24
                                                Well, it looks like I will check out Net Billing, although I love almost everything about CC Bill. I am just not ready to roll over and accept the situation.

                                                Update: early this morning, that guy bought 14 videos using a California address with a Virginia IP address. Those videos will be showing up on Kitty Kats and elsewhere.

                                                I understand the concerns about harming my sales up front, but piracy takes sales away as well.

                                                I do remember approving each sale individually. For a few months, maybe in 1999 or 2000, the biller's software was not compatible, so I was getting all the credit card information from the customers. That was very creepy and I moved on to another hoster and biller. Can't even remember the name, but I have not heard about them for a decade, not much of a surprise.
                                                www.northwestbeauties.com

                                                Comment

                                                • NETBilling-Andy
                                                  Confirmed User
                                                  • Aug 2002
                                                  • 182

                                                  #25
                                                  Sounds good - we're here to help. Shoot me an email at andy @ netbilling.com. Thanks!
                                                  Andrew Kiefer Sales Account Executive / Merchant Relations
                                                  (888) 357-8166 | (661) 252-2456
                                                  ICQ: 685463252 | Skype: andyk9876

                                                  Comment

                                                  • NETbilling
                                                    Confirmed User
                                                    • Jan 2002
                                                    • 8598

                                                    #26
                                                    Originally posted by NWB Guy
                                                    Well, it looks like I will check out Net Billing, although I love almost everything about CC Bill. I am just not ready to roll over and accept the situation.

                                                    Update: early this morning, that guy bought 14 videos using a California address with a Virginia IP address. Those videos will be showing up on Kitty Kats and elsewhere.

                                                    I understand the concerns about harming my sales up front, but piracy takes sales away as well.

                                                    I do remember approving each sale individually. For a few months, maybe in 1999 or 2000, the biller's software was not compatible, so I was getting all the credit card information from the customers. That was very creepy and I moved on to another hoster and biller. Can't even remember the name, but I have not heard about them for a decade, not much of a surprise.
                                                    CCbill is good but it just sounds like you are ready to take more control over your processing and I am sure you would like to save money too, correct?

                                                    Mitch


                                                    Mitch Farber
                                                    CEO - NETbilling, Inc.
                                                    Email / Phone: 888-357-8166 / 661-252-2456
                                                    Transaction processing & 24/7 call center services with exceptional rates and flexibility, since 1998!

                                                    Comment

                                                    • Harmon
                                                      ( ͡ʘ╭͜ʖ╮͡ʘ)
                                                      • Mar 2004
                                                      • 20012

                                                      #27
                                                      Originally posted by NETBilling-Andy
                                                      Hi Jeff,

                                                      After having worked for CCBill for over 10 years, I understand your frustration with the fraud system there. While they do have a small number of different fraud profiles, you really cannot tinker with it yourself, or have control over it at all. With NETbilling - it's just the opposite. You have complete control over the fraud settings and can customize it perfectly to fit your needs as a business owner. All the while, processing payments at a much lower cost than CCBill. I'd love to give a short demo of the fraud system to you and see what you think! If interested, shoot me a message and we'll set it up. Thanks!
                                                      Kind of a low blow to the competition, bro. Just sayin
                                                      [email protected]

                                                      Comment

                                                      • adultmobile
                                                        No, I am not banned
                                                        • Nov 2003
                                                        • 5345

                                                        #28
                                                        As others noted, guys travel and ISP also are localized wrongly, this coupled it means you would decline 99% of correct sales and 1% of fraud ones. Additionally, if the guy is skilled, he know how to fake the IP of correct city, so you would actually ban everyone legit who traveled, except the fraud guy.
                                                        Those IP's of him are from what ISP and cities, does it match city or no? In general only retard carders use non-isp or isp with wrong city, those I see most often use normal comcast or similar ISP from the correct city as cardholder, fine job.
                                                        I do the fraud check for cam sites, it is a little "easier" because they guy also chats and you guess who he is from behavious and slang there; also you don't get so many guys signup a cam site and spend $500 immediately, so you can monitor new signups for unlikely immediate whales. In case of yours, carder blends easier as pay once and same as everyone else... I would say if the guy is skilled with IP->city , and if cards are normal, then there's no real solution. I say cards normal.. because you can see the BIN (bank issuer) of the cards, some use neteller or virtual cards of indonesia, its' so easy to find that.. but note the banks and visa/mc are real retard because allow to write "Santa Claus" or any name and address, and the sale is approved. I had guys write John Smith's of USA approved in all billers, while card was virtual ones from islands or funny places. Visa/mc should NOT allow cards approved without check cardholder name... in ideal world.
                                                        Last edited by adultmobile; 06-25-2013, 03:18 PM.

                                                        TubeCamGirl.com

                                                        Comment

                                                        Working...