Support A2Billing :

provided by Star2Billing S.L.

Support A2Billing :
It is currently Fri Jun 23, 2017 1:45 am
Voice Broadcast System


All times are UTC




Post new topic Reply to topic  [ 25 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: How to stop Fraud
PostPosted: Sun Oct 15, 2006 5:09 pm 
Offline
Moderator
User avatar

Joined: Tue Jun 06, 2006 12:14 pm
Posts: 685
Location: florida
Hey - I got people that I KNOW are using stolen credit cards to buy money onto my A2B system via PayPal. PayPal processes it, but then a few days later - I will get a chargeback.

Anyone encounter this? And what's a good way to stop it ??


Top
 Profile  
 
 Post subject:
PostPosted: Mon Oct 16, 2006 4:03 am 
Offline

Joined: Mon May 29, 2006 7:07 pm
Posts: 287
Location: Denver
Hi, i'm running into this too - i don't think there is a way to avoid it. I look at users - name, address and etc and if it looks stange - i keep an eye on it - basically i check my new clients every day.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Oct 16, 2006 4:51 am 
Offline
Moderator
User avatar

Joined: Tue Jun 06, 2006 12:14 pm
Posts: 685
Location: florida
If you know its the same person doing it a lot (I've found someone that I know is same person because of where they call - under different names) - can you find out their IP and Block them ?


Top
 Profile  
 
 Post subject:
PostPosted: Mon Dec 11, 2006 9:19 pm 
Offline
Moderator
User avatar

Joined: Tue Jun 06, 2006 12:14 pm
Posts: 685
Location: florida
Well, I just had someone try to buy time with a stolen paypal identity.
I figure at least we can all share IP's that we should block. Here's the IP address of the fraud account. maybe we keep an ongoing list to help each other out.

IP Address Geo IP resolution
===========================
81.10.123.108 Souhag, EGYPT


Top
 Profile  
 
 Post subject:
PostPosted: Thu Dec 28, 2006 8:08 pm 
Offline

Joined: Sat Apr 15, 2006 2:26 pm
Posts: 87
Location: Germany
krzykat wrote:
Well, I just had someone try to buy time with a stolen paypal identity.
I figure at least we can all share IP's that we should block. Here's the IP address of the fraud account. maybe we keep an ongoing list to help each other out.

IP Address Geo IP resolution
===========================
81.10.123.108 Souhag, EGYPT

It may be a coincidence but I had also problem with fraudulent Paypal payments that were used for Egypt phone calls.
I'd suggest you not to accept payments from unverified Paypal accounts.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Dec 28, 2006 8:20 pm 
Offline
Moderator
User avatar

Joined: Tue Jun 06, 2006 12:14 pm
Posts: 685
Location: florida
Toor, even verified will not help you. If they steal the login info of a user that is verified, you are still in the same boat. I'm still trying to figure out the best method, but I'm thinking a method whereby their IP is verified against the phone number they give you as to country origin. And then even calling that number with a digit verfication that is displayed on their monitor. I found a company that does this that could probaby be integrated or duplicated. Check out http://www.maxmind.com/app/ccv_overview and tell me what you think.


Top
 Profile  
 
 Post subject: Any updates on this subject
PostPosted: Mon Mar 26, 2007 4:57 pm 
Offline

Joined: Tue Nov 21, 2006 2:45 pm
Posts: 25
Hi All,
have there been any thoughts/progress om this since the last post?

Regards


Top
 Profile  
 
 Post subject:
PostPosted: Mon Mar 26, 2007 9:44 pm 
Offline

Joined: Thu Oct 19, 2006 9:56 am
Posts: 300
Location: Athens, Greece
Hmm.. I'm not familiar with the PayPal business, but what if you put a buffer period between the payment and the actual use of the deposit?
I mean, collect the payment and then wait for 5 days until the payment is usable, say. That is, for first-timers, of course..
I know that that would be annoying to customers, but it's fraud we 're trying to avoid..


Top
 Profile  
 
 Post subject:
PostPosted: Sat Jun 02, 2007 1:23 pm 
Offline

Joined: Tue Mar 27, 2007 5:23 am
Posts: 93
- Look at the numbers that frauder called.
- Setup a rate card with the exact number he tried to call.
- set the selling rate to $60000/minute
- setup a little cron job that will check if any new cards tried to call that number. IF SO, set email to yourself and flag the account.

Basically the next time he tries to call the client, he will not have the credit to call the number anymore.

This is the only way I can see how you can stop the fraud right now until someone develops the Blacklist feature which should do the following:

- Add full numbers into blacklist.

- Add a Blacklist button in the list customers section with 2 levels of confirmation to ensure that you can't accidentally set a legit client's account into blacklist mode. If client's account is manually blacklisted, have option to automatically check all the called numbers and add the called numbers into the blacklist.

- Before checking the ratecard routes, check to see if number is blacklisted.

- If the new card is active < 30 days, then the blacklist will go into effect.

- If number is blacklisted, set customer card number into standby mode.

- Inform the client that "the account is currently pending payment verification. Please try back in 5-10 days. If you need immediate access, please contact us at 1-xxx-xxx-xxxx and have your credit card, credit card statement and 2 pieces of Id ready for faxing to us."

- Have a tracking report for blacklisted disabled card numbers. This will be easier to pick out all the fraudulent numbers and to determine the percentage of fraudulent accounts.


Did I miss anything?


Top
 Profile  
 
 Post subject:
PostPosted: Sat Jun 02, 2007 3:56 pm 
Offline
Moderator
User avatar

Joined: Tue Jun 06, 2006 12:14 pm
Posts: 685
Location: florida
Won't work. You're making a BIG assumption that the person that steals the paypal account is using it personally. That's not the case. They use it for callshop so every time it will be a different number called.

I think the way to do it is to #1 be able to block certain IP's from using the system.

#2 implement a buffer / check period for the first deposit made on an account.


Top
 Profile  
 
 Post subject:
PostPosted: Sat Jun 02, 2007 5:09 pm 
Offline

Joined: Tue Mar 27, 2007 5:23 am
Posts: 93
Another way of doing it is limit all calls to only 1-2 minutes per call for x amount of days.

However, what you can do is what happened to me.
Turn off Paypal from Automatically confirming each order. This way, when you confirm their orders, only then will your clients have access.

More manual maintenance but in the end you got no chargebacks and lost revenue.


Top
 Profile  
 
 Post subject:
PostPosted: Sat Jun 02, 2007 6:00 pm 
Offline
Moderator
User avatar

Joined: Tue Jun 06, 2006 12:14 pm
Posts: 685
Location: florida
That is a much better plan of attack.

I have also thought to do some verification using their supplied phone number. The attackers always seem to use the phone number that truly belongs to the credit card or account they are stealing. So by calling that phone number and getting a verbal verification should work. If it did, I would think later you could make this an IVR automated system method.


Top
 Profile  
 
 Post subject:
PostPosted: Sat Jun 02, 2007 7:02 pm 
Offline
User avatar

Joined: Mon Apr 30, 2007 6:43 am
Posts: 1060
Location: Canada
If you make it an IVR feature, the thief will enter the stolen informations. I know that a company that I deal with on a regular basis (Tiger Direct) will call you at the specified number and confirm that you are aware of that purchase, then, they call the credit card company to double check eveything (including the phone number and address). This only happens the first time a credit card is used with a new or existing account.


Top
 Profile  
 
 Post subject:
PostPosted: Sat Jun 02, 2007 9:01 pm 
Offline

Joined: Tue Mar 27, 2007 5:23 am
Posts: 93
So then create a IVR that will do the following:

- Call the customer back at the phone number that he specified to verify if he authorized the transaction.
- After confirmation, auto call your credit card processor for AVS verification and phone number verifier.
- make it automated so that the CC processor needs to only confirm or deny the process.

However, I wonder if there is an over the Net verifier that can verify phone numbers on a CC account.

Added after 49 minutes:

Just realized, this is with Paypal so we never get to see the person's credit card info. Therefore it would not work.

Added after 1 minutes:

krzykat wrote:
That is a much better plan of attack.

I have also thought to do some verification using their supplied phone number. The attackers always seem to use the phone number that truly belongs to the credit card or account they are stealing. So by calling that phone number and getting a verbal verification should work. If it did, I would think later you could make this an IVR automated system method.


One thing is that you should be able to "FORCE" to use your VoIP trunk provider and not use ENUM. Since ENUM can be created for a number that is not registered.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Jul 10, 2007 2:03 pm 
Offline
User avatar

Joined: Sun Mar 19, 2006 3:13 pm
Posts: 123
Location: English Indiana, USA
Very interesting discussion here..

For US WIDE calling (as I don’t have figures for other countries) unless you doing more than 200,000 or more calls per month (maybe even more) you will find calls going to a number made by fake or fraudulent sign ups will have a high % of not being made to that same number by legitimate customers. Dont take my word for it. Instead look at CDRs Dont forget even Call shops have clients that make calls repeatedly to same numbers.

I simple ran a query to find which number were being called by only fake sign-ups accounts and blocked those numbers for 6 months as well as their incoming CID. For individuals not reselling the service this completely solved the problem accept in few cases where the fraudulent user was calling popular adult voice chat numbers that my legitimate customers were also calling. Blocking their CID and a few others CIDs I assume either belonged to their friends or some inbred family member, finally did get rid of them.
For blocking fraudulent users running card-shops (is something I have no experience with at this time) my suggestion would be to find the numbers that are mainly called by a non paying or fraudulent user and black-list those. This can do a lot of damage to a resellers business assuming he isn’t using some fail over technique. He would start losing customers if his service suddenly becomes too unreliable and would start looking to find someone else to scam.

Y o u will find it’s not always wise to quickly take the shortest route in getting fraudulent users off your server. If you quickly block that account all together it’s something the fraudulent users is probably expecting and prepared for and likely already have a failover route inplace. He morelikely then not just use another stolen credit card or paypal account and sign back up. By taking whatever necessary steps to make his service unreliable without affecting your other customers is by far in my humble opinion the way to go. If done right you can hurt his business more then he’s hurting you.

Allowing customers to automatically sign up and be approved makes your service much better for all and I feel stopping this because of a few bad fraudulent users is senseless in many cases. Look at your cdrs and find the calls your fraudulent user is making. I bet most of you will find a high percent of these calls are only made by said user. (IN the USA I know this to be so) Assuming you cant program yourself spend some extra money and get a programmer to add something that will put a lot of static on those calls or instead route those calls to sexual adult oriented advertisements. You might even get paid for this. This way if fraudulent users has a nice failover system it would be completely rendered useless. Instead of blocking CIDs or IPs just give really bad service to that CID or IP if possible or route those calls to adds providing the cost for that part of the world isn’t too high.

Make that user hate your service so bad he wouldn’t even use it if you paid him to.
I know this all cost money but in the last 10 years I accumulated more thn $75,000 in unpaid accounts. Switching to prepaid in the last year and half has greatly helped. Had I had the proper software this amount would be much less.

Before anyone decides to claim my advice won’t work internationally I’ll admit ahead of time I only provide service in the US at the moment and have no experience providing services to other countries and make no claim this will work outside of the US.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 25 posts ]  Go to page 1, 2  Next
Voice Broadcast System


All times are UTC


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group