Support A2Billing :

provided by Star2Billing S.L.

Support A2Billing :
It is currently Thu Mar 28, 2024 4:35 pm
Voice Broadcast System


All times are UTC




Post new topic Reply to topic  [ 7 posts ] 
Author Message
 Post subject: Security feature request
PostPosted: Fri Nov 02, 2007 3:12 pm 
Offline

Joined: Mon May 29, 2006 7:07 pm
Posts: 287
Location: Denver
Hi i have a suggestion on how to fight payments from stolen credit cards, fake paypal accounts and other forms of fraugulent payments. Usually those individuals signup for a new account, verify their account through email link and then use fake credit card.

The idea is to manually enable payments options per account.
The default on the sign up page would be no payment options available. Once is activated customer can contact us or we can activate payment options in next 24 hours if everything looks ok ( no [email protected] type email addresses!!! ).

For this we would need an additional field for payment options - yes, no - in database.

What you guys think?
Personally i'm getting this fraud twice a week, and it's sucks dealing with paypal.


Top
 Profile  
 
 Post subject:
PostPosted: Fri Nov 02, 2007 5:44 pm 
Offline
User avatar

Joined: Mon Apr 30, 2007 6:43 am
Posts: 1060
Location: Canada
Hello Svetur,

That's not a bad solution but it will affect people with a verified Paypal account. What you can do is to only accept credit card payments through Paypal and only from verified Paypal accounts. The unverified accounts will see their payments held for 24h or 48h (I am not sure) and that will give you plenty of time to verify.

If a verified account get its username and password stolen and used in order to buy your services, that is not your responsibility and the money will be yours.

If your are accepting payment from another Credit Card payment processor (not Paypal) then the alternative could be to manually verify credit cards when they are used for the first time. Let's says that you need to verify a VISA Card, you will call them and provide the information provided by the client. They will simply answer by a Positive or Negative statement without even giving you a clue about what was wrong in the information. I know many companies here in Canada that do it that way. It's the human method, and it works.

In order to know if the credit card has been verified and used with an account in the past, you do not store the credit card number itself in your database. Instead, you will MD5 it and store the MD5 result. This way, you will not have to worry about accidentally revealing such an important information about your client.

I any way, it's just an idea.

Regards


Top
 Profile  
 
 Post subject:
PostPosted: Fri Nov 02, 2007 6:01 pm 
Offline

Joined: Mon May 29, 2006 7:07 pm
Posts: 287
Location: Denver
Hi thanks for the reply, you suggested to accept payments from verified account via paypal, but for example today - i had $10 and $20 purchase from a verified paypal source. They put the payment on hold, so i'll see what happens.

Name:
Mxxxxx Cxxxx (The sender of this payment is Verified)
Email:
[email protected]

My biggest problems are with paypal payments. Seems like paypal doesn't care much - i provide an ip address, OS, time of purchase, etc... information about those guys, but the never do anything about it.


Top
 Profile  
 
 Post subject:
PostPosted: Fri Nov 02, 2007 6:12 pm 
Offline
User avatar

Joined: Mon Apr 30, 2007 6:43 am
Posts: 1060
Location: Canada
Yes. If they are verified, you will not be liable if it is fraudulently used. I am not sure where I got that from. But double check it and let me (I will do the same). We have some clients who choose to buy for 50$ or more the same day sometimes. 5+5+5+5 ... or 20+5+10+5+5...

That does not make me any worrier.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Nov 05, 2007 6:57 pm 
Offline

Joined: Mon May 29, 2006 7:07 pm
Posts: 287
Location: Denver
Well today paypal reversed the payment - and it took those two payments $10 and $20 away from me. So looks like it doesn't matter if account is verified or not.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Nov 05, 2007 7:02 pm 
Offline
Moderator
User avatar

Joined: Thu Jun 22, 2006 2:19 pm
Posts: 2890
Location: Devon, UK
svetur wrote:
So looks like it doesn't matter if account is verified or not.
Man that sucks. Do Paypal actually do anything to justify their high charges?


Top
 Profile  
 
 Post subject:
PostPosted: Tue Nov 06, 2007 3:10 am 
Offline
User avatar

Joined: Mon Apr 30, 2007 6:43 am
Posts: 1060
Location: Canada
:shock: :o

Knowing that now, is it possible to simply verify your customers before they can you any credit card for the very first time?


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 
Hosted Voice Broadcast


All times are UTC


Who is online

Users browsing this forum: No registered users and 8 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group