Support A2Billing :

provided by Star2Billing S.L.

Support A2Billing :
It is currently Tue Mar 19, 2024 8:45 am
VoIP Billing solution


All times are UTC




Post new topic Reply to topic  [ 64 posts ]  Go to page 1, 2, 3, 4, 5  Next
Author Message
 Post subject: Fraud with paypal!!
PostPosted: Wed May 27, 2009 12:12 pm 
Offline

Joined: Fri Feb 27, 2009 5:43 pm
Posts: 33
Location: Germany, Berlin
To warn you all.

We just had an very serious situation caused by the paypal system.

It seems, that some criminal individuals used some hacked paypal accounts to load credit to created accounts in my a2billings. They used faked names and addresses (i guess). But just one email address.

In total they loaded 400Euros and used about 200Euro in the next few hours. They used the web "phone-to-phone" method to call several number in lilechtenstein?!?!

Naturally the owners of the paypal accounts blocked the payment and paypal started a conflict.
So the incoming money was freezed.

So i called paypal. But they told me, that the customer will be refunded and the money for me is gone as i sell immaterial goods.

But i had significant costs as my credit at my wholesale account is down now! :-(

Finally i decided to deactivate paypal for now, because there is no possibility to avoid this situation as the paypal accounts were real and valid! And i have no chance to check if there are hacked or not.

I asked paypal for a fair solutions for both, but i really think, that they will let me alone with that!


Now i am thinking what is best to do! I guess a really important thing is to adjust a2billings to check the email address during the signup process if there is already a registred user with it (no double used email addresses).
I also will reduce credit amount for paypal to 10Euros.

AND: I guess the best thing would be to check the paypal account against the email-address of the customer. (I know that then people with a different email address then the paypal registered one can't pay, but that's worth it)

But until know i am not sure if I'm willing to give paypal a second chance!

so far....

Sebastian


Top
 Profile  
 
 Post subject: Re: Fraud with paypal!!
PostPosted: Wed May 27, 2009 12:21 pm 
Offline

Joined: Sun Mar 12, 2006 2:49 pm
Posts: 954
Location: Barcelona
What you need to do it s to be able to "veriffy" and "valid" your customer, so that they become trusted.
Request more information about them, real phonenumber, some scanned documents to prove their identity, etc...
it will be nice to see A2Billing coming with some features to make this easy, maybe an SMS system to valid phonenumber,
add scanned document in Signup, build a verify threshold to allow customer to topup to a certain amount.

Yours,
/Areski


Top
 Profile  
 
 Post subject: Re: Fraud with paypal!!
PostPosted: Wed May 27, 2009 12:45 pm 
Offline

Joined: Fri Feb 27, 2009 5:43 pm
Posts: 33
Location: Germany, Berlin
Yeah,

that's true, but also a bit tricky. The "normal" customer wants to sign up and pay as easy as possible. So scanned documents or something like that will not be accepted by most of the users, i guess.

But the SMS authentification is a good idea, but not very easy to implement. I'll spend some time to think about it.

I already thought about a deferment of the balance adjustment, so that you have some time to see if the paypal payment creates a conflict.

F***ing criminals! :hang:


Top
 Profile  
 
 Post subject: Re: Fraud with paypal!!
PostPosted: Wed May 27, 2009 10:29 pm 
Offline

Joined: Sun Feb 01, 2009 12:52 pm
Posts: 47
Location: Netherlands
Yes, the good old thief paypal

I was also hit by paypal 1 year ago, 100Euro, was new in the game,
someone paid via paypal, used my system for 1 month, when all credit was done
they raise a fraude issue by paypal,
yes i was new, i called paypal, before adding the credit to tha account, to verify the payment
they told me, it was ok to pay, even had an e-mail verifcation from them

1 month, when the fan hit the roof i was left out dry, i deducted all my funds from paypal,
with the intention on going in negative, then closing the account,
well, that was not alllowed, and before i know, i had a letter from a collection agency
1 month discussoin with them, and i stay had to pay the money back..
LESSON learnt very hard.

So what i did,
No more payments via paypal, unless the client was verified as trustworthy.
Accepted more payments from Moneybookers, as they claim that there system i so protected
they will always refund u, in the event of fraude.

However, as i look around, more and more companies are shutting the doors on paypal, not using them
and if they do, you have to first send some kind of verification of who you are.

I won't advise for no automatic transactions to paypal, as you'll always be the loser.
I'm currently working on a system, where our local banks, have their own automated online transaction payment.
I have someone, working on that to intergrate it with A2Billing, so when someone pay via that system, it will add the payment to the clients account, very much safer than paypal.

So i hope that work out, then atleast i can make my local clients happy with fast payment options


Top
 Profile  
 
 Post subject: Re: Fraud with paypal!!
PostPosted: Wed Jun 17, 2009 1:26 pm 
Offline
Moderator
User avatar

Joined: Tue Jun 06, 2006 12:14 pm
Posts: 685
Location: florida
I've never done it, but I wonder if integrating MaxMind Fraud Detection would work: (This cost only .004 / transaction, so I'd think it should be worth it)

Prevent PayPal Fraud with minFraud

MaxMind minFraud PayPal is a solution that can help detect and prevent PayPal payment fraud. While there are many different forms of PayPal fraud, in this case PayPal payment fraud refers to a form of identity theft where fraudulent orders are placed through hijacked or stolen PayPal accounts. Like stolen or cloned credit cards, hijacked PayPal accounts appear completely legitimate and like credit cards, the original account holder can issue a chargeback for unauthorized charges. Since these hijacked accounts are legitimate, they may not be caught by PayPal's internal fraud system until it is too late.

By looking at information that are passed by PayPal buyers during the transaction, the minFraud service can be used to provide online merchants with more information to base their decision. For example, if an PayPal purchase is made from an IP address that is located in countries that have a high association with online fraud or from an open proxy, the merchant may want to follow up with the buyer to confirm the order.

Key features include:

* IP geolocation checks
* Open proxy checks
* Free e-mail checks
* Carder e-mail checks

Benefits:

* Easy to integrate APIs. No software to maintain.
* Speed up manual review of applications
* Become part of the minFraud Network

Here are some steps that you can take to also take for further security:

1. Make sure the buyer has access to the e-mail address listed for the PayPal Account
2. By using the "Send Money" feature on your PayPal account, you can find out more information about the PayPal payer, by starting a payment but not completing it. First, log in to your PayPal account, then click on the "Send Money" tab. Enter the e-mail of the PayPal order you received into the Recipient's Email or Phone field. Enter one cent into the Amount field, and select Service as Category of Purchase. Click "Continue" and then click on the hyperlink to the right of the Account Status. This will open up a new window with the Seller Reputation, Account Status, Type, and Creation Date.


Top
 Profile  
 
 Post subject: Re: Fraud with paypal!!
PostPosted: Fri Aug 28, 2009 3:43 am 
Offline

Joined: Sun Aug 17, 2008 1:52 pm
Posts: 93
sschluet wrote:
To warn you all.

We just had an very serious situation caused by the paypal system.

It seems, that some criminal individuals used some hacked paypal accounts to load credit to created accounts in my a2billings. They used faked names and addresses (i guess). But just one email address.

In total they loaded 400Euros and used about 200Euro in the next few hours. They used the web "phone-to-phone" method to call several number in lilechtenstein?!?!

Naturally the owners of the paypal accounts blocked the payment and paypal started a conflict.
So the incoming money was freezed.

So i called paypal. But they told me, that the customer will be refunded and the money for me is gone as i sell immaterial goods.

But i had significant costs as my credit at my wholesale account is down now! :-(

Finally i decided to deactivate paypal for now, because there is no possibility to avoid this situation as the paypal accounts were real and valid! And i have no chance to check if there are hacked or not.

I asked paypal for a fair solutions for both, but i really think, that they will let me alone with that!


Now i am thinking what is best to do! I guess a really important thing is to adjust a2billings to check the email address during the signup process if there is already a registred user with it (no double used email addresses).
I also will reduce credit amount for paypal to 10Euros.

AND: I guess the best thing would be to check the paypal account against the email-address of the customer. (I know that then people with a different email address then the paypal registered one can't pay, but that's worth it)

But until know i am not sure if I'm willing to give paypal a second chance!

so far....

Sebastian



Dear Sebastian,

We had exactly a similar case, however to me it sounded like a person tried to either damage our company's fund or tried to send traffic to Sierra Leone telecom.

They used hacked paypal account and they also used faked email address.

I think for security reason, we must have a couple of option to avoid this.

The paypal account and the email registerred on the account must be same so we know for sure it is not just paypal hacked, also the email is verified.

- The number of call-back through web must be limited.

- We had to choose simultenaous-call enabled because single call always wend into error and a2billing was not properly detecting so the person made 70 simultenaous call.

- I wish we could limit that. and if a user uses more than X amount of credit per hour, we must receive an alert.


We have hired two php programmer to help us and I hope we can contribute back to the project.

Regards


Top
 Profile  
 
 Post subject: Re: Fraud with paypal!!
PostPosted: Fri Sep 04, 2009 3:45 am 
Offline

Joined: Sat May 10, 2008 4:19 pm
Posts: 132
Location: Wilmington, DE
Sebastian,

I hope you got that issue resolved with PayPal. They are always on the customer's side.
Different strokes for different folks. It's what makes you comfortable with your customers. I don't take any chances. The first line of defense is to create a Call Plan with no ratecards attached to it. Use it for new signups. After you verify the PayPal information against what the have in A2Billing, you can make your determination from there. You can also make a simple change to the signup process to capture the IP address that they are coming from, then run 'whois' to get detailed information on the IP address. Let the customer know that you are protecting them and the honest ones wouldn't mind if they have to wait to have full access and make calls.

There are free tools out there that you can use to block access to your server from certain geographic locations.

Note: None of the above is foolproof but it certainly helps.

Good luck and be safe.

Robin A.


Top
 Profile  
 
 Post subject: Re: Fraud with paypal!!
PostPosted: Fri Sep 04, 2009 6:37 am 
Offline

Joined: Sun Aug 17, 2008 1:52 pm
Posts: 93
RobinA wrote:
Sebastian,

I hope you got that issue resolved with PayPal. They are always on the customer's side.
Different strokes for different folks. It's what makes you comfortable with your customers. I don't take any chances. The first line of defense is to create a Call Plan with no ratecards attached to it. Use it for new signups. After you verify the PayPal information against what the have in A2Billing, you can make your determination from there. You can also make a simple change to the signup process to capture the IP address that they are coming from, then run 'whois' to get detailed information on the IP address. Let the customer know that you are protecting them and the honest ones wouldn't mind if they have to wait to have full access and make calls.

There are free tools out there that you can use to block access to your server from certain geographic locations.

Note: None of the above is foolproof but it certainly helps.

Good luck and be safe.

Robin A.


The best verification in my opinion is to verify by calling the user
and matching the email address of registered account with paypal email account.


Top
 Profile  
 
 Post subject: Re: Fraud with paypal!!
PostPosted: Fri Sep 04, 2009 4:00 pm 
Offline

Joined: Fri Jun 23, 2006 3:56 pm
Posts: 4065
Quote:
The best verification in my opinion is to verify by calling the user
and matching the email address of registered account with paypal email account.


Hi

I can see how that may cause problems, as often, perfectly legitimate customers have a different email address to their paypal address, so it's not quite the silver bullet, but getting there.

Joe


Top
 Profile  
 
 Post subject: Re: Fraud with paypal!!
PostPosted: Sun Sep 06, 2009 10:10 pm 
Offline

Joined: Mon Jun 01, 2009 11:52 am
Posts: 17
Yeah, we also got hit by some Chinese guy, he used 2.5hrs of time within 1 hour. He had up to 9 simultaneous calls.
And he was also calling Sierra Leone. And what is even stranger, he was calling consecutive phone numbers.
+23222289186
+23222289185
+23222289184
+23222289183
+23222289155
+23222289151

@hellbound, out of curiosity, are the above the same numbers called from your system by the attacker?

Pls, tell what happened with disabling simultaneous calls?

BRGDS to all.


Top
 Profile  
 
 Post subject: Re: Fraud with paypal!!
PostPosted: Mon Sep 07, 2009 2:38 am 
Offline

Joined: Sun Aug 17, 2008 1:52 pm
Posts: 93
it was to siera leone too and similar number.
I think they are trying to pass minutes to telecom siera leone,

Before I figure where the hol eis I reloaded some credit to the route
then the call came back again at 70 simultenaous call, I recorded some
and I noticed the guy mixed some chinese audio just to keep the call going.


In my opinion the guy was just trying to make many for SR's Telecom.

Regards


Top
 Profile  
 
 Post subject: Re: Fraud with paypal!!
PostPosted: Mon Sep 07, 2009 1:49 pm 
Offline
Moderator
User avatar

Joined: Tue Jun 06, 2006 12:14 pm
Posts: 685
Location: florida
Yep - that definately happens from time to time. They are in bed with the telecom carrier, and make a route with high cost, and just push as much as they can across it just to screw you over and make you pay for a fake phone call. One thing I did for this is to find out the range of numbers they were calling and then put them in my ratecard with some obnoxious price such as $50 / minute, in case they got through my other security traps.


Top
 Profile  
 
 Post subject: Re: Fraud with paypal!!
PostPosted: Mon Sep 07, 2009 2:02 pm 
Offline

Joined: Sun Aug 17, 2008 1:52 pm
Posts: 93
krzykat wrote:
Yep - that definately happens from time to time. They are in bed with the telecom carrier, and make a route with high cost, and just push as much as they can across it just to screw you over and make you pay for a fake phone call. One thing I did for this is to find out the range of numbers they were calling and then put them in my ratecard with some obnoxious price such as $50 / minute, in case they got through my other security traps.



Since many ppl had the same experience we can create a black list numbers or they range to cap or limit those numbers. Everyone here can post /add to the lost and I think everyone should be warned about this type of scam.

But no matter how I put it to track this kind of scam verifiying the signer by automatically announce a verification number. Then at least we can match the ip address location and phone line location to be in the same country or even area if it is a landline.


For the start we can cap one call through web callback.

Good luck


Top
 Profile  
 
 Post subject: Re: Fraud with paypal!!
PostPosted: Thu Sep 10, 2009 7:52 pm 
Offline

Joined: Sun Aug 17, 2008 1:52 pm
Posts: 93
We were attacked again, and we lost 500USD again.
Anyone can help us to delay paypal payments if they are not from the same email for 24 hours ?


Top
 Profile  
 
 Post subject: Re: Fraud with paypal!!
PostPosted: Sat Sep 12, 2009 6:07 pm 
Offline

Joined: Mon Oct 01, 2007 10:44 pm
Posts: 230
Location: Bovey, Devon, UK
Were these calls to SL again? If they were, why not rack the cost per minute up as someone suggested? Better yet, bar calls to that location completely on your standard plan

Sorry to hear of your loss

regards


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 64 posts ]  Go to page 1, 2, 3, 4, 5  Next
Voice Broadcast System


All times are UTC


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group