Tips for avoiding scams, refunds, and chargebacks?

[AFemaleProdigy]

We had a customer place 14 orders over a 48 hour period, spending around $500 on our Prestashop website. Initially there were no red flags, but then we noticed he had used "hi" and "hi" for first and last name. He did put an address in and used and EDU email address for the account though so we didn't think much more of it. Each time he ordered he said he really liked our service. So we were happy to have him.

 

Today, we got notification that he disputed all 14 orders with PayPal claiming that they were unauthorized charges to his account. We are happy that Prestashop logged his ip address which helps our case. Of course, we kept record of all communication. But the dispute is in review and funds are on hold. We sell intangible items too. The lady at PayPal said there were too many red flags on the buyers end and that we will probably win, but who knows with PayPal. They can be unpredictable.

 

So my question to you is do you have any suggestions for avoiding future scams, refunds, and chargebacks of that nature? Also, is there a way to ban users by ip address without having to buy a 3rd party module?

 

Thanks,

 

Jessica Bolin

Motion City Media

[tomerg3]

It is very hard to detect fraud, especially with paypal.

I think the best you can do is try to match the IP address to the country / state the customer enters as their billing address (A proper IP location detection is not going to be free, nor will developing this feature), and even that may not be 100% accurate, as good hackers can mask their IP address.

 

You can block an IP by adding the following to your .htaccess file.

 

<Files 403.shtml>
order allow,deny
allow from all
</Files>

deny from 111.222.333.444

[shacker]

in your hosting control panel, maybe you have a ip deny option to add a ip, or a ip range.

For intangible products, and orders for more than 200dls, y not validate the order before the client contact to me, becouase is strange that someone expend these amount. I put the order as valid only if the client send to me an scanned ID.

This take more time, but avoid these type of problems.

But sometimes these sales are at 4AM!!!, andmaybe i cant check and decline the order.

[AFemaleProdigy]

Thanks for the info!

 

~ Jessica Bolin

Motion City Media

[Dh42]

I personally think validation is a poor method of detection. As I am still waiting for my order from prestashop to be validated... Depending on what kind of site you have you can try writing something that will allow so many orders a day from an account.

[AFemaleProdigy]

It is so difficult to avoid scams. We have been ripped off for over $700 this month. Partly because of PayPal's terrible chargeback practices. We have to constantly review customer information and have really locked down on anything we think is even remotely suspicious. We get a lot of people signing up with blatantly fake information. We have resorted to immediate ip banning. Our terms and service state that any fake account information will get the immediately banned.

 

I am trying to make the most of ip banning and am adding the bad ones to the htaccess file. However, some ip addresses do not show up at all and some customer ip addresses change every time they visit. So it is a bit frustrating. I found out that mobile device ip addresses constantly change. So that makes it difficult.

[Dh42]

How are you getting scammed? What is your shop address?

[AFemaleProdigy]

Well, we keep getting people placing orders on our website and then disputing the charges by claiming someone made the purchases with their PayPal account without their knowledge. Paypal has refunded the money in every case.

Edited June 22, 2016 by AFemaleProdigy (see edit history)

[Dh42]

Hmm. Have you been able to find a pattern in the ip address's? If would try these things if I were you. Ban China, Vietnam, and most African nations ip ranges. Then I would start banning known tor exit nodes. You could extend the bans to other countries that cannot normally afford your goods also.

 

Leaving paypal might be a good idea also. You should try authorize.net, although I do not know off hand what their policy is on high risk merchants.

[tomerg3]

Unfortunately, you would have to accept some fraud / chargeback, regardless on what payment gateway you use.

 

There are way to reduce the risk, but when you don't have the physical card, a customer will always be able to claim "fraud" (which is all too common).

 

We have tried all the "automatic" ways to try and detect suspicious activity, but that still comes too short (as many hackers sell CC info with full address), and people that abuse it can use IP masking tools.

 

We have (on our site) started manually verifying each FIRST TIME purchase (downloadable items) before we allow the customer to download the software.

While it can inconvenience customers a bit, they seem to understand, and it has dramatically reduced the fraud on our site.

 

Until Credit card companies come up with a proper solution to verify online transactions, we the merchants are left out to dry

[CartExpert.net]

Hi.

 

Fraud is always a big issue. Our Group uses Maxmind which has been of great benefit especially for our domain company. The results have been very impressive and combined with our own contry blocking has resulted in nil fraud.

 

This is the link http://www.maxmind.com/app/ccv_overview

 

Regards.

 

Robin.

 

The CartExpert Team

[jhnstcks]

Hmm. Have you been able to find a pattern in the ip address's? If would try these things if I were you. Ban China, Vietnam, and most African nations ip ranges. Then I would start banning known tor exit nodes. You could extend the bans to other countries that cannot normally afford your goods also.

 

Easier to use the geolocation tool that comes with Prestashop.

[Dh42]

The geolaction tool will not catch TOR exit nodes. They come from all over with a lot of them being based in the euro-zone. You wouldn't want to ban that range of ip addresses, it would not be good for business. For the countries it would work, but at the same time you can do an ip ban that sends them to a page and tells them why. I like Tomer's idea of holding the accounts until they are cleared also. To be honest when I bought my first module with them, I did not even notice, so apparently he works fast on it too.

[Troy]

Paypal is crap when it comes to digital items. I always call the phone number that the buyer give on Paypal. If its disconnected or it is the wrong number, I reimburse them right away.

[AFemaleProdigy]

This has definitely been quite the learning process. Our whole transaction & delivery process and terms of service have morphed into something entirely more complicated than when we started.

We have decided to start calling the phone numbers as well for people making multiple or large purchases.

We were also told by PayPal today that all we have to do is send a delivery receipt with delivery confirmation to the address listed on the PayPal account in order to be covered for intangible items. I am going to try it and see if it really helps. I am not holding my breath on that though.

So far, I can't ban the countries with the issues because they are Germany, Europe, Australia, and US. And we are discovering that they are primarily children causing the problems! We just had a problem today. Here is a recap...

---
We had someone spend over $200 in a month, which is high considering average purchases are about $15 per order per customer. The last order was for $75 so we decided to call before delivering. The first time I called, I found out the customer was a child. So I waited and called back later and got his mom on the phone. I started to say who I was. She said “I am not interested. Thanks.” And hung up on me. She thought I was selling something. So I immediately called back and got voicemail. I left a message explaining that Steve had purchased items from our website and we needed to confirm that he had guardian permission. She called me right back, completely shocked, and had no idea her son was buying things on the Internet. She asked how he was paying for it and I said PayPal. She didn’t even know what PayPal is. She was extremely upset. So I tell her that I could refund the order that we put on hold, but that the previous 4 orders he made had already been delivered to him and could not be refunded. She seemed thankful. So a couple hours later, American Express and PayPal put a hold on the funds from all of the transactions paid from Steve. My partner calls the mother back and says that her son has basically stolen from us and that we would have to pursue legal action. She started crying hysterically, saying that her son charged up over $1,500 on her American Express and completely depleted the funds in one of her checking accounts, making purchases online. She said, “but he is only 10!” Michael said “so that means you are liable.” She sobbed “oh no, am I going to jail??” So then we find ourselves with a moral dilemma, feeling bad for the mother, wondering if she's being honest, and needing to protect ourselves. Of course, we know PayPal will probably just give the money back to them as per usual.

Preventing these types of things is definitely a battle.

Edited June 22, 2016 by AFemaleProdigy (see edit history)

[AFemaleProdigy]

Oh, and does anyone know why the ip address is sometimes blank for some customers? Nothing shows up. Particularly with this child's account that we are having trouble with so I cannot ban him by ip.

[tomerg3]

You have accept some % of chargebacks, I believe the average is about 1%

 

Even if you call each person to verify, you will still end up with an occasional chargeback.

[Troy]

For me, if I get an order from a first time buyer whose purchase is more than 100 euro, then I'll ask him to pay via WU and we spilt the transfer cost. Better to make less profit than to lose all in a chargeback + more.

[SuperCharlie]

This is a tough one since you have a digital sales store and people will want immediate access. My first thought was to only accept check or money order on first order, but that would probably knee-cap you. Here is another thought to kick around.. instead of money order or check, maybe make it so the first order they have to paypal **SEND** you the money.. not like a checkout, but like go to their paypal account and do the send money thing. It would seem this wouldnt be as easy to say hay.. I didnt mean to do this, or this wasnt what I wanted as it would for a blind purchase. Afterwards, you can set them up as registered and let them buy afterwards regularly. You could have a 12 or so hour turnaround on the first purchase this way in the worst case and if youre up, it would be almost immediate.

 

Good luck

SC

 

::edit::

 

Here is a little more info on the send money thing from PayPal..

Here

 

Can I cancel a payment that I've already sent?

 

 

You can cancel only unclaimed payments. If the payment is complete, you can contact the person who received the payment and request a refund.

 

To cancel an unclaimed payment:

1. Log in to your PayPal account.
   
2. Click History.
   
3. Click Cancel under Order Status/Actions.
   
4. Click Cancel Payment next to the unclaimed payment.
   

Note:

• A payment is automatically cancelled if the recipient doesn’t accept it within 30 days.
  
• If you paid with a credit card, it can take up to 30 days for a refund to appear on your card statement.
  

 

So basically once a payment is Sent (from the buyer, like send me $20 Im broke) and Accepted It cant be reversed unless the receiver of the money chooses to do so.

Edited August 31, 2012 by SuperCharlie (see edit history)