Would this stop credit card fraud?
 

Hi folks,

I just want to run this method of fraud-prevention past you and get your feedback.

My main problem with fraud is with one guy, apparently in Brazil, who uses stolen credit cards to buy videos from my websites and then uploads them to the file lockers. Almost 100% of my piracy issues and about half of my fraud is generated by this one guy.

Here is what I would like my biller to do, in order to stop these transactions.

Change the code in the credit card approval step of the process include an IP address check, comparing the IP address of the town/city of the credit card owner/customer with the actual IP address of whoever is buying a video/members access.

If there is a difference of more than 200 or 300 miles, the credit card transaction would be declined.

I don't write computer code, but this does not seem to be impossible to me. Is this doable?

I ran this past CC Bill and was given the incredibly lame excuse that this would harm the customers who are traveling and want to make a purchase from their hotel room. I am not kidding, this was their response to my attempt to cut down on credit card fraud.

Are there any billers who do this, because if there are, I will seriously consider swapping over to them. There is no reason to live with stolen credit cards if I don't have to.

Thanks,

Jeff

I would have issues as I travel a lot but otherwise it is a good idea.

my mobile usually shows up as not even in the correct country, and my home internet connection doesn't locate to within 200 miles because of where the block of IP addresses is registered to.

Your guy that tries so hard to circumvent the process would simply catch on and use an IP within the XXX mile radius of the credit card holder. So it may slow him down a bit, I don't see it stopping him though.

With Netbilling you can decline sales where the card issuer country is different from the IP address.

Their gripe is legit and using ips to geo locate someone is not very accurate. Your best bet is to monitor all signups and kill off ones this guy is making.

That sucks big time, Jeff. I don't know what to recommend but what you suggest (the IP thing) is not a good idea. IP is easier to get than stealing credit card data...

I have internet access via an office network, and that IP shows as if I'm located in Holland no matter where in the world I connect from. So that would effectively prevent me from buying anything at all online.

Hi Jeff,

Netbilling does this for you already. But if you're not with netbilling you can do this on your own. Sure he can use proxies but Netbilling also blocks known proxies from buying if you enable it.

If you can write basic code you can write a small program to filter out IP addresses you don't want, or write a program to display all of your sales along with the IP addreses. Link the IP addresses to a GeoIP location service (there are lots of free ones) and when you see the geo location fall within the range you want to block, delete his account and refund the purchase before it becomes a chargeback.

Isn't this what MaxMind does ewhen integrated in a shopping cart ???

Thanks for all of the replies folks.

I did not take mobile devices into account. I have a picture in my mind of a customer sitting at his computer, but I realize the world has changed and lots of customers are using smart phones and such.

How about this: have the user name and password randomly generated and only available through email. That would force the thief to use an actual email address in order to log in.

Would it be feasible to track someone down via their email address?

I realize that there are some thieves who will be able to work around anything we try to do, but unless they are making tons of money, would it be worth their while?

I just wish that the credit card industry and billers would take a more proactive role in fighting against theft and abuse, rather than just writing it off as a loss on their income taxes. If the general public knew that efforts were at least being attempted, they might think twice.

Yeah 5 years ago I could effectively scan for duplicate IP addresses and limit a lot of fraud that way, these days doing that gets you about 80% false positives because there are just so many people with mobile phones and a lot of those mobile carriers only have a handful of proxy servers that they route all their customer's traffic through.

The saftest way would be if you were sent a confirmation email or text (to your phone). You would have tyo confirm this before payment went through.

Your email or text would be registered at the time you got your card.

This way only the person who owns the card could make payments.

Great idea!, who the fuck wants to manually approve signups all day? lol

we compare every ip to the location given when signing up, its amazing how many americans travel to ghana and nigeria and signup for our sites, they really like the big boob girls too

I get card rejects from Zombaio for this routinely. They call it a BIN mismatch. Meaning the customers banking id number(banking branch) and his IP are too far apart. Dont know how far that is though. I think it requires a form of id or at least contact from the user to make the sale if theyre traveling.

If you have your own merchant acct. check with Net Billing fo sho. I like those guys and have only heard good shit about them.

Paully

Hi,

You can easily do this in our system and have full control over almost ALL of the fraud tools (except a few secret things that we do on the backend).

Please contact our sales department for a demo/walkthrough. You will be impressed.

Mitch

The only sure way to stop credit card fraud is to stop taking credit cards. :1orglaugh

I think CCbill's concerns are legit... About 50% of the time, I use a VPN... So, altough i'm a legit user, i might signup from london, login from toronto, but my credit card is issued in Belgium....

I think it might give you a lot of negative publicity by every security freak out there (including myself)...

The other concerns are legit to... Even the GeoIP database is not that accurate, it might cost you a lot of visitors.

I do like your other idear: having to verify your cellphone. On the other hand, maybe it'll harm your signup ratio?

you would think a credit card company would file a complaint agains this guy, and put a lot of good researchers on his case? But even then, if you use a good VPN, combine it with a good proxy (or a proxy chain), and the best researcher in the world will have troubles tracking you down :-(

So true. One of the costs of doing business.

A city-specific scrub would grind your legitimate signups to a halt :2 cents:

Hi Jeff,

After having worked for CCBill for over 10 years, I understand your frustration with the fraud system there. While they do have a small number of different fraud profiles, you really cannot tinker with it yourself, or have control over it at all. With NETbilling - it's just the opposite. You have complete control over the fraud settings and can customize it perfectly to fit your needs as a business owner. All the while, processing payments at a much lower cost than CCBill. I'd love to give a short demo of the fraud system to you and see what you think! If interested, shoot me a message and we'll set it up. Thanks!

The OP should email all the details of the files downloaded and any other relevant information to [email protected]

We have a fairly good database of uploaders now and may be able to slow him down a bit by having his Paypal and other payment accounts shut down.

Well, it looks like I will check out Net Billing, although I love almost everything about CC Bill. I am just not ready to roll over and accept the situation.

Update: early this morning, that guy bought 14 videos using a California address with a Virginia IP address. Those videos will be showing up on Kitty Kats and elsewhere.

I understand the concerns about harming my sales up front, but piracy takes sales away as well.

I do remember approving each sale individually. For a few months, maybe in 1999 or 2000, the biller's software was not compatible, so I was getting all the credit card information from the customers. That was very creepy and I moved on to another hoster and biller. Can't even remember the name, but I have not heard about them for a decade, not much of a surprise.

Sounds good - we're here to help. Shoot me an email at andy @ netbilling.com. Thanks!

CCbill is good but it just sounds like you are ready to take more control over your processing and I am sure you would like to save money too, correct?

Mitch

Kind of a low blow to the competition, bro. Just sayin

As others noted, guys travel and ISP also are localized wrongly, this coupled it means you would decline 99% of correct sales and 1% of fraud ones. Additionally, if the guy is skilled, he know how to fake the IP of correct city, so you would actually ban everyone legit who traveled, except the fraud guy.
Those IP's of him are from what ISP and cities, does it match city or no? In general only retard carders use non-isp or isp with wrong city, those I see most often use normal comcast or similar ISP from the correct city as cardholder, fine job.
I do the fraud check for cam sites, it is a little "easier" because they guy also chats and you guess who he is from behavious and slang there; also you don't get so many guys signup a cam site and spend $500 immediately, so you can monitor new signups for unlikely immediate whales. In case of yours, carder blends easier as pay once and same as everyone else... I would say if the guy is skilled with IP->city , and if cards are normal, then there's no real solution. I say cards normal.. because you can see the BIN (bank issuer) of the cards, some use neteller or virtual cards of indonesia, its' so easy to find that.. but note the banks and visa/mc are real retard because allow to write "Santa Claus" or any name and address, and the sale is approved. I had guys write John Smith's of USA approved in all billers, while card was virtual ones from islands or funny places. Visa/mc should NOT allow cards approved without check cardholder name... in ideal world.