Web Marketing TODAY - Your trusted Internet marketing resource since 1995.
What's this? Contact  
Site Guides:Marketing ManagersConsultants & Designers Boosting Traffic & SalesJust Getting Started
Home
Web Marketing Today (Free)
Ads and Affiliates
Carts/Transactions
Conversion/Testing
Design/Usability
E-Commerce
E-Mail Marketing
Link Strategies
Local Marketing
Marketing Tools
Miscellaneous
New Media
Paid Search
Recommendations
SEO
Web Analytics
Boost your sales with Web Marketing Today Premium Edition
Web Marketing Today Premium
Secure Login
Subscribe now
Address Change
Speaker
Professional Speaker
Phone Consulting
About Us
Team Bios
Contact Us
Advertise Here
Press
Awards & Kudos
Site Map
Privacy Policy
Related Site
Joyful Heart
Renewal Ministries: Internet Bible studies, articles, and stories

Web Marketing Today Premium

A Case Study in Order Fraud Detection

by Dr. Ralph F. Wilson, E-Commerce Consultant
Web Commerce Today, Issue 63, October 15, 2002

I received an order a couple of weeks ago that caught my attention. I use ShopSite 6.1.1 Pro software for selling service and e-books, and now tangible products, my Doctor Ebiz Internet Marketing Seminar Videotape Learning Package (www.wilsonweb.com/seminar/video.htm). ShopSite 6.x now has several fraud-fighting tools that I appreciate.

Strange Order Pattern

The order was for a $12 e-book -- one I sell very few of because I give it away free for subscribing to Doctor Ebiz. Why would someone order an e-book they could get free? Occasionally I've had orders that buy everything I sell. I give those orders a second look, too. Anyone ordering my Videotape Learning Package is certain to be looked at carefully. Any order pattern out of the ordinary, especially made in the middle of the night, raises a red flag.

AVS and CVV2 Matches

Upon closer examination, I observed that neither the AVS or CVV2 fields matched.

AVS (Address Verification Service) works for most US and now Canadian addresses and performs two look-ups -- (1) for the numbers in the street address field, and (2) for the numbers in the ZIP/Postal address field. My payment gateway response indicated:

AVSADDR=N AVSZIP=N CVV2MATCH=N

This tells me that the person who placed the order isn't giving the billing address on file with the credit card company. If the processor returned AVSADDR=X AVSZIP=X I would suspect that the bank did not support this function. Some don't. But an N=No response indicates that either the person has moved and not changed their address -- or possesses a stolen card number without a corresponding address.

CVV2MATCH=N tells me that the 3-digit Card Verification Code is wrong. Y indicates a match. American Express cards don't return anything for this field. Since I've been asking for CVV2 the last few months, I'm relying more upon it in case of a questionable order. At least a "Y" value gives me real assurance that the physical card is in front of the purchaser.

When I saw the AVSADDR=N AVSZIP=N CVV2MATCH=N indicators, I looked farther. I called the telephone number on the order, and wasn't surprised to find there was no such number. I checked the street address in Puyallup, Washington, at http://maps.yahoo.com and found that the street address was bogus.

IP Address Tracking

ShopSite now allows me to view the IP address of the Internet Service Provider from which an order was made. The IP address in this case was 212.80.166.163. Of course, it's possible to spoof IP addresses (see my article "How Cyber Thieves Hide Their Identity and How to Spot Them," Web Commerce Today, 10/15/00, http://www.wilsonweb.com/wct4/fraud-spoof.cfm).

But I was able to track the IP address to Madrid, Spain -- a long way from Puyallup. I used the search functions of the three Regional Internet Registries (RIRs) that administer IP addresses: RIPE (Europe, www.ripe.net/perl/whois), APNIC (Asian-Pacific, www.apnic.net/search) and ARIN (No and So. America, Caribbean, Sub-Saharan Africa, www.arin.net/whois).

E-Mail Address Domain

Finally, I searched for the e-mail address using a Whois domain database (such as www.allwhois.com or www.netsol.com/cgi-bin/whois/whois) and found that the domain had been registered only two days previously to a person purporting to be Anne Sullivan in Florida, but using an e-mail address xxxx@home.ro originating from an Internet Service Provider in Bucharest, Romania, an Eastern European hot-bed of Internet fraud.

I've learned the hard way to scrutinize orders carefully. If I had passed this order through carelessly I would be out not only my merchandise, but also a chargeback fee.

Insist upon Merchant Fraud Prevention Tools

If your shopping cart program doesn't show you the AVS responses, complain to the developer. If it doesn't support CVV2 checking, complain to the developer. If it doesn't display the purchaser's IP address, complain to the developer. Then ask them to send you a free upgrade when those changes have been made. If you don't insist, the software developers may not realize that merchants need these tools to protect themselves in the wild and wooly World Wide Web.

Other articles from Web Commerce Today, Issue 63, October 15, 2002

AddThis Social Bookmark Button

Three free e-books Subscribe to our free e-mail newsletter -- Web Marketing Today®, published worldwide. Just to encourage you to take this step, I'm including three free e-books that you can download and read: The Web Marketing Checklist: 32 Ways to Promote Your Website, 12 Website Design Decisions Your Business Will Need to Make, and Making & Marketing E-Books, each worth $12 -- just for subscribing. No catch.RSS feed
First Last
E-mail
Country (2-letter abbreviation)
Preferred Format Plain text HTML

We respect your privacy and never sell or rent our subscriber lists. Subscribing will not result in more spam! I guarantee it!

 

Home | WMT Premium | WMT Free | Books | Video | Contact Us
Search | Research Room | Advertising | About Us | Consulting | Speaking

Wilson Internet Services
http://www.wilsonweb.com
PO Box 308, Rocklin, CA 95677, USA
Phone +1 (916) 652-4659 (MF 8 am-4 pm Pacific Time)

Copyright © 1995-2008 by Ralph F. Wilson, all rights reserved. Content, graphics, and HTML code are protected by US and International Copyright Laws, and may not be copied, reprinted, published, translated, hosted, or otherwise distributed by any means without explicit permission. Trademarks and terms of use.


Completely revised and updated. Purchase now!

Products & Services

Dr. Wilson's Books

  • Guide to Search Engine Optimization (2007)
  • How to Promote Your Site thru Article Marketing
  • Social Bookmarking and Marketing
  • Report on Pay Per Click (PPC) Bid Management Software
  • Research Guide to Online Niche-Finding
  • The E-Mail Marketing Handbook (2nd Edition)
  • How to Promote Your Local Business on the Internet
  • PayPal Buyers Survey 2004
  • 10 Steps to E-Business on a Shoestring
  • How to Develop a Landing Page 2005
  • The Shopping Cart Report
  • Report on Affiliate Management Software 2005
  • Optimize Your Webstore Sales
  • How to Optimize Your Landing Pages Scientifically
  • Reciprocal Linking Tools
  • Planning Your Internet Marketing Strategy See the table of contents and sample chapter.


    Dr. Wilson's Recommendations
    A/B Split-Testing Software
    Content Management Systems
    E-Commerce Tools
    E-Mailing Services/Software
    Pay Per Click (PPC) Advertising
    Search Eng. Optimiz. Tools
    Video Marketing
    SEO Services
    Web Analytics


    SiteSell
    Site Build It!