Announcement

Collapse
No announcement yet.

Preventing "carding"?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Preventing "carding"?

    Our store has recently been targeted by someone who is "carding" (e.g., making purchases to test stolen credit card numbers). We have a PayPal WPP merchant account, and they have suggested numerous options for preventing this including:​
    • Only allowing purchases by account holders - not guests
    • Using Catcha
    • Velocity checks
    • Address verification systems (AVS)
    • And various other options

    I'd appreciate input as to what would be the most effective. I'm assuming that these would mostly be implemented through the merchant API, but I'm definitely out of my area of expertise here. My store was built in an earlier version of Miva, and I have not really done enough with Miva 9 to know what its feature set might be in this regard.

    Thanks!
    JAY
    Minneapolis, MN

    MacBook Pro
    Mac OS 10.11.4
    CS3 - DreamWeaver 9
    FMStudio API for PHP

    #2
    Check out the new security features in 9.53 (Under Payment | Settings) most of what you want is there.
    Bruce Golub
    Phosphor Media - "Your Success is our Business"

    Improve Your Customer Service | Get MORE Customers | Edit CSS/Javascript/HTML Easily | Make Your Site Faster | Get Indexed by Google | Free Modules | Follow Us on Facebook
    phosphormedia.com

    Comment


      #3
      Here are the docs on those new features: http://docs.miva.com/docs/credit-card-fraud-tools

      Comment


        #4
        Thanks, guys! That looks like just what I need. Now I guess I need to figure out how to install updates in Miva 9...
        JAY
        Minneapolis, MN

        MacBook Pro
        Mac OS 10.11.4
        CS3 - DreamWeaver 9
        FMStudio API for PHP

        Comment


          #5
          yea, another reminder on why one should ALWAYS be current and not just 'wait til its needed' :)
          Bruce Golub
          Phosphor Media - "Your Success is our Business"

          Improve Your Customer Service | Get MORE Customers | Edit CSS/Javascript/HTML Easily | Make Your Site Faster | Get Indexed by Google | Free Modules | Follow Us on Facebook
          phosphormedia.com

          Comment


            #6
            For sure. Having a store on auto-pilot is definitely not the best idea. Not a choice I made, just the hand that has been dealt me... Hopefully, I'll be able to be more attentive to it before too long. Thanks.
            JAY
            Minneapolis, MN

            MacBook Pro
            Mac OS 10.11.4
            CS3 - DreamWeaver 9
            FMStudio API for PHP

            Comment


              #7
              PayPal also offers those as a value added service until you have update to 9.53. You can find them under the Tools Tab > Fraud Settings
              http://www.alphabetsigns.com/

              Comment


                #8
                Originally posted by alphabet View Post
                PayPal also offers those as a value added service until you have update to 9.53. You can find them under the Tools Tab > Fraud Settings
                Yes, but part of what you want to do is prevent folks from USING your site as a card checker. The Merchant tools are not meant to replace Gateway Tools, just keep you from running up huge transaction charges for verification attempts. Let me repeat (for everyone else just skimming this, and not you :) )

                You SHOULD be using the Merchant supplied Payment Processing Rules AND tighten up verification settings in your gateway.
                Bruce Golub
                Phosphor Media - "Your Success is our Business"

                Improve Your Customer Service | Get MORE Customers | Edit CSS/Javascript/HTML Easily | Make Your Site Faster | Get Indexed by Google | Free Modules | Follow Us on Facebook
                phosphormedia.com

                Comment


                  #9
                  Understood. Thanks.

                  While installing the 9.53 update, I got a warning that the new Miva digital downloads module/feature is going to break the eMedia Softgoods module that I'm using, so I'll be starting another thread to ask about the process of switching over.

                  Thanks again!
                  JAY
                  Minneapolis, MN

                  MacBook Pro
                  Mac OS 10.11.4
                  CS3 - DreamWeaver 9
                  FMStudio API for PHP

                  Comment


                    #10
                    I highly recommend using the Miva Carding Feature using the "Authorization Blacklist: Set to AUTOMATIC" not manual. We over the weekend had a clients site attempted with 17 fraud orders. Stop them before an order gets in the queue to be batched.
                    Jon

                    Viscott Limited
                    www.viscott.com

                    Comment


                      #11
                      We had this happening at our store as well and had to set up the capcha on every order, which finally stopped it. They had ran through like 7000 cards in only a second or two. We had 7 fraudulent orders come through but nothing was ever shipped as they were all from a fake shipping address in Florida. We credited the cards back, as instructed by PayPal.

                      Comment


                        #12
                        We just had a series of fraud attempts that the Miva Authorization Failures page helped us catch. What is surprising is that there were 5 consecutive attempts to process one order (#52442 @$221.53); two came from one IP address (36.85.23.227 in Indonesia) and three came from a different address (95.174.8.100 in Italy). I didn't realize it was possible to change IP addresses while checking out. Maybe as long as you use the same computer with the same cookies, but change ISPs? Those failed attempts were all after a successful order from the Indonesian IP, that we have now rejected.

                        Comment


                          #13
                          You can use hacker tools to spoof your IP on every order attempt (which is one of the reasons simple IP blocking isn't super helpful by itself).
                          Thanks,

                          Rick Wilson
                          CEO
                          Miva, Inc.
                          [email protected]
                          https://www.miva.com

                          Comment

                          Working...
                          X