We’ve recently been experiencing a higher incidence of fraudulent orders and/or attempted orders, and I would like to get some good advice from forum members on how best to protect ourselves?
Right now I do not have CVV required on cc payments. I would like to do so but not sure how to set up it properly? I use Authorize.net and would like to know how to set it up if anyone can help.
I also undid most of the security settings on authorize.net because orders were being declined for things like incorrect billing addresses and I felt my security settings were doing more to prevent conversions than they were protecting us from fraud. (At the time I felt the trade off wasn’t worth it and more was to be gained than to be lost.) I’d be interested in getting feedback on how best to balance this all and what solutions you all are using to protect yourselves? What is the best setting configuration to use? We do as much international business as we do domestic, average order is about $100-200, low volume. I haven’t received too many charge backs yet, but I have received a few lately and can see the potential for a nightmare and want to avoid being scammed at all costs.
Any advice is appreciated.
Super easy in cs-cart.
Just go to the administration controls.
Administration => Credit cards
There is a list of credit card types. Click on ‘edit’. Check ‘CVV2’.
Isn’t there a manual?
[url]CS-Cart Documentation — CS-Cart 4.15.x documentation
When you log into Authorize.net there is an area in the settings to enable CVV codes and for different conditions on rejecting an order based on them I believe.
Doing business online comes with risks called fraud, some reports show last year the online industry lost $2.3 Billion due to fraud. So what would you do to minimize this and I stress minimize because you can’t stop it. With your settings you got yourself wide open to get hit , you are not using CVV or billing address verifications and I think you should use both and Billing address is more important than the card code in my opinion, if somebody is using a stolen card they have the card # and the code right in front of them but not the billing address, sure you will have some decline orders because of wrong billing address but how many? Whenever I get a decline order because of wrong billing address , I call the customer and verify the information and I have been very successful converting those orders. This will be fixed in CS-Cart 2.1 according to the developers where the customer will be taken back to the checkout page to correct the problem,
The bottom line is you will have to decide whether to keep yourself wide open to fraud or tighten things up a little bit.
I feel for you losses are never good.
Hope this helps
[quote name=‘ecb1’]We’ve recently been experiencing a higher incidence of fraudulent orders and/or attempted orders, and I would like to get some good advice from forum members on how best to protect ourselves?
Right now I do not have CVV required on cc payments. I would like to do so but not sure how to set up it properly? I use Authorize.net and would like to know how to set it up if anyone can help.
I also undid most of the security settings on authorize.net because orders were being declined for things like incorrect billing addresses and I felt my security settings were doing more to prevent conversions than they were protecting us from fraud. (At the time I felt the trade off wasn’t worth it and more was to be gained than to be lost.) I’d be interested in getting feedback on how best to balance this all and what solutions you all are using to protect yourselves? What is the best setting configuration to use? We do as much international business as we do domestic, average order is about $100-200, low volume. I haven’t received too many charge backs yet, but I have received a few lately and can see the potential for a nightmare and want to avoid being scammed at all costs.
Any advice is appreciated.[/QUOTE]
You are actually fortunate that you use Authorizenet, as they do allow a very granular control over address verification. You may find it best to verify the country, state, & city, however you may want to loosen up the zipcode verification for example. And yes, it sounds like you are making a mistake by not utilizing the CVV verification for your transactions, easy enough to turn it on.
It really sounds as if you went from one extreme to the other as rather than completely turning off address verification (as well as CVV), you should consider softening the address verification somewhat.
Yes, there is AVS check.
But if you decline orders just because billing address is not an exact match, you would lose a lot of money and orders.
Address matching can give back the following:
Exact Match
Partial Match - match only zip or address
No Match
Sometimes you get system error and avs not available.
As a business, you can choose the level of risk you want to handle.
The best I saw was from cybersouce. It allow me to decline order based on a variety of options.
CVV
AVS
Country
Amount of order
So if the order was over $100, maybe you want CVV and AVS exact match. If the order is under $100, you might just want CVV match and at least a AVS partial match.