[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Chargebacks and credit card frauds



Ummm.... have you ever heard of a botnet?

Steven Anders wrote:
> Hi everyone,
>
>   I work as an engineer at an online company that sells online 
> subscription service for online tool. We accept orders online using 
> credit cards numbers and we use Authorize.net to process credit card 
> payments.
>  
> Our standard operating procedure for online orders are: normal checks 
> are check for billing address and IP address ,  - we make sure the 
> billing address is a match and the IP address geo location is good 
> (meaning, it is pretty close to the billing city or state). We use a 
> service called MaxMind and we check to make sure that the IP address 
> geo location is in proximity to the billing address. From our 
> experience, another big red flag is if the IP is from a proxy server, 
> or from web hosting company (could be SSH tunnelling), or outside USA 
> ( Russia, Estonia, China, etc ) 
>
>  If these checks throw a red flag, we will call the person to confirm 
> the order. With this process, we pretty much has very low fraud rate. 
>
>   Lately, in past couple months, we've been receiving a lot of orders 
> that bypass all these checks without any glitch. The AVS (Address 
> verification service pass) checks for the billing addresses and the IP 
> addresses are good (in proximity to the billing address). The IP 
> addresses are near the billing addresses (for example: billing address 
> is Chicago, IL and the IP address is
> Evanston, IL - a couple miles from Chicago).
>
> Only a few weeks later, we have an influx of chargebacks and phone 
> calls from the original owners of the credit cards, since these people 
> never ordered it - and they are all fraudulent orders.  The only 
> similar patterns in all these orders is that:
>   1)  they use free email accounts (from Yahoo , Hotmail, etc) .
>   2) All the IPs are from ISPs such as Sbcglobal, Comcast, Cox 
> Communications, etc .
>
>   My big question is: I know there are all kinds of ways people could 
> obtain stolen credit card numbers, and their billing addresses, and so 
> forth.
>
>  But. I was wondering:
>
> 1. how do they place the orders using all the legit IPs - since all 
> the IPs are from Sbcglobal  , Cox communications,  and all the other 
> major ISPs near the billing addresses.  Could it be that they actually 
> took control of the PCs and then steal the credit card, and then place 
> the order remotely from the controlled PC?   
>
> 2. Any insights on how these fraudsters obtain the stolen credit card 
> numbers?
>
> I am now tasked with improving our backend checks to make sure we 
> don't have any more fraudulent order, and would appreciate any pointer 
> or insights into this matter. Any theories, insights, or information 
> would be very useful.
>
> Thank you all for your time in advance.
> steve
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/