[cheeze]

I'm guessing this has been asked before, but why not just use a credit card processor that handles all of that stuff for you. Seems like they are in the business of selling Japanese candy, not preventing CC fraud.

Am I being naive here?

[bemmu]

I'd love for someone to handle all this for me, but so far I haven't found the ideal partner.

[dangrossman]

Can you name a credit card processor that handles all of that stuff for you? Neither the old-school gateways (Authorize.net/etc) nor the new SaaSy stuff (Stripe/Braintree/etc) offer even risk scoring, let alone a comprehensive solution to fraud mitigation.

[unfunco]

Stripe does offer fraud protection, based on machine learning algorithms using data from their customers.

https://stripe.com/docs/fraud

[joshmn]

Stripe's fraud protection is HILARIOUSLY bad. I'm convinced they don't care about chargebacks; in fact, to get their fee for a chargeback, they need a $500 order.

They don't eat the loss; the card network does.

[thesimon]

I'm working on a side project using Stripe and at least most comments on the internet are saying that the fraud prevention provided by Stripe is rather weak. Adding additional providers like SiftScience looks like a good idea.

Full Disclosure: Not based on first hand experience, as the project is not launched yet.

[mrweasel]

Actually of the old-school most credit card processors will sell you fraud detection. It's just very expensive, to expensive for small businesses. Normally they're just resell something like ReD Shield, or MaxMind though.

The best option is to get a PSP that will let you do selective fraud detection. Then you funnel large order and first time orders through the fraud detection, and skip it on repeat customers. Otherwise it can become an expensive service.

[fweespee_ch]

Yes.

At $DayJob we have a similar process [e.g. Accept any card that passes the checksum, hand out rejections on a 24 hour delay after we've handled our fraud signals and processed the charge with the gateway]

The credit card processors aren't particularly interested in handling this for you and you [the merchant] pay the price if you gave the processor stolen card numbers.

Services like these:

https://www.signifyd.com/pricing/ [1% per transaction]

https://www.maxmind.com/en/minfraud-services [ $0.005 ]

would have no customers if you could get a reliable partner to handle this all for you for free-ish.

[kyle6884]

Completely agree with fweespee_ch. Major CC processors such as Authorize.net, Braintree, etc. offer fraud protection measures but in our experience they do very little to prevent even a remotely-capable fraudster. Typical features offered are IP Velocity & regional IP (useless when the fraudsters spin up thousands of amazon servers), # of transactions per hour (not too helpful when your business already does hundreds/thousands of transactions a day), CVV and AVS credit-card response codes (ends up blocking more legitimate orders than fakes and the fraudsters typically already have this information anyway), etc.

[bjano]

There seems to be a huge conflict of interest here: as card processors slap you with an extra chargeback fee for the fraudulent transactions (in addition to the amount they take back anyway) it's difficult to believe that they would work very hard to help you avoid this.

[DiabloD3]

Why? They have a profit motive for you to get scammed.

[fweespee_ch]

They do, to a point, but since you are the one who bears the fee they do the amount they can cost effectively which is frankly marginally effective.

[pc86]

Is it just me or is 1% likely several orders of magnitude larger than $0.005 on a per-transaction basis? That pricing is bordering on offensive.