[ohthanks]

I periodically deal with recurring fraud from what seems to be a pretty organized network.

- Orders are placed with stolen credentials with correct billing info that matches AVS.

- Shipto address are located near billing info, typically in the same state/metro area.

- They are often rural addresses, trailer parks, what appear to be rent houses that may be empty.

- Phone number provided has correct area code and rings a call center that has stolen billing info available and will confirm billing address order details verbally.

- Ip is geolocated at/near the billing info area via a proxy.

- Email addresses are often setup on custom domains.

We catch them, but only because they don't vary the pattern much and we know what to look for. I don't know how fraud tools would be able to effectively filter in these cases without a lot of false positives.

[move-on-by]

As someone who uses a custom domain email address, this makes me sad

[ohthanks]

I didn't mean that a custom domain is an indicator. Just that they go to the trouble to register throwaways for this use and it isn't limited to just free email services.

[greggarious]

>I didn't mean that a custom domain is an indicator. Just that they go to the trouble to register throwaways for this use and it isn't limited to just free email services.

Yeah, I'd assume someone with a firstname@lastname.com email and a web presence is probably an indicator it's legit rather than fraud :)

[skookumchuck]

Nothing says you can't have more than one email address. Set up another one on a non-custom domain, and use that for the CC.

[blackice]

Another easy & free thing you can use is proxy detection, sites like https://getipintel.net would beneficial in preventing fraud.

[chipperyman573]

FWIW this website is 82% certain that my IP (university) is a VPN/Proxy/Bad IP.

[blackice]

The website says to only look at really high values ( more than 0.99 ) and everything below 0.90 is "low risk".

[Symbiote]

It's 94% certain the VPN endpoint IP my work VPN (only 25 people, university IP) is a VPN/proxy/bad.

That's correct, but not at all correlated with us being likely to commit fraud.

It's 79% certain the office LAN NAT gateway IP is a VPN/proxy/bad.

My work desktop's static IP gets 23%, so that's something.

My home IP gets 60%.

(Is this thing just connected to a random number generator?)

[slivanes]

A lot of students have buyer remorse when they realize the money they just spent online could have been used more wisely. Unfortunately, when a network has a small percent of bad actors, the network as a whole is punished.

[sloxy]

I'm guessing it's more so that there's a lot of traffic coming from that IP that it was flagged as a proxy.

[Theodores]

I wonder what you have to do to become a target for such a network? I have not seen such behaviour online myself, in fact scam problems have been minimal and only once have I seen a gross picture in the customer service tickets. This was probably deserved though...

At order time I create a Google Map of the delivery address and this shows on checkout success. It also shows in the admin side with a live Google Map. If Google can get the address right then the postman probably can is the thinking.

This reduces delivery problems immensely as anything that cannot be shown on a map goes on automatic hold.

Money wasted on delivering the wrong products to people, e.g. after they have managed to cancel their order, plus the costs of back room accounting/customer service is a far bigger cost than fraud.

In your experience did you have savings to be made in your operation in shipping/customer service, to optimise that before tightening up on fraud prevention?

Or do you sell expensive items in a low-ish volume where a single fraud wipes out all of your profits rather than just cost $20 or so?

[corbin]

The credit card payment gateway we use has an AVS that proved to miss a sizable amount of fraud, and also identify some legitimate transactions as fraudulent.

We ended up disabling the AVS system and implementing our own internal system which has been nearly perfect - but we still lose a number of legitimate customers who are unable to pass the automated verification.

[jimktrains2]

Avs was never meant to be an end all be all for fraud. Also, if you don't send address data you're getting worse rates.

[rwmj]

Do you report these to the police? It seems as if the "rent houses" could provide a pretty easy connection back to the criminals.

[256cats]

You could use https://ip-api.io to detect proxies/tor/etc

[slivanes]

You could use a service that detects if a phone number is prepaid or voip.

[davidkellis]

I've been bitten by this before as a customer. I tried signing up for FastMail and was unable to create an account because their signup page required I supply a non-voip phone number. My phone carrier - Republic Wireless - is a voip-only carrier. Google Voice is also voip-only. At least, that's how their phone number check reported my phone numbers.

[slivanes]

Unfortunately those carriers are also heavily used by fraudsters.

[techsupporter]

Which is hilarious because fraudsters can trivially acquire many "legitimate" mobile phone numbers by acquiring prepaid phones and there are entire forums (two on Reddit I know of off the top of my head) where people make a few pennies receiving and then sending the verification codes back to the scammer. I actually do a variant of this and keep a couple of crappy Android phones activated on two Sprint MVNOs that I can use as "throwaway" numbers for a service that demands a "real" mobile number for SMS. I have zero desire to give my actual mobile phone number to anyone except friends and family.

Meanwhile, people who are simply trying to get flexible--or, in the case of someone using a Google Voice number on a Google account with 2FA and a strong password, a more secure phone number than T-Mobile could provide--communications are needlessly punished.

[dylz]

Google Fi is not heavily used by fraudsters, but can't be differentiated against GV.

[driverdan]

Only in combination with other negative signals. Plenty of honest people use those. For example, I have use a prepaid phone and a VOIP number. I have no other phone numbers.