Important Notice from AspDotNetStorefront
It is with dismay that we report that we have been forced, through the action of hackers, to shut off write-access to this forum. We are keen to leave the wealth of material available to you for research. We have opened a new forum from which our community of users can seek help, support and advice from us and from each other. To post a new question to our community, please visit: http://forums.vortx.com
Results 1 to 7 of 7

Thread: fraudulent order got through - card name doesn't match Billing Address name

  1. #1
    jhoskinson is offline Member
    Join Date
    Feb 2009
    Location
    Los Angeles, CA
    Posts
    36

    Default fraudulent order got through - card name doesn't match Billing Address name

    A customer somehow was able to checkout using another person's credit card. Not the usual thing we see where they also use that person's billing address. In this case the Billing Address and Shipping Address matched completely (in this case a person in Russia) but the "Card Name" listed for the Amex is a completely different name. How could this happen? His account only has the Russian name & address in the address book.

    anyone have any ideas on how to combat this?

  2. #2
    webopius is offline Senior Member
    Join Date
    Nov 2008
    Location
    London, UK
    Posts
    440

    Default

    Which payment gateway are you using and what aspdnsf version?

  3. #3
    jhoskinson is offline Member
    Join Date
    Feb 2009
    Location
    Los Angeles, CA
    Posts
    36

    Default

    Quote Originally Posted by webopius View Post
    Which payment gateway are you using and what aspdnsf version?
    Authorize.net | AspDotNetStorefront ML 8.0.1.2

    Worth noting, the information sent back to ADNSF from Authorize.net with the approval had the Billing Address Name and email. But ADNSF is showing a different name as the "Name on Card". How does that field get populated?
    Does that information also come from Authorize.net?

  4. #4
    jhoskinson is offline Member
    Join Date
    Feb 2009
    Location
    Los Angeles, CA
    Posts
    36

    Default one other thing worth noting

    According to Authorize.net, they are unaware of any credit card issuers or processors who check to see if the Billing Address name matches the name on the actual account. No wonder cc fraud is so prevalent. Anyone else have any insight into this?

  5. #5
    Ellerbesmith is offline Junior Member
    Join Date
    May 2013
    Posts
    12

    Default

    I guess i think the same way..

  6. #6
    hha is offline Junior Member
    Join Date
    Aug 2011
    Posts
    11

    Default

    I had similar issue, two different names and addresses, authorize.net...had to force refund and cancel the order, the purchase was local (within the US).

  7. #7
    rpoage is offline Junior Member
    Join Date
    Nov 2008
    Location
    Ct PA
    Posts
    11

    Default

    Something wrong here. We use Authorize.net and have for many years.

    Here is a copy of the virtual terminal. The numeritical portion of the street address and the zip code are checked.


    Address Verification Service (AVS) Settings Help
    The Address Verification Service (AVS) is a tool designed by bankcard processors to assist in identifying potentially fraudulent credit card transactions. For every credit card authorization, AVS compares the billing address and ZIP code provided by the customer to the address and ZIP code on file at the card issuing bank. AVS then returns a response code indicating the results of the comparison.

    In the section below, you can choose which transactions to reject, based on the response codes, by checking the box next to each code. The payment gateway will reject transactions based on your selection. The recommended AVS response code selections are B, E, R, G, U, S, and N.

    General AVS Responses
    Reject
    B Transaction was submitted without a billing address.
    E AVS data provided is invalid or AVS is not allowed for the card type that was used.
    R The AVS system was unavailable at the time of processing.
    G The card issuing bank is of non-U.S. origin and does not support AVS.
    U The address information for the cardholder is unavailable.
    S The U.S. card issuing bank does not support AVS.
    Address and ZIP Code Responses
    Reject Street Address ZIP Code Extended ZIP
    N No Match No Match No Match
    A Matched No Match No Match
    Z No Match Matched No Match
    W No Match Matched Matched
    Y Matched Matched No Match

    Tips
    The N response code indicates there is no match on both the street address and ZIP code. An N response code is typically a strong indicator of fraud. However, it may be legitimate if a customer has recently moved and has not updated their address to the issuing bank.
    To avoid errors when accepting gift cards (stored-value cards with a Visa, MasterCard, Discover or American Express logo), you will want to uncheck the U response code. For this type of transaction, the customer's billing address will most likely not be associated with the gift card, or will not be on file at the issuing bank.
    Not all banks outside the United States will return codes G, U and S. Therefore, these codes are not absolutely effective for preventing transactions from outside the United States.
    In most cases, Y is a desired response code and should be left unchecked. You should only set Y to reject if you need to be certain that both the street address and full 9- digit ZIP code match exactly. Selecting this response is likely to block legitimate transactions.
    Only one AVS response will return for each transaction. For example, a transaction cannot receive both an A (ZIP code mismatch) and a G (non- U.S. card issuing bank) response.
    IMPORTANT: Please be aware that AVS is not intended for use as an absolute protection against suspicious transaction activity. With so many possible reasons as to why an address and ZIP code may not match, you should carefully consider your business's level of risk when configuring your AVS mismatch rejection settings.
    Robert Poage
    Ashford Hobby.

    www.ashfordhobby.com
    robert@ashfordhobby.com