A few months of testing and the verdict is in: MaxMind minFraud flags more transactions made with stolen credit cards as high risk than my own fraud scoring code. minFraud does a lot I can’t: Checking the bank BIN location against the billing address, the location of the customer’s phone number against the billing address or if the IP address is a known proxy; if the username or e-mail address are in its database of high risk accounts; if the e-mail has been reported by other users as high risk.
The last one is really amazing — they must have built up quite a large user base considering I’ve gotten many notifications of transactions I ran through minFraud later reported as fraudulent by other users. This weekend I updated my risk scoring code to remove ineffectual checks and weigh the minFraud score as the most important component in the overall score. I now outright deny credit card transactions that are flagged with the highest MinFraud score.
Brendon Kozlowski
June 25th, 2007
I suppose that’s another way to help reduce the cost of your service and get some more income on your project. I had completely forgotten about your problem with fraudulent purchases. Glad to see you found a more reliable solution!
oliver
June 25th, 2007
Sounds interesting, I have done some work in advertising and have found clickreport.com to find fraud clickers.
I spoke to the director of business, he’s a nice guy, he’ll help you out if you need support to find fraudsters for your websites click popinads.info.
Dan
June 25th, 2007
My losses due to credit card fraud may match my entire PPC ad spend for the year, and will definitely dwarf any losses from PPC click fraud. It’s factored into my pricing at this point, but it sure doesn’t help anything. Worst is the voice mail - like Thursday last week - “You have one hour to return my call about this charge I found on my statement before I file a police report and talk to my lawyer”. I called her back two hours later to tell her I had already voided the charge the night before and the preauth would disappear; she hadn’t gone to anyone, not even called her bank to report the card stolen.
oliver
June 25th, 2007
You appear to be struggling in a sense that you’re trying to fight a one man battle against credit card fraud.
Maybe you need to hire another developer to work specifically in that area. Hell, I’d work for free to get a chance to work with you. I have experience in ‘defrauding’ if you will.
Dan
June 25th, 2007
It’s a battle alright.. a war almost. If I had no fraud detection in place and accepted every order placed with a valid credit card and billing address on my sites, I’d be out over $100,000 so far this year. Fortunately for me, less than 10% of those transactions actually made it past me.
I plan to simply incrementally improve my screening as I’ve done the past 3 years until something forces me to do otherwise. If, say, my processor were to have an issue with my chargeback rate, or if I got hit by a big enough scam to lose a lot of money, I’d have to lock it all down. I’d probably end up with an off-site payment page to integrate Verified by Visa and MasterCard Secure Card, as well as automated phone screening of every order. If I were to go that far, my conversion rate would surely drop, but I’d have 100% protection against chargebacks due to fraud.
My real ambition is to grow my service properties to the point I don’t rely on the advertising sales sites as much. Some day I’ll likely sell that part of the business. A company that can dedicate an employee to screening orders would probably be best… it’s very profitable aside from the risk issues.
oliver
June 26th, 2007
Well you just have to keep trudging along, developing new ideas and techniques. You won’t ever win the war. Also don’t get down on yourself about people getting past your fraud detection system. You should consider messing around with them, maybe send them a congratulations email because they have to be damn good to get past you.
Just keep going, oh and I’d like a email back about reselling the visitor boost traffic please.
Dan
June 26th, 2007
I’ll make it through the rest of the weekend’s mail tonight after work, but I have a habit of skipping mails that aren’t from customers and not remembering to go back to them. The short answer: There is no type of reseller program right now, just the affiliate program. Resellers were more trouble than it was worth.
I know, I’m a horrible person. I suck at customer service for these sites. I especially dread dealing with customers on the phone. I don’t like being unprepared, and I just can’t answer some of the questions about the advertising since I don’t own the ad network actually serving the ads. I love when customers mail me about W3Counter, PicVault and WebsiteGoodies. I built them from scratch, I love them, and I’m happy to help people use them.
oliver
June 26th, 2007
Right, yeah sorry, I won’t be a pain in the ass or anything, bunging you with loads of queries(like I am doing now), I’d just like to know how do you resell it if that makes any sense? I’ll work on the fraud side of things also and if I come up with something good; I’ll let you know.
I won’t call either.