!! ((Telecom Fraud))
——- Forwarded message follows ——-
Date sent: Mon, 15 Nov 2004 16:23:37 -0600
Subject: Re: [Asterisk-biz] Starting a Calling Card Business $1000
From: Wael Manasra <[email protected]>
To: Rehan Ahmed <[email protected]>
Hi Rehan,
Thanks. Sure, I’m always open to cooperation. I am sure we can help
each other out. I’d like to talk to you about Asterisk – I don’t know
how ‘ready for primetime’ it is and whether it can meet some specific
needs I have…maybe you can help me answer such questions? Are you
located in the US and would you mind providing me your contact info?
We use Card Services International and Humboldt Merchant Services for
the merchant accounts and Verisign Payflow pro and USAePay for the
credit card gateways. We keep two of each for backups/redundancy and
also for business reasons. (Accounts can be closed, gateways can be
hit with denial-or-service attacks, they have large reserve deposit
requirements so you can switch around based on cash-flow needs, etc.)
Chargebacks are always a problem. There is a great deal of fraud out
there. If you implement the following, you will be able to reduce
chargebacks to below 1% of sales:
First the easy ones:
1) AVS/CVV check of course
2) try to automatically void suspicious transactions. Being proactive
keeps the chargebacks from happening hopefully.
3) list a toll-free number along with your company name on your
merchant account. When consumers notice weird transactions, they may
call you before they call their bank. Credit the charge and you will
save yourself the chargeback fine.
4) add an excessively large purchase option, such as $200 for example.
New customers that automatically choose this should undergo human
review. It is probably a fraudster. Then you have their credit card
number and can block future transactions on smaller amounts if they
try to get around your system.
5) check IP addresses, block purchases from outside of your safety
area.
If you have the resources, I would also implement the following – it
has worked wonders for us:
6) Check the inbound callerID or all new accounts against an internal
fraud bin of "bad" origination numbers. Calls that originate from
PC-to-phone services or VOIP gateways should be blocked pending human
review. We consider those to be ‘bad’ places. Calls originating from
places where you don’t originate are also bad – for example people
calling your 800 number from overseas…this is obviously not
economical so something fishy is going on. You will see patterns of
inbound fraud. Use these patterns to build a set of rules to block out
areas, activities, and behaviors. Accounts that don’t meet your
criteria should be voided to avoid chargeback. Also, to reduce your
fraud costs, you should block outbound calls to high-risk
destinations…you need to be able to block on a card by card. Group A
cannot call to high-risk, group B can call anywhere. All new customers
are in Group A until further review. If customers complain, you can
unblock and tell them there was a problem and now it is fixed.
Proactively cancel ‘sketchy’ looking accounts. Set up your systems to
track and store the inbound numbers off your CDRs for those ‘bad’
accounts; over time you will build a strong black list that will help
you to identify chargeback-likely accounts.
7) Always change your tactics. Fraudulent accounts shouldn’t always be
treated the same or they will learn to beat your system. Sometimes we
switch prompts to Spanish or Vietnamese just to confuse them.
Sometimes we route their outbound call back to their inbound number to
create a loop. Sometimes we route directly to the FBI to scare the
heck out of them. Sometimes we just let their calls through but cut
them off after a few minutes. This is to build a larger dataset of
inbound fraud sources.
8) Consider implementing Verified by Visa. It will protect you from
various chargeback codes.
Hope that helps!
Regards,
Wael