AICC has received a number of complaints from US citizens who believe Indonesian purchasers using stolen or phony credit cards have defrauded them. Unfortunately, major credit card companies list Indonesia as the #1 or #2 country for credit card fraud. The items being purchased are often laptop computers and other luxury goods. If you are a small web-based entrepreneur, please take care to design your system to guard against fraud from overseas buyers where you will have very little legal recourse. Furthermore, AICC does not recommend wire transferring 50% of funds for goods ordered from a seller with whom there has been no prior business relationship established. A better practice, but costlier, would be to open (at least for the first shipment) an irrevocable letter of credit.
1.) Educate yourself on fraudulent activity by reading this page and any other references you may find. Diligently check your orders and alert your personnel to be observant to suspicious situations.
2.) Use the Address Verification System (AVS) if your merchant account supports it (USA credit cards only). AVS will return an address match or mismatch. Be sure the digits in the street address and the digits in the zip code match the billing address of the cardholder. If a mismatch is returned, exercise caution and sound judgement.
3.) Add a message to the cart display that you are “fraud smart”, and pursue fraudulent orders to the full extent of the law. A message as simple as “We screen diligently for credit card fraud ” may be enough to cut fraud attempts in half.
4.) Do not accept international credit card orders over $250 without completing ALL investigative steps below. Do not accept large dollar amount credit card orders under any circumstances. Telephone domestic buyers who order over $250.
5.) Be careful of REMAILING SERVICES! There are places in the USA which will remail packages to overseas destinations. Here is an address actually used in a fraud: 7801 N.W. 37th STREET Suite 179AX9CO in Miami at zip 33166. See the “Suite 179AX9CO”? That’s an account number, which in that case goes to an address in Columbia (which we inferred from the order IP address). Tip #8 below would have caught this fraud.
6.) Be careful of Hotel addresses. A good trick to catch those is to search Google for the numeric street address, street name, and zip. Most lodging addresses are on the web these days, so you can find these.
7.) For international or large orders– Ask for photocopies of both sides of the credit card. This will deter many fraudulent buyers who have stolen only the card strip data (“skimming”). Do not ship automatically- wait for funds to clear into your account.
8.) Use the HTTP_USER_AGENT and REMOTE_ADDR code on order forms. This line works with most form handlers such as FormMail, cgiemail and others. The exact syntax varies with the form handler, but it provides information on the computer used to send the order, including the IP address. The IP address can then be traced to it’s owner – usually an ISP. You can then contact the ISP System Administrator and inform them of the illegal activity. Members are provided an automated way to do this. Check the documentation for your particular form handler or cgi script for implementation of this input field.