8.8. Protecting Your Site from Fraud

Problem

You need to prevent fraudulent transactions from being accepted by your online store.

Solution

Take these steps, both preventative and proactive, to avoid the deceptive schemes that can inflict financial disaster on your web business:

  • Validate and authorize the credit card numbers from your customers in real time.

  • Enable the security features that your bank or authorizing authority provides, such as address (AVS) and card verification number (CVN or card verification value) checking.

  • Report suspicious activity to your bank and/or authorizing authority as soon as possible.

  • Refuse to do business with customers in countries known to be hotbeds of corruption and fraud (check the list referenced in the "See Also" section of this Recipe), and be careful of any overseas order.

  • Ban visitors who appear to be attempting to make fraudulent transactions by blocking their IP address from connecting to your web server.

  • Contact suspected fraudsters with a cease and desist letter or email, assuming they give you a valid address.

  • Don't ship merchandise until payment is confirmed.

You might also consider these more extreme measures:

  • Refuse orders where the billing and shipping address do not match.

  • Refuse orders to be shipped to non-physical addresses, such as post office boxes.

  • Refuse orders from customers using a free email account, such as Hotmail or Yahoo!.

  • Confirm large orders by phone and/or request faxed copies of the credit card and customer signature.

Bear in ...

Get Web Site Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.