BlogSmall business, Marketing, Promotion and Web Design

There are hundreds of accounts of fraudsters using various scam methods for credit card stealing, making fraudulent purchases or selling goods that never arrive at their intended destination. So much so that small businesses were literally forced to incorporate those fraud transactions into cost of doing their business online. Here are a few tips that should help a small business sustain some of the most often tried transactions – purchase with fraudulent credit cards. Some small businesses have this reason alone to choose more expensive credit card processor, like PayPal,  in order to not to deal with fraud themselves, potentially loosing thousands of dollars in revenue. These simple steps may help recover that money given that small business processes credit cards through its own merchant account.

1. Verify shipping vs. billing address. Some web sites even refuse to ship to an address that is different from billing, but that is really up to the business owner. If you sell something that could potentially be a gift, so that one relative can order it for another – pass it on, but if you sell something that people mostly order for themselves, like gadgets or novelties, then shipping address way off from billing might suggest something fishy.

2. Ask yourself – does the order make sense? If you are selling expensive merchandise that people are most likely to buy once in a while – would the order for five items make sense? Call the billing phone number to verify the purchase – it will cost you 2 minutes, but potentially can save you hundreds of dollars.

3. Have the payment cleared yet? Institute shipping and handling policies that will cover your bases while you wait for payment to clear. Sometimes it may take a day or two for payment to go through all the hoops of your payment system, be patient and wait out the whole thing. It may bounce off for a number of reasons, first of which is stolen credit card.

4. Verify the IP address‘s geographic location vs. both shipping and billing. It sounds a bit nerdy at first, but any online shopping cart can be tweaked to display originating IP address along with the order information. The task is to see if the IP address belongs to the same region as the two addresses. An order originating from Eastern Europe’s IP address that has billing address in Connecticut and shipping destination in California is hardly legit. In some cases you won’t be able to tell if the IP address is or is not located where the billing or shipping addresses are, in these cases just move on to #5.

5. Never hesitate to call the bank that have issued credit card. Have your clients enter the 800 number on the back of the credit card along with their billing information. In any doubt – call the bank and have them verify that name, billing and shipping addresses are legit. Some banks even have that option on their initial menu.

There’s been a nasty bug prowling the ‘Net of late, and it works by using a site’s own Search Engine Optimization (SEO) practices against it. Ars takes a look at the iFRAME injection campaign and the organization behind it. As Ars Technica points out:

The launchpad for these various malware campaigns is our old friend, the Russian Business Network. According to Danchev, earlier reports of the network’s demise have been greatly exaggerated. Faced with dwindling functionality thanks to security policies that prevented traffic from reaching IP addresses associated with the RBN, the company divided itself, sought new service providers, and is back in business. Many of the codec downloads and false website fronts active in the above attacks trace directly back to RBN addresses.

Interesting view on this twist from a Ars’ forum discussion:

I was 18 when the Berlin wall fell. States colonized by the former USSR were freed and democracy was put in place. I hoped for a better future for Russia. Since then, they have turned authoritarian, abused nations around them, threatened the world with missiles that can penetrate defense systems, poisioned and shot dissidents, and allowed a large organized crime sector to operate.I know my response isn’t technical, nor even helpful, but I couldn’t help but express my sadness over all this. When you see a great threat removed, especially as a teenager, you hope for the best, but I guess we aren’t going to see much good news from Russia for a long time.

It is, indeed, sad that instead of business partnership some Russian companies are trying to establish themselves as a highway robbery corporations.

After numerous confirmations of scam-like business practices, Network Solution is now looking into implementing a feature that will allow users to “lock” domain for 4 days, instead of doing this for them automatically. Ironically, this feature look just awfully familiar – just like “domain tasting”. With difference being that now anyone can lock the domain without even providing their contact info. Don’t even need to set up various fake registrars to grab and drop domains for tasting, just keep searching for it.

Another bad trick here is that since domain name would appear registered – there is a very good chance squatters may snipe it right the moment it will be released. And it is already very well known what it means. Some of my clients paid pretty large sums for their trademarked name – just to get it faster then through the lawsuit.

Interesting facts:

• In 2000 Network Solutions was purchased by Verisign for $21 billion.
• In 2007 they were purchased for $800 million.

My take? If you have domain names at Network Solutions – move them to someone not so dangerous. GoDaddy, Moniker or NameCheap (we use all three of them) look much better.