19
Apr 18
Do payment gateways or shopping cart providers really care about credit card fraud?
In the weeks since I reopend checkout on our website I have seen several very clear attempts at screening stolen credit cards using checkout on our website.
The first occurred on 4/06/2018 with about 8,600 attempts to charge different credit cards. All the attempts were generated from 3 orders with similar fake email addresses and incomplete shipping addresses. One credit card charge actually went through and I canceled the order before it was shipped.
The next night on 4/07/2018 there were about 3,5000 attempts to charge different cards. All generated from 2 attempted orders and this time all the transactions were denied.
There continued to be more attempts, but a order processing rule I setup through an addon our shopping cart provider (3dcart) offers called FraudWatch was able to reject these attempts before credit card processing. However there were still thousands of attempts, all from one or two orders coming from the same IP address and fake email addresses.
Last night there was another group (screen shot below) of 3,584 attempts that made it through the FraudWatch rule, but were all declined by the payment gateway (Chase Paymentech).
The reason I am writing this post is that I find it surprising the shopping cart, 3dcart, does not seem to have anything built in to prevent this type of blatant credit card screening or to at least minimize it. 3dcart is literally allowing several thousand credit card attempts, one after the other, typically 2-3 seconds apart from the same IP address and for the exact same order.
The credit card gateway, Chase Paymentech, does not seem to do much better either, allowing the same website to make thousands upon thousands declined credit card attempts one after another only seconds apart.
I am thankful most of the orders are being declined. Around 5 years ago we had a similar situation that resulted in hundreds of approved orders that had to be manually canceled and voided.