Online Verification against Fraud/Scam

From Bottom to Top
My personal advice will be to build up a scoring system to your online business. It’s not done overnight but can be done by time; either manual or automatic, according to how big your business.

Each of the items I put on the list here, give you a negative point about the order. But again it’s all about experience, quite definitely depends upon your online business and industry you work. For every single item I am telling more, and how to get it done.

Overseas Purchases

Doing overseas business may seem to be advantageous; some good or services may be unavailable locally, so you may hit a rapid demand. But the principle drawback in overseas sales is the fact, you aren’t protected from your own judicial system for an order done from another company. It will be hard to force anyone to pay some $1, 000, via laws.

Some countries have much higher risks than others. Here’s a listing of countries you must add an indicate your own fraud system. They all have abnormally higher cases of credit card scams:

Indonesia
Ghana
Malaysia
Nigeria
Benin
Pakistan
Israel
Egypt
Romania
Russia

You will find other Eastern Europe that suffer from the same problem.

Bulk Requests
An order of 75 pair of shoes must alert you. Fraudsters will try to order equally, in order that they will turn these products into profit bulk. Remember to investigate multiple orders given in a short time; total of 75 pairs of boots in one day by 30 seperate orders (to same shipping address or from same ip) is yet another alert and stage to your own fraud monitoring system. The main difficulty is the capability to distinguish last minute orders in high season, here your encounter works

Different Details

Customers usually use different addresses for shipping and billing. A Fraudster may also the actual same, and even more. An order of any valuable item to many mailbox, must catch your attention. (+1 on your fraud scoring system)

So you must validate and correlate shipping and billing addresses and information (Address Line, City, State, Country, Zip Code, Phone):

An address can be checked itself as:

Address may be validated from some web services. For USA orders USPS apis can offer you more information if this address is valid or not. Google Maps or Yahoo Maps provide similar information.
There are databases for Zip Code to Area Code and visa verso. Within a given zip code area code in the phone numbers are known before (except mobile numbers)
Internet protocol address to Country and in many cases City Check. When order is done, it’s done over a well known IP (If it’s done over a proxy address you can totally discard the order, no requirement to go further). There are numerous solutions that map an IP to Country and City level in address. So the for IP Address umschlüsselung will help

Shipping and Billing Address could be checked for:

Country check. It’s very low probable to in an attempt to another country from another country.

Fraud Prevention Outline

As online business, you are open to fraud. In all honesty, there is absolutely no 100% mechanism to stop scam. But there are a few tips to minimize the scam:

  • Some countries have much higher risks than others when conducting business overseas. Watch the orders from overseas countries
  • Watch bulk requests. Criminals will commonly order in bulk
  • Watch orders with different delivery and billing address
  • Track and watch the customer’s ip.
  • Check customer’s geolocation of the ip to billing and shipping address
  • Watch orders finished with free e-mails
  • Compare BIN code of the credit-based card to billing address
  • AVS (Address Confirmation Systems) helps you correlate credit card with billing/shipping address
  • Call the client (That’s where onverify. com stands, will the automatic calling)
  • Compare contact number with addresses. Although mobile statistics are non-geographical volumes, fixed line volumes convert to geographic information
  • Keep a history of good or bad orders.
  • Build a fraudulence rating system with all above information and previous requests (good or bad)

Phone Verification

Security Is More Than Just Two Factor Authentication

This text will explain what security is, why it is important and how it can be used in various business environments. In the following article we will discuss the concept of security in cyberspace and how it is related to mobile phone security.

Security is very important in an organization and has been for a long time. In fact, security was not always associated with the idea of IT in its modern form. As a matter of fact, security was originally more a matter of physical security and keeping people safe and not just technology. This was because people were not in the habit of using electronic equipment and were always looking for security when they were out in public.

The traditional ways of securing an organisation from external threats were physical in nature, namely building a fence around the perimeter of the building and keeping watch on the people who came in and out. The perimeter of the building was the only form of real security, even though there were other things that were considered to be forms of security including locks and different forms of locks. However, as the world of information began to develop at a faster pace, the need for security grew as well and this resulted in the development of mobile phones, which were devices that made it easy for people to share access.

It is now possible to set up two-factor authentication and this is not simply to have a password that is written down but actually involves codes sent through SMS. Two-factor authentication is an effective method of securing communications and the two-factor authentication code is sent through SMS to the user on their mobile phone.

When a person uses two-factor authentication, they use the two-factor authentication code sent by the SMS from the service provider. The two factor authentication code does not have to be sent physically as there are various protocols that allow SMS to be sent by way of push or pull and the two-factor authentication is only sent when a service provider sends one of these protocols.

For example, when you use two-factor authentication, the mobile phone can only be accessed by persons that are part of your trusted network and this can be changed by software updates and so on. The first message sent by the service provider will contain the code and if the user enters this code in the SMS to get into the network and then they receive another message containing the code, the phone will lock and the user will not be able to access the phone. With this type of system, you have a system that is completely secure and it is impossible for the user to access the phone.

Two-factor authentication is the ideal way of ensuring that users do not access a phone that has been previously been accessed and to ensure that their mobile phone is not being accessed without them knowing about it. However, the problem is that some people may be able to enter the user’s data and pin number but there is no way to get past the two-factor authentication code sent by the service provider so they cannot use the phone.

There are a number of factors that should be considered when it comes to sending messages and securing a person’s cell phone. These include providing messages that are written by the same device as the phone, a phone that has the same security as the phone and another device that are the same as the phone so that there is only one way in which the user can access the data on the phone. This ensures that if the user gets a message saying that they are on a known network and they do not, they cannot use the phone.

Phone Verification Plugin for WordPress Updated

Phone Verification Plugin by OnVerify is updated with the following features:

No change on WordPress codes.

The plugin works with standard wordpress hooks, so there is no need a change on the base code. The plugin can be enabled/used at registration, login, new comments, lost password setction. We also added Woocommerce support. You can use the plugin at checkout, login or lost password sections of Woocommerce.

 

The demo is moved to wordpress.onverify.com. More information is available at onverify.com. You can set a free account at onverify to get full code, instructions and test environment.

 

 

Prestashop Phone Verification module updated

Immediate update available for Prestashop:

  • 1.6.x compatibility
  • Verification at account creation
  • Verification on Login (OTP)
  • Verification on Checkout

The demo is available at http://presta.onverify.com/

 

The plugin is available at http://www.onverify.com/ (a free account required)

Phone Verification Plugin for Opencart 2.X

OnVerify plugin is updated for Opencart 2.x and it’s under beta test at http://opencart2.onverify.com/

 

Please check it out and comments for any features.

 

The new plugin will support 1.X as well in single installation.

 

Here is the summary of features:

 

  • VQMod based (no change on core code, so it will be upward compatible with major versions)
  • SMS (Text) or Call (An actual phone call conducted) based verification on checkout process, just before the payment
  • Templates for SMS text message and Call
  • Number of digits in PIN adjustable
  • Verification Types (SMS/Call/User Select)
  • Limit verifications to specific customer groups
  • Upgrade customer after verification (so automatic extra permissions and bypass verification next purchase)
  • Maximum verification retries and retry time limits to minimize bad use
  • Limit the verification to specific payments (Such as do only for credit cards, but omit for cash on delivery)
  • Limit verification to same number for the defined period
  • Unique phone number requirement per account
  • Match IP Country to Billing Country (any mismatch will stop payment)
  • Mach IP Country to Shipping Country(Mismatch will stop payment)
  • Do verifications according to the total amount (Do verifications if total is bigger than X amount)
  • Blacklist IP
  • Blacklist numbers (or prefixes)
  • Admin purchase notifications via phone or sms
  • Customer order status notifications via phone or sms

Phone Verification for Vbulletin Updated

Phone Verification Plugin for Vbulletin 4.X is updated with the following features:

  1. Call in phone verification. Instead of auto call out, the user needs to call the given number to access pin
  2. Zero configuration. The plugin is 100% customized for your account at onverify. Just download the plugin from onverify.com, and import the product (copy verify*.php to VB4 root), you are ready to go
  3. Auto Upgrade & Downgrade group options. You may automatically upgrade the user upon verification. If user changes the phone number of profile or auto downgrade time passed (since verification), user is degraded to provided user group

Just login to onverify.com, and browse to http://www.onverify.com/a/plugins/w/vb4 and get your customized plugin.

Phone Verification Extension for Opencart (Update)

A new update of phone verification extension for opencart is immediately available at onverify.com. These are the new features:

 

  1. Ability to limit verification to specific customer groups
  2. Limit verification to specific payment types
  3. Limit verification for orders with high totals
  4. New order notification to admin
  5. Order status change notification to customer

 

The demo is at opencart.onverify.com. You can get the free extension from onverify.com. Test it without a cost and no obligation to pay unless you want to keep it.