Announcement

Collapse
No announcement yet.

Fraud prevention for MM5?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Fraud prevention for MM5?

    Hi folks --

    One of my clients's stores is being used by hackers to test credit card numbers. She's getting large numbers of authorization requests. I know that, on MM4, OUI has features to prevent this. Is there anything similar for MM5?

    Thanks --
    Kent Multer
    Magic Metal Productions
    http://TheMagicM.com
    * Web developer/designer
    * E-commerce and Miva
    * Author, The Official Miva Web Scripting Book -- available on-line:
    http://www.amazon.com/exec/obidos/IS...icmetalproducA

    #2
    Re: Fraud prevention for MM5?

    Dear Kent,

    I am working on something as a side project, so I am not sure when it will be done.
    Thank You,

    Nerd Boy

    http://www.nerdboyinc.com

    1-855-Nerd-Boy

    Comment


      #3
      Re: Fraud prevention for MM5?

      Authorize.net has a Fraud Detection Suite that is really cheap. We use that as our pre-transaction fraud prevention and are pretty happy with it so far.

      Comment


        #4
        Re: Fraud prevention for MM5?

        Will Authorize.net's sute prevent the type of problem I described, where hackers attempt to run large numbers of credit cards, hoping to find one that works?

        Thanks --
        Kent Multer
        Magic Metal Productions
        http://TheMagicM.com
        * Web developer/designer
        * E-commerce and Miva
        * Author, The Official Miva Web Scripting Book -- available on-line:
        http://www.amazon.com/exec/obidos/IS...icmetalproducA

        Comment


          #5
          Re: Fraud prevention for MM5?

          Yeah, it has a setting for that: http://authorize.net/solutions/merch...etectionsuite/

          That's not really my area, so I don't know the exact interface, but I believe we even get e-mails when someone is blocked so you can unblock if you wanted to.

          Comment


            #6
            Re: Fraud prevention for MM5?

            We use Authorize.net Fraud Prevention and though it doesn't quite work how you expect, it works great and smoothly. Depending on multiple parameters you can set, it will mark suspicious transactions and send you an email notification. For the scenario you describe (large numbers of authorization requests), we use the Velocity Filter to set a maximum of two credit card attempts from the same computer IP address per hour. Any attempts after that are automatically marked "Declined". So hackers can still run the numbers, but they will get an automatic decline if they run more than two per hour. You get an email notifying you of the results of the suspicious transactions. The price of $5.00 per month is more than worth it when, without Fraud Prevention, you get charged (by Authorize.net) 10¢ per transaction whether it is fraudulent or not. That adds up quick when a spammer hits you with hundreds of authorization attempts.

            Comment


              #7
              Re: Fraud prevention for MM5?

              Sift Science is a new fraud solution to Miva Merchant and we're looking for Miva sites to beta test our product. I'd love to work with y'all.

              Sift Science uses the same technology that Amazon and Apple use to fight fraud, machine learning, but applies it to online businesses of all sizes. Some of our large customers include Match.com, airbnb, and Open Table. We are finalizing our Miva Merchant plugin and are looking for Miva beta testers.


              Sift has been very effective for merchants of all sizes. For merchants that have already experienced fraud, we’ve been able to significantly reduce manual review times, while also being maintaining remarkable accuracy. More information about Sift can be found on our website.

              Please reply to this thread if you’re interested! I look forward to working with you.

              Best,
              Erica

              Comment


                #8
                Re: Fraud prevention for MM5?

                Erica: Possibly interested in trying the beta. Can you provide information about integrating the API into our checkout process.
                Thanks, Larry
                Larry
                Luce Kanun Web Design
                www.facebook.com/wajake41
                www.plus.google.com/116415026668025242914/posts?hl=en


                Comment


                  #9
                  Re: Fraud prevention for MM5?

                  Erica: Looking at the API required item fields causes considerable concern to me. Sift appears to be collecting a lot of information about our products that we do not want revealed. Please comment.

                  Larry
                  Last edited by wajake41; 10-30-14, 07:46 PM.
                  Larry
                  Luce Kanun Web Design
                  www.facebook.com/wajake41
                  www.plus.google.com/116415026668025242914/posts?hl=en


                  Comment


                    #10
                    Re: Fraud prevention for MM5?

                    Hi Larry,

                    Thanks for your interest! The Miva plugin will automatically send relevant order information to Sift's API - no developer resources will be needed.

                    The privacy of your site's data is incredibly important to Sift. We don't share your customer or order data with anyone and just use the information to detect fraud. Sift's approach to fraud is a bit different than other providers. Sift analyzes patterns in what makes a fraudster from real-time feedback that we receive all over the world. The more high quality data we have, the better we operate.

                    For reference, our Miva plugin does not capture all the events in our API documentation. I know we capture $create_order and some elements of $transaction.

                    I'm more than happy to answer any questions about Sift via phone as well.

                    Best,

                    Erica

                    Comment


                      #11
                      Re: Fraud prevention for MM5?

                      Hello Erica: It appears that $create_order captures information that we do not want to share. Please disregard my earlier interest in the beta.
                      Larry
                      Larry
                      Luce Kanun Web Design
                      www.facebook.com/wajake41
                      www.plus.google.com/116415026668025242914/posts?hl=en


                      Comment


                        #12
                        Re: Fraud prevention for MM5?

                        Originally posted by wajake41 View Post
                        Erica: Looking at the API required item fields causes considerable concern to me. Sift appears to be collecting a lot of information about our products that we do not want revealed. Please comment.

                        Larry

                        One of the key factors in screening for suspicious orders is the merchandise being purchased. The easier the merchandise being purchased is to move, the more careful you have to be, that is probably why they are collecting product info.
                        Thank you, Bill Davis

                        Comment


                          #13
                          Re: Fraud prevention for MM5?

                          That's very true, Bill! Sift performs a lot of analysis around the order value of the item and how that relates to fraud for your store. Would your store be interested in beta testing us?

                          Larry, I understand your hesitation. I do want to confirm that the raw data you send us remains legally your's - Sift uses your raw data only to produce a fraud score. We do not share any information about your store or about your orders with any other stores and we will never send your data to advertisers.

                          Rather, the analytical results are shared across our network - that's how we learn. For example, Sift might learn from real examples of fraud that orders from certain IP address are more common amongst fraudsters. We will apply that finding, with the appropriate weight, across our whole network. We will NEVER say "this customer from Store XYZ from this IP address was fraudulent". We simply provide a weight (this IP address is 4 times more likely to be fraud"). Does that make sense?

                          Here's a video demo of our console that will give you some more insight into the type of analysis we do: https://www.youtube.com/watch?v=ig5bg19fdOY
                          Last edited by siftoutyourfraud; 10-31-14, 02:41 PM.

                          Comment


                            #14
                            Re: Fraud prevention for MM5?

                            We would not be a good candidate at this time as our store is in the process of migrating from legacy platform.
                            Thank you, Bill Davis

                            Comment


                              #15
                              Re: Fraud prevention for MM5?

                              Got it. What is your timeline?

                              Comment

                              Working...
                              X