Reduce e-commerce Credit Card Fraud Via Phone With Verify-Me-Now

30 Comments

1. I review getting good idea and view that written here about life lock they always protect the people and monitor them full time, if you getting more knowledge visit this site, it is updated and quality site I hope you getting good knowledge. identitytheftprotectionlock

   July 3, 2008 at 11:33 pm by Samiullah

2. Josh-

   Are you using this service? Just wondering what type of business you’re in. Must be vastly different than mine. We sell high end professional audio and video equipment.

   Again, the thieves my company deals with every day aren’t scared of phone calls and pin numbers. They’ll talk to us when we call the phone number they’ve supplied, act like a legitimate upset customer when we question their order, offer to let us talk to their wife who’s name is on the card, threaten to call the BBB, they call us back a couple of days later checking on their order, wanting a tracking number, etc. We’ve even had them on a conference call with the issuing bank.

   The bad guys also know that we can’t “zero in on their location”. Anyone who may have that kind of technology isn’t using it to stop CC fraud.

   As for the thief not being willing to give away his location, what is he doing when he gives me a shipping address? If having a package being delivered to a physical location doesn’t scare him, I have a hard time understanding how requiring him to give out his phone number and typing back a pin# is going to be a deterent.

   May 29, 2008 at 4:17 pm by Mark Nash

3. I disagree with the nay sayers who are being far too vocal. What’s their motivation?

   It is not a useless idea to call back a user and require a pin. This in itself is a significant way to slash fraud.

   In the scenario presented by the detractors who assume the theif knows the procedure required for a purchase. The well informed criminals must make one extra step in committing fraud. They must supply a phone number. Cell phones signals can be used to zero in on a location of a crook. They know that. OJ simpson taught them that. Landlines give a specific address. This makes the theft less of a “soft target”

   As a criminal does not want to be caught it adds to the risk. Increased risk in a crime drives criminals to seek easier money. In addition, there is increased complication of the purchaisng prosses, phone calls and pin numbers.

   Now in this previous high-crime eaxmple, we have discounted all possible validations that a user of this service (vendor) does when first registering the user, CC, and giving the pin.

   If a verification process is used in the phone call registration process, it is a good bet that at a later date if the credit card is stolen, the fraudster will not also steal the phone and the pin at the same time.

   Users may be repeat customers and the orginal registration process may be days and months before a fraud actually occurs.

   Additionally big money fraud (the kind that impacts banks the most) has the theif running dozens of cards at a time. A theif would most certainly not chose to get a phone, register, get a pin, give away his location and then make a purchase for each embossed card. He will just shop elsewhere.

   The answer to the power of this service relies in the validation on sign up and delay between the registration time and the purchase with the pin.

   Ideally the first use could be restricted to purchase value limit, thus reducing losses. If the credit card is reported stolen or charges are incurred, the standard cc procedures will kick in.

   Clearly their are comments by people who do not undertsand criminals and the most costly forms of CC fraud.

   This also limits the amount of internet cc fraud done by sniffing and trojans as the secret pin a user obtains is not visible on the workstation.

   May 27, 2008 at 10:43 am by JoshG

4. James –

   He can’t do that because they don’t exist. Only the issuing banks will do that – with a voice call to the bank. I don’t believe that processors even have that information available to them. Even if they did, it would have nothing to do with Irv’s service because he doesn’t interface with the processor.

   May 22, 2008 at 8:16 pm by Tom Mahoney

5. My first post seems to have been lost. I will try again.

   Irv said:
   The majority of credit card transactions require telephone number and in fact the bank validates the phone number. The point of our service is that if someone steals your credit card (or even just your credit card number) it is very easy for them to obtain your telephone number.

   Irv also said:
   Most if not all credit card clearing companies offer the ability to validate telephone numbers.

   Help me here. Mine doesn’t. I’m unable to find one that does. Please post a list of some of those credit card clearing companies who do.

   May 21, 2008 at 10:32 pm by James S. Huggins

6. By the way, Freddie…

   Please don’t think that I’m picking on you guys. Varilogix, Telesign, and the other phone verification services are, in my opinion, just as useless. I said so in my blog. As for Maxmind, as far as I know and I’ve been an affiliate for a few years now, they do NOT do any call-back services. They compare the area code and prefix of the number given in the transaction against the IP GeoLocation of the order’s origin and the address of the billing address.

   There is certainly value to collecting phone numbers. We preach it at Merchant911, and I covered it in depth in the e-learning course that I wrote. I also caution merchants to call ONLY the bank verified phone number. Calling any other number is not only pointless, it’s counter-productive since, in a fraud transaction, the bad guy will answer and verify whatever all the information they already gave you.

   May 21, 2008 at 8:48 pm by Tom Mahoney

7. The amount of dancing from the Verify-Me-Now gang is just amazing!

   Freddie – I stand corrected on the use of the word ‘prevent.’ You did only say ‘slash.’ Perhaps I should have used the phrase “Help prevent.” And you are probably correct about Craigslist’s use of a call-back service, but you didn’t (and can’t) corollate it to credit card fraud. They are a free service so Derek’s comment is a totally worthless point toward this discussion as is your explanation of it.

   Freddie also said: “We don’t claim that we verify that the phone number entered at the time of sale is the cardholder’s phone number.”

   No, but you certainly imply it – especially to the beginning merchant.

   And Freddie also said: “We merely provide the means to make the phone-call via an API call. If you couple this phone call with a verified phone number, you’ve got a great way to reduce fraud.”

   This makes NO sense at all. If I have a verified phone number, why would I use your service to call a different one?
   I can compare the two.

   May 21, 2008 at 8:28 pm by Tom Mahoney

8. So if I’m interested in verifying identity for anti fraud purposes, which is the way you’re advertising the service, what value do you add?

   As others have pointed out. The sophisticated criminal is going to simply answer the phone and type in the PIN he was supplied. The bad guys I’m dealing with every day aren’t worried about answering an automated phone call.

   And when it comes to charge backs, I’m sure none of the credit card companies are going to care if you get a correct PIN coming back or not. Nor will they care if you have a voice recording of someone speaking their name. In a card not present situation the only thing they care about is did you get a positive AVS response, did you collect the CVV code, and did you ship to the billing address of the card. That’s it. Even then good luck fighting for your money.

   May 21, 2008 at 9:59 am by Mark Nash

9. Another use of a phone verification for Google AdSense:
   https://www.google.com/adsense/support/bin/answer.py?answer=32055&topic=136

   And another (eBay):
   http://pages.ebay.in/help/sell/seller_account.html

   May 21, 2008 at 9:49 am by Freddie

10. Mark, you are correct. We don’t claim that we verify that the phone number entered at the time of sale is the cardholder’s phone number. We merely provide the means to make the phone-call via an API call. If you couple this phone call with a verified phone number, you’ve got a great way to reduce fraud.

    May 21, 2008 at 9:31 am by Freddie

11. But there is no verificaton that the phone number entered at the time of sale is the CARDHOLDER’S phone number. Correct?

    May 21, 2008 at 9:19 am by Mark Nash

12. The reduced number of erotic services ads on Craigslist is due (according to Craigslist) to the implementation of voice phone verification on those ads. The Verify-Me-Now service is an API call that lets any developer integrate such a voice phone verification into their application. It can be for anything you want. It is a tool for developers. It works in the very same way that Craigslist, MaxMind, Varilogix, Telesign, and other phone verification services work.

    You make an API call, passing in a phone number and a PIN number. Verify-Me-Now calls that number and asks for the PIN. You can even have it ask the user to speak their name and we’ll record it and send it back to you.

    You are welcome to check that phone number ahead of time. If you are using it to check credit card info, then check with your processor against the billing phone. Or if you can’t do that, you can check to see if the phone number entered is within the region where the billing ZIP is. It’s up to you.

    We are merely the link between the API call and the phone call.

    I don’t see the words “Slash” and “Deterrent” to being mutually exclusive. I also don’t see anywhere in the original post that uses the word “Prevent”, as Tom Mahoney claims it says.

    May 21, 2008 at 8:34 am by Freddie

13. How does a reduced number of erotic services ads on Craigslist equate with reducing credit card fraud for our company?

    I don’t see the connection.

    May 21, 2008 at 8:17 am by Mark Nash

14. Irv said:
    The majority of credit card transactions require telephone number and in fact the bank validates the phone number. The point of our service is that if someone steals your credit card (or even just your credit card number) it is very easy for them to obtain your telephone number.

    Irv also said:
    Most if not all credit card clearing companies offer the ability to validate telephone numbers.

    Help me here. I’m unable to find one that does. Mine doesn’t. Please post a list of some of those who do.

    May 20, 2008 at 8:18 pm by James S. Huggins

15. Apparently, Craigslist sees the value in such a service:

    http://www.telecentrex.com/2008/04/10/craigslist-deploys-phone-verification.html

    May 20, 2008 at 4:01 pm by Derek

16. Gentlemen, is it just me or do I see some serious back-pedaling here?

    First we see “Slash” now we see “deterrent.” First we see you say it will prevent fraud – now you’re saying a significant drop in Bots. Any merchant in business more than a week can spot a bot!

    I hate to say it to you fine folks at Verify-Me-Now, but most on-line merchants aren’t normally as stupid as you think we are. We’re just not going to fall for this thing you are offering to give us for less than ten cents.

    May 20, 2008 at 1:50 pm by Tom Mahoney

17. We have implemented this technology for some of the services we offer, and have seen a significant drop in fraudulent and bot signups. This is not a solution for every situation, nor should it be the only thing someone is doing to prevent fraud. But as others have said it is a deterrent.

    A majority of companies use the billing number on an account to verify the credit card, so if you are doing that, this can be an effective way to determine if the person ordering is really the card holder.

    The issue of someone traveling is certainly a legitimate issue. You can offer someone in this situation another way to verify their purchase. Such as calling out to the caller and leaving a message on voice mail with a PIN for them to use latter to call back in and verify the order — which can be easily done with the ifbyphone’s services/API.

    There is no single solution to the problem of credit card fraud, but this is another arrow in the quiver and at a cost of less then 10 cents, for many businesses catching one or two fraudulent orders a month makes this more then worthwhile.

    May 20, 2008 at 10:29 am by Josh

18. How exactly is it a deterent?

    If a bad guy is willing to risk having purchases shipped to a physical location, where he or some accomplice could be caught, why would giving out a phone number deter him?

    I think this service severely underestimates the type of criminal some of us are dealing with. I can see where this might be a deterent to a young kid who happens upon someone else’s credit card number and decides he’ll give it a try but the large dollar fraud is being perpetrated by more sophisticated criminals.

    May 19, 2008 at 1:07 pm by Mark Nash

19. FREDDIE SAID:
    There is also an option to record the person speaking their name. This recording can be used later, similar to a signature, to say “Oh yeah? You didn’t authorize this purchase? Isn’t this your voice?”

    MY REPLY:
    Here we go with the politician spin again. What you are talking about is totally different than fraud prevention – it’s purchase verification.

    FREDDIE SAID:
    It’s not going to PREVENT or ELIMINATE fraud (nor does it claim to). It is a deterrent.

    MY REPLY:

    In the first paragraph of the original blog post, the claim is that the service will “slash fraud rates…” Please help me with this deterrent vs. slash terminology.
    …..

    In case you haven’t noticed, the only folks posting here and at http://www.merchant911.org/blog/index.php/2008/05/15/another-less-than-useless-service/ that see any value to “Verify-Me-Now” are the folks that are marketing it.

    May 19, 2008 at 11:52 am by Tom Mahoney

20. Verify-Me-Now is a tool. A website provides a phone number and a PIN, using the API, and it calls the phone number and asks for the PIN. I you can find a way to get the billing phone number for a credit card account and feed it into this tool, then great. There are many sites that use services like this (TigerDirect, etc) as well as many other providers that provide a very similar service (at twice the price).

    This tool can be used in various ways to prevent fraudulent accounts. Think of it as a Phone CAPTCHA. There is also an option to record the person speaking their name. This recording can be used later, similar to a signature, to say “Oh yeah? You didn’t authorize this purchase? Isn’t this your voice?”

    It’s not going to PREVENT or ELIMINATE fraud (nor does it claim to). It is a deterrent.

    May 19, 2008 at 10:37 am by Freddie

21. Wow! An amazingly useless service.

    I hope you didn’t spend a lot of resources developing this system and I hope potential customers understand how little this offers before they sign up for the service.

    May 19, 2008 at 9:14 am by Mark Nash

22. And you then guarantee the loss if the “customer” is a bad guy test?

    May 19, 2008 at 7:40 am by Larry

23. I think I must be misunderstanding something. This service offers to automatically call the “customer” to complete the transaction, but uses whatever phone number the customer enters? How does this help exactly? Doesn’t that just mean that a potential fraudster would simply use whatever number he’s sitting at to complete the transaction, or even more likely, a quicky throwaway phone?

    I guess I just don’t completely understand the benefit here. What we need as a vendor is a simple way to verify that the phone number that’s entered is in fact the CARDHOLDER’S phone number. Does this service do that?

    Our CC machines will verify address, but not phone numbers. So a service like THAT would be of real value. Otherwise, it just seems like a fairly easy little sawhorse for some fraudster to leap over.

    May 19, 2008 at 7:30 am by Michelle

24. I agree with the other comments here. A crook isn’t going to leave the card holders phone number – they either leave a bogus one or their own, so a phone call proves nothing. And as jim said, what happens when I’m traveling or using my cell phone instead of my home phone? Or my office phone instead of my home phone?

    When I suspect fraud on an order, the LAST thing I do is call the phone number left on the order. I do a web search and find the phone number for the billing address and call it. I’ve alerted at least 2 people to the fact their card numbers had been stolen doing this. Neither time was that phone number on the order.

    As a customer, I don’t want to wait around for an automated phone call – I get dozens of spam recorded calls every week and hang up on them before 2 words are out of their recorded mouths.

    Fraud protection has to be easy on the customer, not something they have to wait for.

    May 19, 2008 at 6:02 am by Lori Brown

25. I don’t know what the average is but i have five phone numbers of which three of them require navigation of a voicemail system.

    If the bank only has one number on file to validate what if that’s not the particular number i’m using. What if i’m travelling and at a hotel, working out a different office etc.?

    If i tried to order something and they could not validate the one phone number that is on file with the bank because I was at a different number i would just order from a company that didn’t use this service.

    Not slamming the setup just curious how it would handle what are pretty normal possibilities.

    May 18, 2008 at 11:24 pm by jim

26. I disagree with Tom above – phone verification does seem to discourage fraud by varying amounts – anything that makes them less able to be anonymous is good. I agree though that it’s very important this not be seen as an instant cure to fraud – it is definitely not that, and it should not be promoted as such even by implication.

    This would couple well with any of the various fraud assessment tools out there which assign point scores based on matches between bank BIN codes, bank locations, purchaser location, and phone number location. There are some big players out there such as Maxmind. If you are shipping physical goods I would (a) use a great deal of common sense, and, (b) do everything possible, and more, to verify the order. For instance, wait to see if they call if it doesn’t add up, contact the bank for verification, etc. Most times there are giveaway signs – but not always. Eg: I love how spammers still can’t spell after all these years!

    May 18, 2008 at 10:29 pm by Brian

27. Most if not all credit card clearing companies offer the ability to validate telephone numbers. However without our service they have no way of knowing if the owner of the telephone is the person making the purchase.

    If the the credit card clearing company verifies that the phone number used is the phone number on file, then our service verifies that the phone is in the possession of the owner.

    Knowing that the phone number you used to verify the transaction with the credit card company is in the possession of the owner adds a key security component. We now know where the phone physically resides.

    Finally, we welcome an intellectual debate on our blog. However, we request that you keep the dialog professional and appropriately polite.

    May 18, 2008 at 5:52 pm by Irv Shapiro

28. YOU SAID:
    Secondly, the majority of credit card transactions require a telephone number and in fact the bank validates the phone number. The point of our service is that if someone steals your credit card (or even just your credit card number) it is very easy for them to obtain your telephone number.

    MY REPLY: Transactions do require a phone number but you do not interface with the bank, therefore the number entered on the transaction could easily be the bad guys – and if I was the bad guy I’d use my number and verify the transaction. And no, it’s not easy for them to get a cardholders phone number but if they did, they wouldn’t be dumb enough to use it.

    YOU SAID:
    Therefore, if the company places a call to your telephone number each time a transaction is completed they ensure the owner of the telephone is the person placing the transaction.

    MY REPLY: Precisely my point! The owner of the telephone is tho one you call – even if it’s the bad guy.

    YOU SAID:
    Generally, with fraudulent transactions the thief is not going to enter his or her own number.

    MY REPLY: Oh no? I know for a fact that a lot of our 3700 members would disagree from personal experience.

    YOU SAID:
    In addition, if you have verified the telephone is being answered by the person placing the order you have an additional verification that the person in fact intended to make the purchase.

    MY REPLY: Well, yes. Duh! Of course the person placing the order intended to make the purchase! Good guy or bad guy.

    Thank you for the comments. I’ll continue to denounce these call-back services as a rip until there is an interface to the issuing bank’s verified telephone number.

    May 17, 2008 at 1:33 pm by Tom Mahoney

29. The majority of credit card transactions require telephone number and in fact the bank validates the phone number. The point of our service is that if someone steals your credit card (or even just your credit card number) it is very easy for them to obtain your telephone number.

    If you place a call to the telephone number each time a transaction is completed you ensure the owner of the telephone is the person placing the transaction.

    This in fact has a significant positive effect on transaction reliability.

    In addition if you have verified the telephone is being answered by the person placing the order you have an additional verification that the person in fact intended to make the purchase.

    May 15, 2008 at 4:18 pm by Irv Shapiro

30. Ripoff artist!

    Your service proves what? That the person doing the order has a phone. Big deal.

    Unless you interface with the bank to verify against the phone number on file for the cardholder, you’ve done nothing.

    May 15, 2008 at 3:32 pm by Tom Mahoney