One of our customers noticed some completed Webtix sales that seemed suspicious.
One of the customer’s names was Regerg Wefwefewf and another was Efwefw Ewfwe
According to Bruce Schneier, a renowned cryptographer, computer security, and privacy specialist, this is a common technique used by criminals to verify the validity of card numbers.
The situation is that a criminal has purchased a list of credit card numbers. But, they do not know if any of them are valid. So, they go to a non-profit and make a donation. If the donation is accepted by the non-profit and their bank, the card is valid. The criminals go off and start buying stuff that is more valuable to them than gift certificates. If there is a chargeback, the non-profit has to deal with it.
If the card is refused or the transaction will not go through, the criminals know the card is invalid. They throw it away.
If this happens to you, alert your bank and credit card processor. Write everything down with the date, time and names of the people. That will give you the most protection.
IMPORTANT! Check your Authorize.net settings and make sure they are set to strict standards (ie. reject a card if there is an AVS mismatch for example) to avoid situations like this.
When there is an AVS mismatch, this error will occur:
ERROR:Credit-Card Processing Failure – The transaction has been declined because of an AVS mismatch. The address provided does not match billing address of cardholder.
The screen shot below shows the options available for AVS settings. To learn how to configure your AVS settings, go to http://www.authorize.net/videos/ Click on the video titled “Address Verification Service (AVS).”
The thing you need to be aware is that the criminals are bad enough. However, the banker’s reaction to this situation can cause you more trouble. This can be things like raising your discount rate or cancelling your merchant account. Make sure you handle things in a professional manner. That means, keeping the dates, times and the names of people you speak with.