 |
merchant911.org -- helping Merchants |
|
merchant911.org -- helping Merchants |
Site Hosting Services Go After Merchants --- Wednesday, February 28, 2001
Pagecreators.net was a well-known scam on the internet. Trinity Host LLC is another company that the owner of PageCreators INC owns. For more details, please see this link: HostMonitor http://www.geocities.com/hostingmonitor
Address Verification Called Meaningless --- Wednesday, February 21, 2001
Think AVS protects you? Think again!
Here is a direct quote from Julie Furguson, co-founder and chief technology officer of ClearCommerce, provider of on-line transaction software... "The only time AVS is meaningful is when you get a rejected address." An AVS match is meaningless, Furguson says, because the issuing bank's database looks only at the zip code and first five characters or numbers of the address. In addition, a cards expiration date is not verified against the account information, only that the card has not expired.
Avivah Litan, an analyst with the Gartner Group, further stated that the AVS is totally non-functional about 22% of the time.
Most issuing banks give the credit card companies a "floor limit," usually $25 or $30 below which the issuing bank tells the card companies to stand in on the approval and the bank never sees it.
Merchant 911 Confirms Fraud --- Wednesday, February 14, 2001
Based on our own investigation of confirmed fraud activity, any credit card transaction from California Federal Bank should be thoroughly investigated before delivering goods or services. Cal Fed's VISA cards start with the digits 426609. It is believed that several hundred numbers were harvested and used fraudently. NOVUS, through at least one processor, MERCHANTCONNECT.COM, authorized at least 13 of these card numbers from July through October of 2000. Some of these numbers could still get authorized although Cal Fed has closed the accounts. The transactions investigated originated with an ISP in Yugoslavia using various Yahoo and Hotmail addresses.
iChecks Provide no Safety --- Monday, February 12, 2001
Based on our investigation of i-Checks processed by PayByCheck.com it was revealed that PayByCheck.com will issue Approval Code on accounts that are either bad accounts or accounts that do not even exist. This information has been confirmed by security personnel from three different banks.
Incident No. 1: PayByCheck.com issued Approval Code on an i-Check written by one Denise Anderson AKA Denise Faison in Troy NY. on First Citizens Bank and Trust in Atkinson, NC. Bank officials indicated that this is a valid account but the account holder, Denise Faison, did not have adequate funds. Indications are that the account holder is well known by the bank's security people and they were quite interested in finding out that we had confirmed her whereabouts in Troy, NY.
Incident No. 2: PayByCheck.com issued Approval Code on i-Check written by Denise Anderson AKA Denise Faison in Raleigh, NC. on Compubank National Associates. A bank security official stated that the account number used on the i-Check did not have the correct number of digits, nor did it start and end in the correct pattern of 0's and 1's. This account number is not, and has never been, one of theirs.
Incident No. 3: PayByCheck.com issued Approval Code on i-Check written by Denise Anderson AKA Denise Faison in Smithfield, NC on Sun Trust Bank. Bank official told the investigator that the account number used on the i-Check could not possibly be one of theirs.
PayByCheck.com Customer Support claims that they check only for a valid bank routing number and the SCAN database for known bad checks. IF address verification service (AVS) is turned on, they will check to see if the address is a "known address." PayByCheck.com does NOT have AVS active by default - you MUST turn it on, but they do not tell you this unless you ask! In other words, their security checks are all but useless since made up names and account numbers will receive an Approval Code!
Merchant Bank Card Assoc. Hides Dangers to Merchants --- Thursday, February 1, 2001
It was stated by Mr. John Castle of MERCHANT BANK CARD ASSOCIATES that any time an authorization number was received from the system, the transaction was guaranteed to be valid. This, of course, is totally false. Mr. Castle divulged a little more information a full two years after he got the business when he was confronted by fraud reports.