I haven't done this with OpenSRS, but I've done a fair number of systems that do automated card processing (we do this locally, without paying some payment gateway extra fees).
You should be able to get a lot of info back from the processing system -- confirming the zip code and the numeric part of the card billing address, at a minimum for U.S. addresses. Beware of a response that comes back "N" (doesn't match) on an international order -- that means the credit card has a billing address in the U.S. or Canada. These are all "card not present" transactions, which means the bank will ask you for proof -- and that means a signed charge slip. The burden of proof is with the merchant. -- Lynn -----Original Message----- From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]] Sent: Saturday, May 25, 2002 6:05 AM To: 'ICDServers'; 'Ramy Nabil'; 'Jim Whitesell' Cc: [EMAIL PROTECTED] Subject: RE: fraud hedsup This is only true if you are manually processing credit cards - and not if you have tied orders to a payment gateway. If you have tied ordering to a payment gateway, you should be using all the authentication and fraud protection features of your payment processor - and even then you are at risk. Chargebacks can occur at any time, and the credit card company will normally be happy to oblige the customer - not the merchant. When this happens, you are out your domain fees to OpenSRS, the domain can be taken out of circulation so that the "purchaser" cannot use it any more, but that's it. It sucks. It's a cost of doing business online. I've recently sent a number of these to the FBI, however since the orders appear to have come from overseas (IP trace to a cable provider in Turkey), I suspect that nothing will be done. I do have working email addresses for the three orders (10 domains) that we recently "ate" but I don't expect that we'll ever recover anything from these orders. -t > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of ICDServers > Sent: Saturday, May 25, 2002 8:21 AM > To: 'Ramy Nabil'; 'Jim Whitesell' > Cc: [EMAIL PROTECTED] > Subject: RE: fraud hedsup > > > HI All, > > If i'm not mistaking ( as being a newbie at all of this) we > have to authorize the registrations when they are made, after > receiving the e-mails the OpenSRS client send us and logging > into the backend. > > So why not first check on the creditcard to be processed > fully before you authorise such registrations ? Just add one > line to the registration form " Registration via creditcard > will be commited after creditcard > details have been verified by the appropriate creditcard company" or > something along that line ? > > Grtx, > > Peter Broerse > ICDServers > www.icdservers.nl www.icdservers.be www.icdservers.com > > > -----Oorspronkelijk bericht----- > Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Namens Ramy Nabil > Verzonden: zaterdag 25 mei 2002 5:56 > Aan: Jim Whitesell > CC: [EMAIL PROTECTED] > Onderwerp: Re: fraud hedsup > > > How can we be protected from such fraud orders? > > Jim Whitesell wrote: > > > We got hit by someone who registered one domain for four years. The > > credit card was stolen. Name used was Antonio Bredelli but > is probably > > > ficticious. > > > > Anyone want to take dalhoo.com off my hands at cost? > > > > Regards, > > > > Jim Whitesell > > > > At 04:51 PM 5/24/2002 -0400, you wrote: > > >Watch for any orders with an org name: allianzs team > > > > > >And email ending @ hotmail.com: have had many fraud attempts from > > >this area this week. > > > > >
