An overseas customer tried to place several orders on my website this week and they looked potentially fraudulent. He had had one payment card declined before using another card. When that card transaction went through, he received a low score of +13 on the 3rd Man check. When I looked at the breakdown of his score and the results of the AVS, CVVS and 3D secure, etc. I became more concerned. He had not been enrolled for 3D secure (i.e Verified by Visa/ Mastercard SecureCode) which resulted in a 'None' result. However, my payment security settings were set to 'On' for 3DS for both Visa & Mastercard and yet somehow his transaction was allowed to go through! Also, my CVV2 settings were set to 'Enforce' and my AVS settings set to 'Check'. Normally, if a private customer places an order from his work location using his personal credit card the result for the AVS check is 'Not Matched' and if I'm concerned I call the customer and make more checks. However, in this customer's case the AVS check resulted in a 'Not Checked' result! I'm using Actinic Payments as my PSP and Actinic v10 Business.
My question is how could his transaction possibly have been allowed to go through when there was no 3DS check performed despite the settings being enabled 'On' and why did the AVS check result in 'Not Checked' despite the settings be enabled for 'Check'?
I called Actinic's help desk but they were puzzled by this and said they were not aware of any similar occurrences.
I also called 3rd Man and got them to do a check on this customer's transaction too but they couldn't see any problems with it. However, when I went on to explain he had made three orders that day using three modifications of two address locations for the same card, three attempts of which had already been declined, they naturally realised it was a potential chargeback fraud attempt. Plus when I checked the customer's business website it appeard to be just a front and all his order requests were marked very, very urgent and needed to be delivered before a certain date. He also kept modifying his order, adding more and more items and eventually sent me another massive order request for various items and he seemed unworried by the high shipping costs and the fact that I had already declined his earlier order. Needless to say I declined all of this cutomer's orders and emailed him explaining why. Nonetheless, he then went on to place another order using a third payment card, using modifications of the earlier addresses and still managed to get through all the security checks, again with no enrolment for 3DS , despite my settings being 'On' and 'Not Checked' for the AVS check despite them being set to 'Check'. Again I declined his order, voided his earlier trasactions and advised him by email that this may have been an attempt at a potential fraudulent purchase. I sent the 3rd Man feedback as a potential chargeback fraud immediately.
I find this situation very worrying and I advise other users to be aware and check all the details of a low 3rd Man score transaction, despite the light being 'Green'. I also hope that Actinic will look into how their payement security settings could possibly be overridden/bypassed. I did begin to wonder if my website had been hacked to overridde these settings and I went on to refresh my website.
Have any other users experienced a similar case of Actinic payment security settings being overridden/bypassed?
My question is how could his transaction possibly have been allowed to go through when there was no 3DS check performed despite the settings being enabled 'On' and why did the AVS check result in 'Not Checked' despite the settings be enabled for 'Check'?
I called Actinic's help desk but they were puzzled by this and said they were not aware of any similar occurrences.
I also called 3rd Man and got them to do a check on this customer's transaction too but they couldn't see any problems with it. However, when I went on to explain he had made three orders that day using three modifications of two address locations for the same card, three attempts of which had already been declined, they naturally realised it was a potential chargeback fraud attempt. Plus when I checked the customer's business website it appeard to be just a front and all his order requests were marked very, very urgent and needed to be delivered before a certain date. He also kept modifying his order, adding more and more items and eventually sent me another massive order request for various items and he seemed unworried by the high shipping costs and the fact that I had already declined his earlier order. Needless to say I declined all of this cutomer's orders and emailed him explaining why. Nonetheless, he then went on to place another order using a third payment card, using modifications of the earlier addresses and still managed to get through all the security checks, again with no enrolment for 3DS , despite my settings being 'On' and 'Not Checked' for the AVS check despite them being set to 'Check'. Again I declined his order, voided his earlier trasactions and advised him by email that this may have been an attempt at a potential fraudulent purchase. I sent the 3rd Man feedback as a potential chargeback fraud immediately.
I find this situation very worrying and I advise other users to be aware and check all the details of a low 3rd Man score transaction, despite the light being 'Green'. I also hope that Actinic will look into how their payement security settings could possibly be overridden/bypassed. I did begin to wonder if my website had been hacked to overridde these settings and I went on to refresh my website.
Have any other users experienced a similar case of Actinic payment security settings being overridden/bypassed?
Comment