ASP
  Home arrow ASP arrow Credit Card Fraud Prevention Using ASP and...
IBM Developerworks
Iron Speed
Dev Articles Forums 
ADO.NET  
Apache  
ASP  
ASP.NET  
C#  
C++  
ColdFusion  
COM/COM+  
Delphi-Kylix  
Design Usability  
Development Cycles  
DHTML  
Embedded Tools  
Flash  
Graphic Design  
HTML  
IIS  
Interviews  
Java  
JavaScript  
MySQL  
Oracle  
Photoshop  
PHP  
Reviews  
Ruby-on-Rails  
SQL  
SQL Server  
Style Sheets  
VB.Net  
Visual Basic  
Web Authoring  
Web Services  
Web Standards  
XML  
Dedicated Servers  
Download TestComplete 
IBM® developerWorks 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
ASP

Credit Card Fraud Prevention Using ASP and COM Technology
By: Hexa Software Development Team
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 3 stars3 stars3 stars3 stars3 stars / 9
    2003-03-18

    Table of Contents:

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     
    Iron Speed
     
    ADVERTISEMENT

    Ajax Application Generator Generate database and reporting .NET Web apps in minutes. Quickly create visually stunning, feature-rich apps that are easy to customize and ready to deploy. Download Now!

    Credit card fraud is a problem. We all know this fact. But what are the appropriate steps to combat this crime. Hexa has listed some protection strategies of their own.

    Credit card fraud has become pervasive on the Internet. According to MasterCard International, account takeover fraud has increased by 369% since 1995. It has become one of the fastest growing types of fraud, and one of the more difficult to combat. More than $700 million in online sales were lost to fraud in 2001, representing 1.14 percent of total annual online sales of $61.8 billion, according to GartnerG2.

    Even if the credit card company has given the authorization as to the validity of the card, there are several ways fraudulent cards can be used on your site. The card may have been lost or stolen, but the card owner is yet to report its loss. Or the number on the card (and not the card itself) may have been lifted without the knowledge of the owner. There is also a scam called identity theft, where the card has been issued under false pretenses using someone else's identity and data.

    As an online merchant, you need to have a system to check the authenticity of orders placed to safeguard your business. While the effort may require additional time and money, it can save you the cost and stress caused by charge-backs for fraudulent orders. You lost your physical products; you lose the sale price; you lose another business opportunity; and you will be fined an additional $15-$50 charge-back fee.

    If you have a high percentage of charge-backs, your card services company can even blacklist you and cancel your merchant account. You will also spend time looking up the order and provide the requested information to your card services company. All of these hassles are things you can surely do without.

    How can you protect your business from credit card frauds? Here are a few steps that can be taken to ensure that the transaction is being requested by the real cardholder.

    • Suspect shipping address. According to ClearCommerce Corporation, a provider of payment processing and fraud protection software for e-commerce, orders from Ukraine, Indonesia, Yugoslavia, Lithuania, Egypt, Romania, Bulgaria, Turkey, Russia and Pakistan have a very high incidence of fraud, and often have unverifiable addresses.
    • Untraceable email address. In many fraudulent orders, the customer's email address is often at one of the free email services, like hotmail.com and yahoo.com, which are relatively untraceable.
    • Expensive items. Be wary of expensive orders, especially for expensive brand-name items.
    • Multiple items. It can be a bad sign, for example, if someone orders three X-Box or three DVD players at once, especially where the items have a high resale value.
    • Express shipping. Most fraudulent orders specify overnight or 1-day shipping without hesitation.
    • Shipping address differs from billing address. Receiving point and billing address are different in fraud orders. If you are selling valuable items, it can be a good policy only to ship to the billing address of the card’s holder.
    • Suspicious billing address. The address looks too simple or invalid. If the billing address is 123 Main St, New York, the order is probably fraud. You can use or online location tool to see if the address can be verified.
    • Leave at door or post office box. If the courier service cannot guarantee delivery of goods, the risk of fraud is very high.

    The advancement of geo-targeting in the Internet allows us to pinpoint the geographical region for an order. The information can be used to reduce the fraud by verifying it with the billing address and delivery address. This method can identify the scenario where someone from country X has stolen the credit card data from country Y. The IP address lookup service will reveal the real country instead of relying on the country filled in the order form.

    IP2Location™ provides technology to translate IP address to country origin. The lookup table is available in several formats such as database and COM. It is the perfect solution to automate the fraud detection using client side programming languages like C++ & Visual Basic; or service side programming languages like ASP, PHP, JSP and CFML.

    For example, company XYZ received a credit-card order from IP address 161.139.12.3. The order details are as following:

    Name:  John Ma
    Address: 123 Main St
    City:  New York
    ZIP Code: 1111
    Country: United States
    Tel:  (503) 111-1111
    Credit Card No: 1234 5678 9012 3456
    Expired Date: December 2010

    Credit card merchant processor will authorize this order if the billing address matches the order details. Unluckily, the credit card data has been stolen earlier by Mr. ABC from another country through the Internet. Later, he made a purchase of digital products from company XYZ using the information. His order approved by the merchant because all the details matched John’s record in the bank’s database. IP2Location™ technology can filter the difference between order’s country and record’s country upfront to protect your business. You can classify this kind of order for manual inspection before delivering the goods. You will be surprise how much this method will help in identifying fraud orders.

    For the implementation, we use a fully functional IP2Location™ ActiveX component available at http://www.ip2location.com/ip2location-country.zip to query country by visitor's IP address. The unregistered version has a 5-second delay in each query.

    First, install the ActiveX component in IIS web server. It could be as simple as running a command in DOS prompt.

    C:\> regsvr32 ip2location.dll

    We create a script to compare the lookup country and data given in the order authorization flow. It serves as a filter to reduce fraud. All rejected orders will be manual verify by merchants.
     
    verify.asp

    <%
     ' Country info filled in the form (US is only an example)
          BillingCountry = "US"
     ' Create server-side object
     Set ipObj = Server.CreateObject("IP2Location.Country")
     ' Initialize IP2Location object
     If ipObj.Initialize("demo") <> "OK" Then
      response.write "IP2Location Initialization Failed.
     End If
     ' Get visitor's IP address
     IPaddr = Request.ServerVariables("REMOTE_ADDR")
     ' Detect visitor's country of origin by IP address
     CountryName = ipObj.LookUpShortName(IPaddr)
     ' Free IP2Location object 
     Set ipObj = nothing
     If CountryName = BillingCountry Then
      ' IP address originates from country in billing address
      ' Low Fraud Risk
     Else
      ' IP address different from country in billing address
      ' High Fraud Risk
     End If
    %>


    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

    More ASP Articles
    More By Hexa Software Development Team

     

    IBM® developerWorks developerWorks - FREE Tools!


    NEW! Cook up Web sites fast with CakePHP, Part 1: Adding related information and services

    CakePHP is a stable production-ready, rapid-development aid for building Web sites in PHP. This "Cook up Web sites fast with CakePHP" series shows you how to build an online product catalog using CakePHP.
    FREE! Go There Now!


    NEW! Cook up Web sites fast with CakePHP, Part 2: Bake bigger and better with CakePHP

    CakePHP is a stable production-ready, rapid-development aid for building Web sites in PHP. This "Cook up Web sites fast with CakePHP" series shows you how to build an online product catalog using CakePHP.
    FREE! Go There Now!


    NEW! Evaluate WebSphere Extended Deployment Compute Grid V6.1

    Visit IBM developerWorks to download a free trial version of WebSphere Extended Deployment Compute Grid, which lets you schedule, execute, and monitor batch jobs. Because online transaction processing and batch jobs execute simultaneously on the same server resources, you can avoid costly duplication of resources. Compute Grid supports job types of Java transactional batch, compute-intensive and a new type called "native execution", which enables non-Java workloads to run on distributed end points.
    FREE! Go There Now!


    NEW! Expand the editing capabilities of OpenOffice with XSLT

    You might know that you can pull XML data into OpenOffice's spreadsheet program, Calc, but did you know that you can create a filter to make word-processing documents out of data stored as XML? This tutorial shows you how to use OpenOffice's import/export filters to open your XML data as though it's just a plain document. From there, users can edit the document much more naturally and then save it back to its native format. You can also use this feature to easily turn your documents into XML data.
    FREE! Go There Now!


    NEW! Improve your build process with IBM Rational Build Forge, Part 2: Automate builds for a real-world Tomcat project

    Learn how Rational Build Forge can extend a simple compile and package build process by adding customization and deployment capability. Go from a manual method to automating: checking for code changes; getting the latest source; compiling and packaging; customizing; copying to and restarting a deployment server; and sending e-mail notification that a new version is available.
    FREE! Go There Now!


    NEW! Rational Talks to You: Manage RUP-based CMMI initiatives

    Join this Rational Talks to You teleconference on December 4 at 1:00 pm ET to discuss how Rational Method Composer can help meet your compliance objectives. Get your questions answered!
    FREE! Go There Now!


    NEW! The IBM DB2 Detective Game

    Here's a fun way to learn about DB2! Learn or teach the basics of DB2 and relational database with an interactive game called The DB2 Detective Game. The game teaches relational database concepts and shows how technology can be applied to solving real-life problems (the game's theme is a crime investigation). This tutorial has been updated for DB2 9.
    FREE! Go There Now!


    NEW! Using the Eclipse SOA Tools Platform plug-in and Apache Tuscany

    The Eclipse SOA Tools Platform (STP) plug-in and Apache Tuscany simplifies services development through the use of the popular Eclipse development environment. Apache Tuscany has also been integrated with the STP to provide a Service Component Architecture (SCA) Java run time for the services you create, allowing you to annotate your service using the SCA standard and Apache Tuscany annotations. In this tutorial, you will see STP and Apache Tuscany in action, through the creation of a Remote Method Invocation (RMI) service.
    FREE! Go There Now!


    NEW! Webcast: Application security testing and Web compliance

    Join the IBM Watchfire team for an informative discussion on techniques and best practices to proactively manage Web application security and how to effectively build application security testing into the software development lifecycle (SDLC). In this Software Delivery Platform webcast you will learn: How to better understand potential web application security vulnerabilities, best practices and how to effectively integrate application security testing into the software development lifecycle, the importance of detecting and removing software vulnerabilities during application development.
    FREE! Go There Now!


    NEW! Webcast: Extreme transaction processing with WebSphere Extended Deployment

    In this webcast, you'll get an introduction to the eXtreme Transaction Processing (XTP) features of WebSphere Extended Deployment and the common architectural traits required by XTP applications. See how WebSphere Extended Deployment's ObjectGrid feature provides a state-of-the-art infrastructure for hosting XTP applications.
    FREE! Go There Now!



    All FREE IBM® developerWorks Tools!

    ASP ARTICLES

    - Central Scoreboard with Flash and ASP
    - Calorie Counter Using WAP and ASP
    - Creating PGP-Encrypted E-Mails Using ASP
    - Be My Guest in ASP
    - Session Replacement in ASP
    - Securing ASP Data Access Credentials Using t...
    - The Not So Ordinary Address Book
    - Adding and Displaying Data Easily via ASP an...
    - Sending Email From a Form in ASP
    - Adding Member Services in ASP
    - Removing Unconfirmed Members
    - Trapping HTTP 500.100 - Internal Server Error
    - So Many Rows, So Little Time! - Case Study
    - XDO: An XML Engine Class for Classic ASP
    - Credit Card Fraud Prevention Using ASP and C...






    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 5 hosted by Hostway