June 25, 2018, 04:05:56 PM

Author Topic: Digital Rev!  (Read 33232 times)

Mt Spokane Photography

  • CR GEEK
  • ***************
  • Posts: 14246
Re: Digital Rev!
« Reply #45 on: June 11, 2015, 09:39:03 AM »

It's also common practice for companies to only ship to the same address on record with your cc company.  This helps prevent people from using stolen credit cards to purchase items online.  If your shipping address is different you can call your cc company and let them know you are having an online order shipped somewhere else to pre-approve the order.

Not sure if this was the case for you or not but could be one reason for an order issue.

Just because they did it once doesn't mean someone didn't make a mistake at the store and released the order without verifying.

Store owners do not actually process credit cards by hand, its a bit more complex.  When you enter your card info, it is entered into as gateway, which usually is a company specializing in taking credit cards and screening them for errors, fraud, etc.  There are settings in the gateway for basic checks, address match can be full address, postal code, verification code, etc.  They also look at the IP to determine if the country matches that of the CC, and, of course, the cc number is a different number of digits for the USA.

Depending on the risk level for the type of business (Cameras and Lenses is a high risk target), the merchant can set restrictions tighter or looser.  If a card fails one test, its going to be rejected.  If it fails multiple tests, its going to trigger a fraud alert.  When I buy a $3,000 lens or camera from my local merchant, my phone rings 1 minute later with Amex asking if I purchased the item.  That's because Amex looks to see if you have done business with that merchant recently.  Since I only purchase a big ticket item from him every 2-3 years, the phone usually rings.

I buy from Adorama and B&H frequently enough that I usually don't get those calls about purchases there.

I ran a online store and dealt with gateways, card processors, etc.  There are multiple levels of checks, and still fraudsters occasionally get thru.

The OP should be happy that the store takes security responsibly and is protecting his credit card from a possible unauthorized purchase.

canon rumors FORUM

Re: Digital Rev!
« Reply #45 on: June 11, 2015, 09:39:03 AM »

East Wind Photography

  • EOS 5DS R
  • ******
  • Posts: 1413
  • EWP
Re: Digital Rev!
« Reply #46 on: June 11, 2015, 10:26:02 AM »

It's also common practice for companies to only ship to the same address on record with your cc company.  This helps prevent people from using stolen credit cards to purchase items online.  If your shipping address is different you can call your cc company and let them know you are having an online order shipped somewhere else to pre-approve the order.

Not sure if this was the case for you or not but could be one reason for an order issue.

Just because they did it once doesn't mean someone didn't make a mistake at the store and released the order without verifying.

Store owners do not actually process credit cards by hand, its a bit more complex.  When you enter your card info, it is entered into as gateway, which usually is a company specializing in taking credit cards and screening them for errors, fraud, etc.  There are settings in the gateway for basic checks, address match can be full address, postal code, verification code, etc.  They also look at the IP to determine if the country matches that of the CC, and, of course, the cc number is a different number of digits for the USA.

Depending on the risk level for the type of business (Cameras and Lenses is a high risk target), the merchant can set restrictions tighter or looser.  If a card fails one test, its going to be rejected.  If it fails multiple tests, its going to trigger a fraud alert.  When I buy a $3,000 lens or camera from my local merchant, my phone rings 1 minute later with Amex asking if I purchased the item.  That's because Amex looks to see if you have done business with that merchant recently.  Since I only purchase a big ticket item from him every 2-3 years, the phone usually rings.

I buy from Adorama and B&H frequently enough that I usually don't get those calls about purchases there.

I ran a online store and dealt with gateways, card processors, etc.  There are multiple levels of checks, and still fraudsters occasionally get thru.

The OP should be happy that the store takes security responsibly and is protecting his credit card from a possible unauthorized purchase.

It depends upon the store.  Pure online stores can deal with processing a bit differently than a brick and mortar store that has to deal with inventory levels and a separate point of sale system to integrate.  We are also dealing with a Chinese company here so what we do here in the states and what they do may be completely different.

One thing is for sure if the shipping and billing addresses are different, that raises a big red flag...no pun intended there.  Once you get burned, you question ALL of the red flags.

Also people don't realize while you as a consumer are offered great protection against fraudulent purchases, the merchant does not.  He therefor needs to get it right.


Valvebounce

  • Canon EF 400mm f/2.8L IS II
  • *********
  • Posts: 3761
  • Doing my best to get all of this to work together.
Re: Digital Rev!
« Reply #47 on: June 11, 2015, 08:28:32 PM »
Hi Mt Spokane.
Well said.
This is done to protect your credit rating, (and the credit company) it may seem inconvenient, but not as inconvenient as having to cancel your card (or having it cancelled automatically) because of fraudulent activity. It would have been nice if the seller had informed you when they cancelled your order that they had and why, but then it might not have been you they contacted anyway! ;D
Just do what we all have to do from time to time, jump through the hoops they have set up for you and move on!

Cheers, Graham.


It's also common practice for companies to only ship to the same address on record with your cc company.  This helps prevent people from using stolen credit cards to purchase items online.  If your shipping address is different you can call your cc company and let them know you are having an online order shipped somewhere else to pre-approve the order.

Not sure if this was the case for you or not but could be one reason for an order issue.

Just because they did it once doesn't mean someone didn't make a mistake at the store and released the order without verifying.

Store owners do not actually process credit cards by hand, its a bit more complex.  When you enter your card info, it is entered into as gateway, which usually is a company specializing in taking credit cards and screening them for errors, fraud, etc.  There are settings in the gateway for basic checks, address match can be full address, postal code, verification code, etc.  They also look at the IP to determine if the country matches that of the CC, and, of course, the cc number is a different number of digits for the USA.

Depending on the risk level for the type of business (Cameras and Lenses is a high risk target), the merchant can set restrictions tighter or looser.  If a card fails one test, its going to be rejected.  If it fails multiple tests, its going to trigger a fraud alert.  When I buy a $3,000 lens or camera from my local merchant, my phone rings 1 minute later with Amex asking if I purchased the item.  That's because Amex looks to see if you have done business with that merchant recently.  Since I only purchase a big ticket item from him every 2-3 years, the phone usually rings.

I buy from Adorama and B&H frequently enough that I usually don't get those calls about purchases there.

I ran a online store and dealt with gateways, card processors, etc.  There are multiple levels of checks, and still fraudsters occasionally get thru.

The OP should be happy that the store takes security responsibly and is protecting his credit card from a possible unauthorized purchase.
7DII+Grip, 1DsIII, 7D+Grip, 40D+Grip, EF 24-105 f4L EF-S 17-85, EF-S 10-22, EF 70-200 f2.8 L IS II, EF 1.4xIII, 2xIII, EF 100-400 f/4.5-5.6l IS II, Σ17-70 f2.8-4 C, EF 50mm f1.8, YN600EX-RT, YN-E3-RT, Filters, Remotes, Macro tubes, Tripods, heads etc!

1DsIII, 20D, 24-105, 17-85, Nifty 50 pre owned

Mt Spokane Photography

  • CR GEEK
  • ***************
  • Posts: 14246
Re: Digital Rev!
« Reply #48 on: June 11, 2015, 10:33:55 PM »

 We are also dealing with a Chinese company here so what we do here in the states and what they do may be completely different.



The credit card companies call the shots, they publish a extensive set of requirements that sellers must follow.  They have issues a common set of rules that apply Globally, no matter what country you are in.  If you want to accept Visa, MasterCard, Discover, AMEX, you must abide by them, and the rules require a independent verification that you are following the rules.

That's one of the reasons that I finally stopped taking credit cards last July.  It had become expensive for a small business.  There are indeed different procedures for Brick and Mortar, but everyone is connected to the internet now, and card data is transmitted over the internet, so the computer security is very tight (Some still don't get it).


The PCI Data Security Standard
PCI DSS is the global data security standard adopted by the payment card brands for all entities that
process, store or transmit cardholder data and/or sensitive authentication data. It consists of steps that
mirror security best practices.

https://www.pcisecuritystandards.org/documents/PCISSC%20QRG%20August%202014%20-print.pdf
« Last Edit: June 11, 2015, 10:36:15 PM by Mt Spokane Photography »

East Wind Photography

  • EOS 5DS R
  • ******
  • Posts: 1413
  • EWP
Re: Digital Rev!
« Reply #49 on: June 12, 2015, 06:46:24 AM »

 We are also dealing with a Chinese company here so what we do here in the states and what they do may be completely different.



The credit card companies call the shots, they publish a extensive set of requirements that sellers must follow.  They have issues a common set of rules that apply Globally, no matter what country you are in.  If you want to accept Visa, MasterCard, Discover, AMEX, you must abide by them, and the rules require a independent verification that you are following the rules.

That's one of the reasons that I finally stopped taking credit cards last July.  It had become expensive for a small business.  There are indeed different procedures for Brick and Mortar, but everyone is connected to the internet now, and card data is transmitted over the internet, so the computer security is very tight (Some still don't get it).


The PCI Data Security Standard
PCI DSS is the global data security standard adopted by the payment card brands for all entities that
process, store or transmit cardholder data and/or sensitive authentication data. It consists of steps that
mirror security best practices.

https://www.pcisecuritystandards.org/documents/PCISSC%20QRG%20August%202014%20-print.pdf

Yes but there are some that still get around that practice...for example..I go into a restaurant to buy food, I never have anyone ask me for my billing address.  When I order online some but not everyone ask for the CID...which I thought was a requirement.

Anyway, I think we can say for the fees charged, the system still is not perfect. 

Mt Spokane Photography

  • CR GEEK
  • ***************
  • Posts: 14246
Re: Digital Rev!
« Reply #50 on: June 12, 2015, 10:36:32 AM »

 We are also dealing with a Chinese company here so what we do here in the states and what they do may be completely different.



The credit card companies call the shots, they publish a extensive set of requirements that sellers must follow.  They have issues a common set of rules that apply Globally, no matter what country you are in.  If you want to accept Visa, MasterCard, Discover, AMEX, you must abide by them, and the rules require a independent verification that you are following the rules.

That's one of the reasons that I finally stopped taking credit cards last July.  It had become expensive for a small business.  There are indeed different procedures for Brick and Mortar, but everyone is connected to the internet now, and card data is transmitted over the internet, so the computer security is very tight (Some still don't get it).


The PCI Data Security Standard
PCI DSS is the global data security standard adopted by the payment card brands for all entities that
process, store or transmit cardholder data and/or sensitive authentication data. It consists of steps that
mirror security best practices.

https://www.pcisecuritystandards.org/documents/PCISSC%20QRG%20August%202014%20-print.pdf

Yes but there are some that still get around that practice...for example..I go into a restaurant to buy food, I never have anyone ask me for my billing address.  When I order online some but not everyone ask for the CID...which I thought was a requirement.

Anyway, I think we can say for the fees charged, the system still is not perfect.

The billing address is optional, and a cid check is also optional.  Its up to the business.  PCI deals more with security of data and protecting credit card numbers.  In cases where a customer I have dealt with for years places a order with just his card number, I don't bother him for the CID, I just turn the check off for him.  Another thing about the address check, is that its just for the zip code.  I don't know why, but that's all the card companies provide to the gateway companies for a address check.  They all act as though its a check of the address, but its not.  Scammers know this.  I can set it to the basic 5 digit code or the zip plus 4 (US customers).  When accepting International credit cards, many banks still do not have all the data online, or its unreliable, so its common to ask for a scan of some ID.

If a business is not worried about a customer, they are allowed to take the risk, but are fined for a excessive number of chargebacks.  Those engaging in professional fraud are usually looking for something in high demand, cameras, lenses, video games, smart phones, anything they can resell quickly and easily.

TeT

  • EOS 5DS R
  • ******
  • Posts: 827
  • I am smiling because I am happy...
Re: Digital Rev!
« Reply #51 on: June 12, 2015, 02:17:54 PM »
oops... but that is probably all it is oops and not malicious intent on a grand scale...

canon rumors FORUM

Re: Digital Rev!
« Reply #51 on: June 12, 2015, 02:17:54 PM »

East Wind Photography

  • EOS 5DS R
  • ******
  • Posts: 1413
  • EWP
Re: Digital Rev!
« Reply #52 on: June 12, 2015, 03:34:29 PM »

 We are also dealing with a Chinese company here so what we do here in the states and what they do may be completely different.



The credit card companies call the shots, they publish a extensive set of requirements that sellers must follow.  They have issues a common set of rules that apply Globally, no matter what country you are in.  If you want to accept Visa, MasterCard, Discover, AMEX, you must abide by them, and the rules require a independent verification that you are following the rules.

That's one of the reasons that I finally stopped taking credit cards last July.  It had become expensive for a small business.  There are indeed different procedures for Brick and Mortar, but everyone is connected to the internet now, and card data is transmitted over the internet, so the computer security is very tight (Some still don't get it).


The PCI Data Security Standard
PCI DSS is the global data security standard adopted by the payment card brands for all entities that
process, store or transmit cardholder data and/or sensitive authentication data. It consists of steps that
mirror security best practices.

https://www.pcisecuritystandards.org/documents/PCISSC%20QRG%20August%202014%20-print.pdf

Yes but there are some that still get around that practice...for example..I go into a restaurant to buy food, I never have anyone ask me for my billing address.  When I order online some but not everyone ask for the CID...which I thought was a requirement.

Anyway, I think we can say for the fees charged, the system still is not perfect.

The billing address is optional, and a cid check is also optional.  Its up to the business.  PCI deals more with security of data and protecting credit card numbers.  In cases where a customer I have dealt with for years places a order with just his card number, I don't bother him for the CID, I just turn the check off for him.  Another thing about the address check, is that its just for the zip code.  I don't know why, but that's all the card companies provide to the gateway companies for a address check.  They all act as though its a check of the address, but its not.  Scammers know this.  I can set it to the basic 5 digit code or the zip plus 4 (US customers).  When accepting International credit cards, many banks still do not have all the data online, or its unreliable, so its common to ask for a scan of some ID.

If a business is not worried about a customer, they are allowed to take the risk, but are fined for a excessive number of chargebacks.  Those engaging in professional fraud are usually looking for something in high demand, cameras, lenses, video games, smart phones, anything they can resell quickly and easily.

When I've had to deal with big charges, I've actually called the card issuer and asked to validate the address I was given in the order.  If it didn't match then I cancelled the order or had the customer call his card company to register his shipping address.  It was huge manual PITA but it helped root out fraud.  Any of these automated verifications are also suspect.  Once a hacker gets into a merchant he pretty much has access to all of the resources needed. 

While the manual person to person address verification was a BIG pain, it was the best way at the time.  I now outsource all of that so the liability is not on me as a merchant.  :)

canon rumors FORUM

Re: Digital Rev!
« Reply #52 on: June 12, 2015, 03:34:29 PM »