phantomLine™ — insider insights

Anti-Fraud Tip #001:

How To Combat Consumer Credit Card Fraud

(rt) When it comes to fraudulent credit card payment and chargebacks, online vendors are usually stuck between a rock and a hard place: on the one hand, nobody likes to lose a sale, on the other any mishap on this front comes at a very stiff price.

Consider: some banks will quote you, as an online merchant, for a stately $25-40 per chargeback, be it fraudulent or not. Other credit card payment clearinghouses may not charge you any fixed fee but will blithely keep their processing share of 12-15% or more. In other words, every flunked $1,000 online order will cost you $150 — with no compensation whatever for all your trouble and pains. Which, of course, is not at all funny seeing that it should really be the banks' and processing centers' job to prevent fraudulent transactions: after all, that's what you're paying them for.

While there's no easy solution to this problem, we can at least show you how to prevent the very worst. Many webmasters have experienced that a statistically significant share of fraudulent online orders are originating from certain areas of the world where security and law enforcement standards are simply not up to par. So if your sales analysis should reveal that, say, 15% of your fraudulent credit card transactions are coming from country X (determined by top level domain or country code), you may perhaps want to block your site for all users trying to access it from that country. Granted that there will still be ways and means to circumvent this protection, it may still save you no end of frustration and costs by fending off at least the less net savvy crooks.

One way to go about this is to make use of your web server's own resources. For brevity's sake we will limit the examples given in this tip to systems running Apache webserver.

The Apache module mod_rewrite comes free with every version of Apache. However, note that it is not installed and implemented by default! So if your web host doesn't feature it yet, you will have to request them to install it for you. You will also require .htaccess functionality to make the following tip work for you.

(For an in depth discussion of this functionality see our four part Module mod_rewrite Tutorial here.)

Let's say you want to block users accessing your site from China .CN, Korea .KR and Romania .RO respectively. (This is just an example by way of illustration — no discrimination intended. Obviously, your mileage may vary.)

The method presented in the following column will generate an “access forbidden” message whenever a visitor from one of these hosts tries to access your site.

Modifying the .htaccess file

In your .htaccess file, add the commands given in the box below and upload it to your main directory (DocumentRoot).

Note: Please unwrap any lines (7 in all) before copying and pasting to your system if your browser should wrap them — this is crucial, as the code won't work otherwise!

System must have Apache's HostnameLookups functionality turned on for this to work!

Apache module mod_rewrite

However, this method does have its drawbacks, too:

  • You are restricted to systems featuring Apache and .htaccess as well as module mod_rewrite functionality. (IIS based web sites are out of luck!)
  • You must follow the mod_rewrite and .htaccess syntax to the dot. Else, you may realistically risk blocking site access altogether — even for yourself!
  • This is a one-for-all approach: the block commands will apply to any directory content under the one you uploaded the .htaccess file to — unless you consign a different .htaccess version to those directories you wish to exclude from the ban. Also, it does not allow blocking by web page. (While this is basically possible under mod_rewrite, it involves a more complex syntax we cannot cover here.) Not every webmaster will want to bow to these restrictions.

Still, it will probably cover the requirements of most small web sites nicely.

For a more flexible (and comfortable!) way of doing it, involving CGI scripts and SSI, and also allowing to block individual pages not only by UserAgent but by IP and by host as well, you may want to take a look at our fantomas multiBlocker™. This will work on IIS systems, too, provided they offer Perl & CGI functionality — usually a given.

fantOon See our weekly SEO cartoon here!
fantomas multiBlocker™
Professional IP Blocker Program The heavy duty spam, snoop and fraud protector: block an unlimited number of predefined IPs, UserAgents and referrer Hosts from accessing your web pages.

Avoid code napping, frivolous litigation for purported rights violation, protect your code and your privacy from established snoops and dumb, misbehaved spiders running rampant on your site.

Weed out domains or entire countries notable for their high rate of fraudulent credit card chargebacks.

fantomInfo About Us Mission Statement Privacy Policy Contact Office Hours

At fantomaster.com we are committed to aiding internet and Web professionals in achieving their goals in today's and tomorrow's increasingly competitive technological environment.

fantomNews Weblog siteFlash: What's New Here? Archive

Read the latest info on our products and services in our fantomNews™ online newsletter focusing on IP delivery (cloaking), search engine optimization, webmaster tricks, etc

fantomProducts Overview Downloads TechSpecs Manuals Price List

Check out our fine product line of webmaster software, Perl and CGI scripts, many of them world time firsts in their class. See our documentation and test our demo versions in real time.

fantomTips FAQs Tutorials Cloaking and IP Delivery Resources Free Content

Our information gold mine: search engine positioning, IP delivery, cloaking technology, search engine spider IPs, FAQs, link popularity, resources and links to boost your web presence.

fantomServices Overview spiderSpy™ Anti-Spam Anti Code Napping Anti-Fraud

Profit from our research and development efforts! Get the world's most comprehensive database of search engine spiders for top notch search engine optimization and traffic analysis.

fantomFreestuff Overview Services Downloads FAQs Tutorials

Giving back to the community: our free cutting edge applications for webmasters and IT professionals. With thousands of downloads per year, we're helping to make the Web a better place.

fantomOrders Overview Ordering Online PayPal Ordering Offline Price List Special Deals

Need we say more?

We offer the industry's widest variety of secure options for payment, download and registration of our products and services. Order online via our state-of-the-art SSL-secured enhanced Apache server or via PayPal

Alternatively, you may order by fax, by email, by phone or by snail mail.

fantomCrew™ Affiliates Overview FAQ Links & Banners Terms Join Up! Member Login

Teaming up with success: excellent established products, lifetime commissions, zero setup fee, enlightened support — if you can make web professionals listen, speak with us and join up!

fantomTech™ OEM Program Overview Contact

The fantomTech™ Mighty Engines OEM Licensing Program offers cutting edge power engines and value added services for software developers and service providers. Full support available.

fantomMedia™ Center Press Releases

Media workers: stay informed and up-to-date by reading our fantomNews™ online newsletter, special press releases and digests. Consult with our world renowned experts.
Interview inquiries welcome.