blog banner

Antifraud System tutorial for carding shops [part 2]

Last time, I promised You that we would consider a lower risk of fraud. (50~60 fraud score) But, a bit walking on different mercham and antifrodam, me came idea better idea. Today we will consider with You one popular merch (and a little touch on the neighboring merch), what protection it offers by the standard, how it advises to check customers in cases of high risk. Let’s consider popular solutions of anti-fraud system for small-medium online stores. A little touch on Google Voice/Skype/phone numbers. And let’s analyze in more detail a couple of anti-fraud systems for plus / minus the average store.

Merch, whom I think almost everyone knows. He has a brother Shopify Plus – for big businesses. We are not interested in it, and it will be difficult to get there. Shopify has the most expensive tariff plan 300$ / month, the cheapest 30$ / month

Tariff Plans

According to the tariff plan, you can say a lot about the small shop. What is the difference between tariff plans?

All tariff plans have standard protection and its setting. The brother Shopify Plus setting is fully customized, with filters and rules. In the last article I described these points in detail. Back to small shops,

by what differences can we make an assumption about the tariff plan: – 

– If the store issues / sells e-Gift’s, it is either middle(average) tariff for$80/month, or advanced (advanced) for$300 / month. Check it is quite simple, scroll down the page, see on the site map there is an item Gift Cards? If there is, click on it, there is an option to purchase a card?

– What is the shipping cost? a Rough example: if one site for the same product shipping $50 FedEx Overnight, and the other $30, then the site on which the delivery costs less likely tariff plan is more expensive.

– If the site indicates the estimated tariff plan of delivery through the application or operators (USP, FedEx, etc.), then the tariff plan of this shop is the most expensive.

Naturally, large stores do not even need to check, they are likely worth Spotify Plus.

But, in case You came across a small shop, then these data can tell you a little about the shop. For example, if a shop does not have e-gift’ov and delivery is expensive enough, attendance by rating Alexa small, on facebook few subscribers, then we can play on the inexperience of sellers. Also, if we are sure that the shop is small and does not use Spotify Plus, then the number of employees to whom we can connect CC for payments is maximum 15. From here, you can roughly guess how many employees there are in the company.

Shops of average level (not tariff), which have advanced tariff, receive very informative reports. And also, on the basis of these reports Spotify can advise to bring value of this or that attribute in the blacklist. And next time immediately send a warrant for human verification.

A rough example, if chargers were on orders from SSH-tunnels: the fraud system will recommend to bring in a black list of this or that IP domain. The theme of the Dedikov/socks/tunnel today we will be back, but a little bit later.

Do not forget, we are considering Spotify, other merchants may have other tariff plans.

Spotify’s Standard anti-fraud system
Remember in the last part I told you about the risks and their colors? I forgot to specify another color: Green.

Remind you of the values: 

Green – there are no risks, frod will reduce a little points. Displayed when the attribute value matches most “legitimate” orders.

Gray – does not add or subtract Frodo points. In fact, additional information about the order. Always different, depends on what your order green attributes, and what red.

Yellow – Risky (Risky). Displayed when the attribute value matches some fraudulent and” legitimate ” orders.

Red – Very Risky (Big risk). Displayed when the attribute value matches most fraudulent and some “legitimate” orders.

red – Extreme Risk (Extreme risk). Displayed when the attribute value coincides with most of the fraudulent orders.

The standard Spotify system, slightly simplified everything. There are only three colors:

Green / Grey /Red. But they mean the same thing.

Let’s analyze the attributes from the screenshot: 

– Order characteristics are the same as other fraudulent orders.

– CVV is correct.

– Billing address does not match with the registered address of the cc.

– Bill ZIP or zip code does not match CC registered address.

– There were five attempts to pay.

– Attempts to pay were with two cards.

– IP address used to place an order in Brooklyn.

– The delivery address is 24 km from the IP address.

– Bill country corresponds to the country from which the order was made.

– IP address is not high risk, do not be in the blacklist’e.

Adding An Order Through The Terminal
In any merche there is an addition of orders through the panel / terminal. At Shopify, too:

And if You stumble upon a shop with Shopify merch, I suggest orders to do exactly the rung, because in this case, the standard anti-fraud system in General did not really check. Billing / Shipping distance – does not check all that is associated with addresses and even valid shipping addresses – does not check. All the checks run only in the payment. In my case, I drove in a Russian long time not valid card to the American address. So also the name of an American put, here is the result, payment is of course not passed:


– One payment attempt.

– Payment method is not available.

Just like that, we bypassed the standard Shopify system? Yes, but…


Each merch has its own “Applications”(Apps), some free, some paid. Some are bought once, and some monthly. In principle, all merch +/- the same list of applications. The only differences in the applications of the merchandise. For example, Shopify has an application Shopify Flow, it is purchased automatically with Shopify Plus:

Users of the Usual shopify merch can not get this application.

Basically a normal automation application – creating rules. We discussed the creation of rules in the last article. Of course the rules can be quite arbitrary. Let me remind you, what are the rules, for example:

If, items in the order > 10–> If the order amount in USD > 1500–> Send the order to be viewed by a person.

If, elements in the order <= 10–> Skip the order. Distracted, back: we bypassed the standard antifrod protection Shopify. What’s next?

Distracted, back: we bypassed the standard antifrod protection Shopify. What’s next?

Third-Party Apps
Shops have the opportunity to buy or connect free applications. For very small shops there are completely free anti-fraud apps. Here are some popular solutions in Spotify:

Fraud Filter – the Usual filter, for what need filters and as they work, we analyzed in past article. Price: free.

Fraud Scanner – Instead of manually constantly scanning orders you can install this application. It will automatically scan for new orders and also notify You by E-Mail in case Shopify recommends to deploy an order. (Extreme risk of fraud) the App has multiple tariffs, free tariff – up to 25 orders per month. The most expensive – 20$/more 500 orders in month. You can set it to automatically cancel your order.

FraudLabs Pro – anti-fraud system, quite popular. It also occurs in BigCommerce. 500 orders per month for free/1250$ – 500 000 orders per month. Also, more expensive tariffs have a little more attributes. And rules/filters create as much as possible. To it today we still will return.

NoFraud – less popular in BigCommerce anti-fraud system, but quite popular in Shopify. The cost of the tariff is calculated from the cash turnover of the store. The site copyright is 2016, although the blog has posts 2018. The console looks the same as Everyone else, has no tricky settings, the attributes are standard. Let’s run through the quick, what checks are there.

– Device fingerprint.

– IP/Billing/Shipping distance.

– Check for proxy / VPN.

The timing definition of the speed of the transaction.

– Customer behavior in the shop.

– Checks the presence of accounts by E-Mail in social. networks.

– Checks the information about CC in banks.

– Uses both global blacklist’s and merchant’s.

– Check the BIN s Bank.

– Creates and uses its database of values of attributes of fraudulent and legitimate orders on the basis of statistics.

Riskified – not available on BigCommerce, but is one of the most popular on Shopify. Simple enough, the checks are still the same. Nothing interesting except a beautiful green interface.

Signifyd is one of the most popular anti-fraud systems, it is popular everywhere: Shopify, BigCommerce, Magento. Cost: $0 / month-cheapest. $1000 / month-average. Enterprise-price depending on the cash turnover of the shop. In Enterprise, You will even have one Manager who will review transactions and make decisions about them.

a Decent number of attributes. there is no Customization, no rules / filters, but there is an API. Of course, you can create rules through the API, but for this you need programmers. The difference in the interface is: fraud score is not added, but reduced. From 1000 to 0. 1000-500 – Green order. (Skip) 499-300- Red warrant. (Send for human verification) 299-0 – Red order. (Cancel order). There is a” quick view ” of the order, so we will call it. Three panels are shown at the top Address / Device / Mail. Each panel has its own separate fraud score and separate attributes. Attributes are shown depending on what you did “good and bad”during the order. Thus, you can quickly determine what type of order you got.

The system offers to search in social networks by the name of KH and by E-Mail. By searching through the E-Mail system supports up to 5 social networks: Facebook, Twitter, Klout, LinkedIn, Gravatar.

And on behalf of KKH offers to look for:

– Google by full name, billing city and state.

– Google by name and billing address.

– LinkedIn by full name and billing zip’u.

In Facebook by my full name.

Subuno is a popular anti-fraud of BigCommerce users. It has a good number of attributes, and supports custom rules. Offers to search for billing and shipping data in a variety of different sites. Also automatically finds links to Your social networks by E-Mail. Has a small customization interface: you can configure which Windows you are interested in, and the rest can not be shown.

Prices are very low: Minimum $19 / month-one transaction $0.05-800 transactions / month; Maximum $250 / month-one transaction $0.01-25 000 transactions / month. And if you have more than 100 000 transactions / month they will be happy to prepare a personal tariff plan for You. The maximum tariff includes all the buns, as well as the rest of the anti-fraud systems. Such as expert Help in the solution, supplemented with statistics analysis a preliminary analysis of the fraud tips from the system and so on.

Let’s go through the attributes quickly. Of the interesting and unusual there is a CQR check. It checks the connection between phones/names/address . If the connection is not found looking for the name/address of the real phone. If it does not find a connection between the name and the address, it looks for both the address and the name separately. There are attributes of phone type: landline/mobile. Is the correct address / phone written. Can show the name of the phone number owner. In our example, the” client ” Neustar does not converge mobile number. The owner of a phone number name is completely different.

There is on the contrary, verification by phone of the address/name.

Made it all in order to understand who the real KH and call him to notify the “order”. Anyway, so advises support (support). There is a insurance check . If insurance there is-its will show, and if Your made to order not from USA, then look at insurance antifrod will respond to all slightly on laskovey and a bit will reduce fraud score. There are attributes of the location of the phone number and the definition that it is disposable. Not a fixed VOIP line, without location, will add you fraud score, and a fixed line with the definition of a ZIP phone number on the contrary will reduce. Fraud Score from 0 to 1000. The system recommends not thinking to reject orders with fraud score > 800. Subuno quickly adapts to Your shop, the more orders, the more accurately fraud score will be determined.

We have disassembled with You the most popular antifrod systems that can be connected to the shop. And so same a bit touched on neighboring merch.

“Just like that, we bypassed the standard Shopify system?”- so the question had to be answered. Naturally, everything is not as simple as it seems.

Manual Check

what does Shopify advise beginners to do in cases of extreme risk?

Now we will discuss with you the topic of manual verification. And more specifically tips Shopify.

So, we have registered our Shop with you. We have the first order! Hurray! Here is only fraud score: red. What shall we do? Initial order… I do not want to reject the first “client”. To begin, follow the recommendations:

1.Check the IP address.

The IP address is located in a different area from the billing address?

IP address for web hosting?

The IP address is the IP of the proxy server?

If all the questions we answered “Yes”, then in my head can already add us fraud score. And move on to the next item.

2.Let’s check the phone number.

in Advance would like to apologize to promusicae if you open someone else’s Desk.

Before the call we are offered to check the phone number on the website :

The site is multi-functional. In addition to punching by phone number, there are 4 types of punching. 411 for You will try to find contact information by name and State/City / ZIP. Offers to help you “get acquainted closer” with their neighbors.

I think we’re all excited to get some map data in there. Take your time, I’ll do it for you.

As you understand can be to know a bit interesting things about KH. First, check the address of residence, in case you moved KH. To know the background and stuff. Only $14 / month.

Digressed. Enter the Google Voice number.

Here is and fraud score for phone number get. First, it is a non-fixed VOIP line. Second, immediately the system calculates Skype/Google Voice. It’s the same in anti-fraud systems. So use Google Voice and Skype at your own risk. In case of definition of a fraud by system GV and Skype, the antifrod will be engaged in search of the present number of KX.

Back to manual check. Shopify offers us to call the phone number and if someone answered us, then ask a couple of simple questions and see what the reaction will be: do customers know the address/phone number/E-Mail and the name they used in the order. Or are they trying to evade the question/give You “water” information? If you are confused by the answer, go to the next item!

3.Check E-Mail.

Shopify recommends checking your e-Mail on Google and other search engines. If E-Mail was used for fraud, you may come across documented fraud attempts. And if the E-Mail is really KH, then Google will give you messages from social networks or other information that connects our “client” with E-Mail. Still in doubt?

4.Verification Of Billing=Shipping.

If the distance between the two addresses is significant enough, then it is likely a fraudster, but be careful, suddenly he decided to make a gift to a friend?

5.Check Out Shipping.

If the shipping address matches other orders where the billing is different, then most likely it is a fraudulent order.

6.Check the value of the order.

If the price of the order exceeds the usual one (Shopify will notify you about it) or there are a lot of the same goods in the basket, then most likely it is a fraud order.

Here, I think, everything is simple and clear. Here we went through the items, but still afraid to reject the order, let’s write in support of our situation, maybe they will advise us something more interesting!

So we got this warrant. Reply support:

I will translate only the most interesting, although there is little interesting here: “Contact Your client by phone, if no one takes the phone write to him by E-Mail. If the client responds, use your intuition. If they do not respond – cancellation of the order will be the best solution. The high risk appeared due to the fact that IP / Shipping distance is very large. Such orders are usually cancelled. Some sellers do this: if the risk is low, they call the number. And if medium or high they cancel the order. I also advise you to enable the cancellation of the order in case of a CVV error and a ZIP definition error.”


What is this AVS and CVV?

AVS is a system that compares the numeric portion of a customer’s billing address and ZIP with information from a credit card Issuer.

CVV is 3 or 4 digits on the other side of the card. CVV is not stored in companies, because its storage is prohibited. So CVV is a check that CC is on the client’s hands.

In Shopify, just these two checks can be enabled. And Shopify after registration strongly recommends that you do so. So let’s see what anti-fraud systems show in certain cases. The answers from these systems are usually letters of the Latin alphabet:

Let’s start with the AVS. Depending on what kind of material you have, such answers will be. We will analyze today with You

“Visa” :

Y – full match of the address and 5 digit ZIP code.

A is a partial match, the addresses match, and the 5 digit and 9 digit ZIP codes do not.

Z is a partial match, the street does not match, but the 5 digit ZIP matches.

N – does not match 1 / 5 digit ZIP/9 digit ZIP.

U – AVS system not available. (For example, if AVS is poorly configured or does not function correctly in a U.S. Bank)

R – AVS system is not installed at the Issuer or is not available. Try again.

E – AVS data is invalid.

S – Us Issuer does not support AVS.

International transactions: 

D/M is a complete match.

B is a partial match. The address matched and the ZIP COULD not be verified due to an incompatible format.

P is a partial match. The address is not verified, due to incompatible formats, and the ZIP matches and corresponds to the format of the international transaction.

C – does not match. Incompatible formats.

I – does not match. The information is not confirmed by the international Issuer.

G – international AVS is not supported by the Issuer.


M – matches.

N – does not match.

P – not processed. (Error)

S – the Issuer says CVV2 is present on the card, but the user says otherwise.

U – the Issuer does not have a CVV2 certificate or the Issuer has provided a card without CVV2 encryption keys.

Empty – transaction failed because CVV2 was not specified or was specified incorrectly.

A transaction can be approved even without CVV and AVS matching. CVV and AVS are designed to give additional transaction information to the seller!


Charge-KH noticed a sharp write-off from the balance of about $ 1,500… What’s next? Farther

KX makes a request to the Bank. In case the Bank is 100% sure that the money was stolen by some “russian carders from the wwh”. Then the Bank immediately returns the money to the Bank and sends a “request” to the seller to return the money to the Bank. If the issue is controversial, the Bank makes a request to the seller, in the case of a request, the Bank will not ask for payment immediately. In such a case the Bank will check all “evidence”of fraud transaction. If the Bank doubts the money will remain with the seller. If the evidence is in the direction of a fraudulent transaction, the money will have to be returned. The seller, in the case of a request by the Bank, can also “participate” in the investigation. Send your evidence to the Bank. To contact the customer, “negotiate”, what grandmother doesn’t want him.)) Also, the seller can agree to a refund or make another request to the Bank, in case of not agreeing to a refund.

Normal refund process: 

1. KH makes a request to the Bank.

2. The Bank sends a request to the seller for a refund.

3. CC asks the seller to provide proof that the payment is ” legal.”

4. Seller and Shopify collect Doc-VA to find out whether the payment is “legitimate”.

5. Shopify sends a response to the credit card company.

6. The company reviews the dock, usually it takes 60 to 120 days.

7. After the issue is solved, to return the payment or not.

Leave a Reply