FundSvcs Community

We experienced just under 80 fraudulent $5 transactions hit our online vendor overnight. We are working with the vendor to increase our fraud thresholds, but this was a fairly clever attempt. The only real red flag was the volume, along with repeated use of different combinations of common male names, for example, Richard Miller, James Johnson, and similar, paired with abnormal addresses. Many transactions also had city and state mismatches that, unfortunately, were not flagged by the credit card platform.

We know we need to adjust our thresholds going forward. In the meantime, I am hoping to get guidance on how others would handle these transactions on the back end.

If we do not receive chargeback claims and the transactions continue to settle as normal charges, what is the recommended approach? Do you post them as a single lump sum, or create individual records for the names used and mark them as Do Not Contact, refund them all (it's too late to void them), or something else entirely?

<scribe-shadow id="crxjs-ext" data-crx="okfkdaglfjjjfefdcppliegebpoegaii" style="position: fixed; width: 0px; height: 0px; top: 0px; left: 0px; z-index: 2147483647; overflow: visible; visibility: visible;"></scribe-shadow>

We experienced just under 80 fraudulent $5 transactions hit our online vendor overnight. We are working with the vendor to increase our fraud thresholds, but this was a fairly clever attempt. The only real red flag was the volume, along with repeated use of different combinations of common male names, for example, Richard Miller, James Johnson, and similar, paired with abnormal addresses. Many transactions also had city and state mismatches that, unfortunately, were not flagged by the credit card platform.

We know we need to adjust our thresholds going forward. In the meantime, I am hoping to get guidance on how others would handle these transactions on the back end.

If we do not receive chargeback claims and the transactions continue to settle as normal charges, what is the recommended approach? Do you post them as a single lump sum, or create individual records for the names used and mark them as Do Not Contact, refund them all (it's too late to void them), or something else entirely?

<scribe-shadow id="crxjs-ext" data-crx="okfkdaglfjjjfefdcppliegebpoegaii" style="position: fixed; width: 0px; height: 0px; top: 0px; left: 0px; z-index: 2147483647; overflow: visible; visibility: visible;"></scribe-shadow>