No announcement yet.

New kind of delivery fraud

  • Filter
  • Time
  • Show
Clear All
new posts

  • New kind of delivery fraud

    I encountered a new kind of fraud today that I thought I'd share.

    We received a suspicious order two weeks ago. Suspicious due to what was being ordered, about $800 for stuff we'd normally never sell. BUT I got an AVS match and a card code match, and the shipping/billing addresses were the same. So I shipped it via UPS with signature required and full insurance.

    Got the chargeback today. While compiling my documentation to combat the chargeback I noticed the delivery address was now different. Looking at the tracking I can see that the recipient requested a redirect to a new address via the UPS MyChoice system.

    So it seems people have figured out how to abuse the MyChoice system. Probably someone was able to steal someone's CC #, and then also make UPS think he was the owner of that delivery address, which will then let him redirect any packages to that address to the address of his choosing.

    Am now going through the UPS Claim system. We'll see how that goes. If they deny the claim then I have no idea what to do OR how to trust packages with an AVS match.

  • #2 sorry to hear about this. Hopefully you can get it straightened out. I don't use UPS, so I went and read about it on their website.

    "And our enhanced authentication requirements confirm the identity of each new UPS My Choice member during the registration process, helping to minimize fraudulent and misdirected shipments."

    Hopefully this means they are going to accept some responsibility since their authentication requirements to combat fraud were obviously inadequate.

    Good luck! Go get em!



    • #3
      This should definitely fall at UPS's feet. I didn't even realize that they were allowing customers to redirect shipments without getting the shipper involved. Even if they are able to verify the customer's identity, they should not allow the customer to make changes themselves without the shipper's agreement. I don't use UPS, so I'm not sure of the particulars here, but what happens when a customer requests a redirect? Normally there is a fee associated with an address change. So does UPS just charge this fee to the shipper without their consent?


      • #4
        UPS MyChoice is a relatively new program to make receiving packages more convenient for customers. It lets you do things like re-route packages, schedule delivery times, etc. The costs are paid by the recipient:
        UPS My Choice - Features


        • #5
          Sorry, cbsteven. It still hurts to get chargebacks even after close to thirty years of doing this.
          This puts a whole new spin on things. I always assumed if both billing and shipping are the same and AVS & CVV match, then we were good.
          I agree with Danab that UPS should cover this, and so should those big companies that lose credit card information. We end up paying for their mistakes.

          I just talked to UPS, and I guess there is an option to block all address changes by customers via both telephone, and UPS My Choice. Only the sender would be able to change the delivery address. My rep is supposed to get back to me tomorrow to confirm.

          We just got a small chargeback on shipping to a different address. We do lots of gift orders, and unfortunately, there is no way to protect for fraud in this type of order even though everything matches in the billing side. The shipping address is always different.


          • #6
            We had a "customer" attempt a redirect on a $750 mixer through Fedex and they wouldn't allow it. Thankfully we got the mixer returned as the person at the actual address (whose card was used) rejected the delivery.

            We also had another one a few weeks ago with AMEX (again) AVS good, code good, billing address good (we only ship to billing addresses) phone number matched the area, IP address matched the area, and the package was signed for...followed by a fraud claim by the card holder.

            After 2 weeks of correspondence and phone conversations with AMEX (whose customer service is extraordinary) we finally got the chargeback reversed. ($950)

            AMEX has told us that even if we use their manual authorization call in number that they won't guarantee no-card-present (internet) transactions.

            Nowadays, unfortunately, we're cancelling more orders than we are accepting due to obvious attempts at fraud.


            • #7
              You can have UPS setup your account to not allow redirection. Went through this same thing a few years back. The change in UPS account setup took care of the issue however it also makes it harder for you to request a change of delivery on your own packages after that.


              • #8
                Following up on this, UPS did accept my insurance claim, so we'll be reimbursed.


                • #9
                  AVS is becoming obsolete fast. I'm shocked the credit card companies have no answer for this. We're using a 3rd party fraud check system now and it is vastly superior to just AVS and matching billing and shipping.


                  • #10
                    As all merchants already know, the credit card fraud system often falls on the merchant to “fix”.

                    In other words, the minute a chargeback is initiated, the funds are immediately taken from the merchant’s account. Guilty until proven innocent. This has been a bone of contention with me for the past 15 years or so, ever since I started taking credit cards.

                    Scammers understand how the system works. Make a purchase online and once it has been delivered initiate a chargeback. They know that Step One of the process is to reverse the charges, the thorny details of the transaction will be worked out later. And those details are worked out by a 3rd party resolution center. At that point it is often a crap shoot as to whether or not the merchant will receive their money back. And since scammers most often use stolen credit cards they are not overly concerned either way. If the money goes back into their stolen account, it is just a bonus.

                    Scammers often enlist a dupe to accept the shipments in return for a fee. The dupe eventually gets a knock on the door from the purchase police, at which time the scammer just moves on to the next dupe in line.

                    Enter PCI Compliance.

                    The credit card companies, along with First Data and a few others, got tired of the scammers increasing sophistication which was cutting into their bottom line. So they invented a new industry that is nothing but a mountain of vague rules and regulations that the merchant cannot typically control. Yet they tax all the merchants in order to pay for this new industry and once again expect the merchant to “fix” any problems that might occur.

                    In short, scammers were beating the system created by the credit card companies and those very companies were looking for a few hundred thousand chumps to foot the bill. Rather than spend their own money to fix the problems they themselves created, they figured merchants were the perfect chumps to pick up the tab.

                    All of which has trickled down to shipping companies as well. As noted above, there are steps that can be taken to minimize shipping issues, but it is tricky.

                    Until the credit card companies implement improved security features we’re just pawns in the game. These same companies, by the way, have already implemented improved security features in other countries. They’re just milking the cow for as long as they can before they’re forced to do the same here.


                    • #11
                      You've summed it all up nicely. The bottom line is that credit card companies know that merchants need to be able to accept credit cards in order to survive. As long as this is the case, the know that they can always look to the merchant to pick up the tab in any case involving fraud or a dispute with a customer. AVS is horribly antiquated, but honestly - what is their motivation to change it?


                      • #12
                        Originally posted by onering View Post
                        You've summed it all up nicely. The bottom line is that credit card companies know that merchants need to be able to accept credit cards in order to survive. As long as this is the case, the know that they can always look to the merchant to pick up the tab in any case involving fraud or a dispute with a customer. AVS is horribly antiquated, but honestly - what is their motivation to change it?
                        Well, I guess the time to expose these fraud attempts is now - both AVS and redirects. Congress and media are focusing on security. It seems that this information should be shared with the media. It gives them a supporting story. However, I don't have media connections.