Detecting throw away and virtual Credit Cards
The type of business I run allows customers to get results before they pay. I take their credit card information when they sign up, and afterwords anywhere from a week to a month charge them for my services. Most of the time this goes smoothly, but occasionally people will try and game the system by using virtual credit cards, and throw away debit cards (like you might buy at Wallmart).
I've done some research and found http://en.wikipedia.org/wiki/List_of_Bank_Identification_Numbers, but it's not a complete list. Is there anyway to identify where the cards come from; specifically virtual and throw away cards.
Or has anyone had any experience with this issue, and might be able to give me some ideas for combating this problem?
The pre-auth will not solve this issue . Throw away cards will pre-auth successfully, so don't allow a way to differentiate between temporary cards and long term cards.
Pre-authing itself has a number of issues, the main one being that each card issuer will hold the pre-auth value for a varying amount of time, anywhere from 2 days to 30 days. This can lead to issues where you either pre-auth too frequently (which really annoys the customer, because it looks like money is constantly dripping from their account) or not frequently enough (so that the pre-auth drops off and you have no guarantee the funds are available when you actually want to take settlement)
Unfortunately the issue you face is something you just need to cope with, or change your business model! In fairness ANY type of card could run into issues with your current model. There is no guarantee that a long term card will have funds available constantly, or not be cancelled (due to card being lost for example) or expiring.
Can you imagine walking into a shop and being told at the till, "thanks, but dont pay us now - just leave your card details and we'll collect from you at the end of the month". It would be ripe for abuse. Sorry to be so blunt but you either need to factor that abuse into your costs, or find a different model. One alternative may be to make an upfront charge for 'credits', which are spent as the service is provided, then infrequently perform a repeat authorisation/settlement to top up the credits (and put the account on hold if the auth declines). You'd need to make sure your service provider uses the Visa Account Updater service, and the Mastercard Automated Billing updater. These services allow for repeat authorisations by automatically updating cards that have expired, or been replaced with the new card details. Any cards that have been cancelled will drop off and decline.
Put a hold (Authorization) transaction on the amount, and renew it every x days as required until you decide to keep it or release it
Not all CC service providers support hold transactions however, so may be easier to bill the full amount initially and offer a full refund if not satisfied
Remember you should NOT be storing CC numbers, only transaction references from your CC service provider
Use a full service payment provider like paymentexpress to get access to hold services etc
You could also put funds into an escrow. Money is drawn from the account and put in escrow and then when the job is done, both parties agree payment should go through and you get paid. Simple.
链接地址: http://www.djcxy.com/p/70740.html上一篇: PCI兼容服务存储信用卡信息
下一篇: 检测扔掉和虚拟信用卡