BANNING A USER

[djcaseanova]

Okay, I got some A-hole who purchased from my store last month and now did a charge back a month later after it was delivered. He's now claiming it was unauthorized, yet it was sent to his house and everything. So I am going through a dispute with Paypal....

Anyway, here is my problem. This is the second time a similar situation has occured, and there is nothing I can do, except get the satisfaction of banning these fraudulent terds.

Is there a way to BAN them from placing an order, or have a catagory that we as ADMIN's can place them in? Like a category that says "banned" and if the buyer is in this category they're not allowed to view the store or add items to the basket?

I don't need to ban his IP address because it's pointless to even attempt. I need him banned within the store by his address. So if he gets smart and tries to sign up again it will not work because his shipping address is banned or put into a log file that shows banned addresses or something!!!!

If there isn't a way to do this, there really needs to be, admins are powerless in their own stores!

I've also checked cubecart.org! I would have paid big bucks for something like this!

Thanks guys!!

[Guest CheapScotsman]

I don't know of anyway of doing this automatically in Cubecart.

Specifically for chargeback abuse, there is the shared merchant blacklist for chargeback abusers via the chargeback bureau http://www.chargebackbureau.org

I would be careful, however, as there appears to be some controversies about its potential use:

http://www.consumeraffairs.com/news04/2006...ack_bureau.html

http://www.sfgate.com/cgi-bin/article.cgi?...BUG3KJDKLC1.DTL

This site has some info on controlling chargebacks:

http://www.sitepoint.com/article/chargeback-challenge

Note that you will probably have to update your privacy policies and terms of service agreements if you decide to go this route

[djcaseanova]

no I really dont need that route, need something more local for my store to basically block them from having a buy option.

[Guest CheapScotsman]

There is nothing in cubecbart that I have read about so it probably doesn't exists.

Time to head to cubecart.org and ask there or post a mod request. I wonder what big bucks are :lol:

[goober999]

There is nothing in cubecbart that I have read about so it probably doesn't exists.

Time to head to cubecart.org and ask there or post a mod request. I wonder what big bucks are

There is no need for a mod or big bucks. Eventhough CC does not have a banning feature you can always ban the customer's IP from you hosting's control panel. I know cPanel has that. If you don't have cPanel, just look around the control panel from your hosting provider you may find something similar.

thanks

/Goober

[Guest CheapScotsman]

There is nothing in cubecbart that I have read about so it probably doesn't exists.

Time to head to cubecart.org and ask there or post a mod request. I wonder what big bucks are

There is no need for a mod or big bucks. Eventhough CC does not have a banning feature you can always ban the customer's IP from you hosting's control panel. I know cPanel has that. If you don't have cPanel, just look around the control panel from your hosting provider you may find something similar.

thanks

/Goober

The only problem is that 98% of people who do chargebacks have dynamic IPs and the next time they visit your store, the IP won't match. You could ban an IP range but that might wipe out a bunch of customers.

From a chargeback prevention point of view, a significant reason why people do chargebacks (especially for smaller merchants) is that they don't recognize the charge on their bill.

Example: I pucrhased a shareware product from XXX company. They sold their stuff through share-it.com ... but the charge on my bill will be from element.info. I just got an email reminder, 10 days after the purchase, reminding me that I made the purchase and who would show up on my bill. Good idea for reducing chargebacks.

[Guest www.orderiffic.com]

The only way to stop fraudulent buyers (without an option to ban someone from your store), may be to change your PayPal options to allow sales from confirmed address only. I hope a mod programer is monitoring this discussion.. I would pay a fair amount for this option in my store admin. :cry:

[Guest gwyneth]

The only way to stop fraudulent buyers (without an option to ban someone from your store), may be to change your PayPal options to allow sales from confirmed address only. I hope a mod programer is monitoring this discussion.. I would pay a fair amount for this option in my store admin.

At what point would you like to ban the user, and by what? Re the former, I mean, do you want to keep him from adding items to the cart, or for him to receive a message when he tries to check out?

Do you want his name, address, customer no. , or payment no. banned?

There are several options and I'm thinking it might be very simple for us to adapt something we did for another program, depending on what kind of functionality is involved.

[Guest www.orderiffic.com]

I could easily delete the user's account, but what would great is the ability to keep them from creating a new one, if any of the details match the user's previous account details; like email, address, user name, telephone, city/country, zip code, password, etc.

Ideally, it would be nice to know how to trace or confirm their identity, like making new accounts accept a call back to the phone number provided, (possibly automatic) either before account approval or for accepting an order. After the account is trusted, to turn the feature(s) off.

Rather draconian and severe, but for suspicious accounts at least, it would be nice to have these options. Any or all. Power is good..

CheapScotsman is right, this should probly be discussed at Cubecart.org: CC3 Request a Modification

[Guest CheapScotsman]

Before we design a fraud prevention system there are a couple of questions we should ask (note; fraud isn't chargebacks)

> What is the real profile of most fraudsters. I can't believe that most of them are using their own credit cards, addresses, etc.

> why isn't your payment processor's fraud system working for you?

Hmmm ....

[Guest gwizard]

Let me tell you how REAL fraud is made.

1. You NEVER do anything from your home or any other place where you can be identified.

2. You NEVER order anything for your home address or any other address where you be identified and made.

3. You NEVER use anything personal to you such as phone numbers, credit numbers, etc.

When done correctly, there is no way to connect the crime to the actual person who committed it.

Fortunately for us, most fraudsters don't know / use all of that and that's why we can catch them.

Banning by IP is pointless, as suggested earlier, because of the dynamic nature and a little thing called WiFi.

I work for a very large company now and we design an e-commerce solution for a small-medium businesses. Exactly the type you (and I) all are.

We have what is called "New Customer" indicator that is set for customers who never paid yet.

In this way, everyone who is "New" must be treated with care. After 1 payment has been received you probably can trust the person (and offer a discount if enough time went by without purchase).

Since we don't have connectivity to banking, I can implement this in CC manually to be set by store owner.

It is a very simple thing to do.

Another way to deal with it is to contact each customer by phone first to "confirm details". A very accepted practice in Israel to verify you actually speaking with a real live person. It is tiresome and will cost time and phone bill, but better then chargeback.

Personally, I use a combination of the above and I verify the address to the persons name and social security id via a national database that I have. So far didn't had even 1 fraud order that actually shipped.

[convict]

The only way to stop fraudulent buyers (without an option to ban someone from your store), may be to change your PayPal options to allow sales from confirmed address only. I hope a mod programer is monitoring this discussion.. I would pay a fair amount for this option in my store admin.

All depends to good you sell. Digital goods is most sensitive.

We use PayPal, we sell digital goods however we always check the UNKNOWN BUYER. First time buyer will NEVER GET the downloadable link without manual approval. Approved/checked buyer is the one who get the instant download ONLY.

PayPal offers the buyer VERIFIED/UNVERIFIED status. Verification is made for PayPal account holder only. We see in our order details in CubeCart admin area what is the buyer status, buyer name and primary paypal address however any buyer status purchased by Credit Cards (user is not registered) is always UNVERIFIED.

Unregistered paypal buyer can use verified address anyway, if he/she use stolen credit card data using verified address and cc holder data in cubecart registration you are lost to check it.

The best for merchant: buyer has paypal account verified status, registered with primary paypal email address invoice & delivery address is the same as his/her paypal. You are sure 99.9999% buyer is eligible.

[Guest digger]

Hello,

I read this thread and got a thought. I know... dangerous! But here goes:

Maybe a mod could be developed that could ban a particular credit card number? Perhaps a particular delivery address, etc. This would not prevent the "first" chargeback, but would certainly prevent future ones.

Also, I use a Mod by Estelle that sends out an email automatically when a product is purchased. I am customizing it now to include info about what will show up on their credit card statement. I suspect it will nip a lot of problems before they start (I hope anyway).

Oh well... just my two cents.

[Guest]

While all of the various suggestions here are good, I think that the original poster's suggestion is probably the best option. If we have a customer who orders our products with the intention of claiming a refund just because they can, we need some way to ban that user from any future activity.

Here's how I see it working.

1. We bring up the customer record in CC admin and click a button (or select from a dropdown box) to change his/her status to "BANNED".

2. Whenever that customer tries to log in, CC displays a customizable message basically saying "You have been banned from this site."

3. If the same customer tries to open a new account, CC checks the information against all BANNED accounts for any similarities, such as same address, same email, same phone, etc. If any one of these details is the same, the new account is automatically given a BANNED status, thus recording the new details into the database for future checks.

4. Alternatively, we should be able to capture the data entered through the payment system (PayPal and Authorize.net at least), and record this data to the customer account for further identification.

This will only work when the store owner sets CC to require a user account for purchase (no anonymous checkout), and should be a relatively easy mod to create.

Alternately, the idea of treating new customers differently, and doing courtesy checks on new accounts, is a good one. Especially when you're sending out physical products - you can do your fraud checking before shipping.