i have this process in payment (this is a simulation without sending the real info to verizon, etc):

  1. user choses to pay by credit card.
  2. user enters credit card number and other info.
  3. script validates if the credit card number is valid.
  4. any suggestion for the next step?
    1. Collect underpants
    2. ............................
    3. Profit!

      I can appreciate where the previous responents are coming from. You're not giving us much to go on here. There are some additional steps you might want to include which would help you protect yourself from dodgy orders.

      You might want to store a list of banned credit cards, or at least most of each banned card. If you do business online for any length of time you will find yourself in the situation where you have taken an order and sent out the goods in good faith, but your customer denies he actually placed the order, denies the card was used with his permission, denies he ever received it, etc etc and you have no option but to refund his money. If this happens you, do you want to do business with that person again? Maybe you do, maybe you'd prefer to operate a "three strikes and you're out" policy. In either case, you will want to store a list of card numbers which you will no longer accept. At some point in your order process you will want to check against that list.

      You may also choose to use more detailed information to help spot suspicious transactions. To do this you need to record a pattern of normal behaviour and mark anything outside of that. For instance, orders at unusual (for you) times, orders from unusual (for you) countries, multiple orders on the same card but with other information different, multiple orders on the same card to the same address within minutes of each other, multiple orders on multiple cards to the same address, multiple orders in a short time using different cards from the same IP address, etc etc... none of these is necessarly wrong on its own, but you might decide to allocate "fraud point" to your transaction for tripping any of these rules. Too many "fraud points" and you reject the transaction. What rules to use, how many points to associate with each rule, and how many points to allow before a transaction is rejected is all up to you.

      These are just a couple of defensive ideas which you might choose to use.

        Write a Reply...