

Ask HN: What measures can I take to reduce fraud when taking online payments? - webignition

I&#x27;m currently integrating with Stripe [1] to handle subscriptions to a SaaS product.<p>I would like to create a minimal form for collecting credit&#x2F;debit card details.<p>With respect only to charging a user for a subscription, the details I need are that of the card: card number, expiry date and card verification code. The collection of these fields alone is sufficient for charging a card.<p>I am concerned that the fewer details collected in the payment form, the greater the chance of a given transaction being fraudulent.<p>Instead of collecting cardholder details (name on card, billing address) what measures, preferably technological, can I take to reduce and&#x2F;or minimise fraud?<p>In other words, what behind-the-scenes, automated measures can I put in place to reduce fraud without having to ask the user for anything other than the credit card number, expiry date and cvc?<p>[1] http:&#x2F;&#x2F;stripe.com&#x2F;
======
lifeguard
Credit a small amount to your new customer's account. Then contact them and
ask them to tell you the amount. If they stole the credit card they will
likely not be able to check account balance and answer your question.

Usually fraud is a problem for physical goods or one-off digitals, not
recurring services.

(PS - Paypal fraud detection is horrible)

~~~
webignition
Thanks, that's a great idea that somehow escaped me.

I agree that using stolen card details to subscribe to a recurring service is
unlikely for the purpose of using the service. My concern is that through
being able to take out a subscription a fraudulent user could verify that a
given set of credit card details are valid.

~~~
lifeguard
Something you may see if you have an exposed API for transactions is small
random purchases. What this is about is stolen cards are being tested to see
if they are maxed out or not.

------
fastspring
Anytime you collect less info, it makes your fraud screen less intelligent.
But it is all a balancing act and much more an art than science to keep
consumer inconvenience to a minimum while not having more chargebacks than you
or your merchant account provider can live with.

