Notes on Tutorial, and More

So, I had these grand plans to write a series of blog posts discussing my workflow. Instead, I found myself deep IN my workflow, with a sudden influx of projects. Blogging had to wait. There seems to be a slight lull, so the posts are forthcoming, barring the world’s strangest weekend.

I did want to share a couple of experiences that I have had recently. One, as an object lesson to us all about caution. The other as a reminder to myself and to all that you never know what a difference you can make in the life of another person.

The first experience is also the most recent. An acquaintance sent a cold referral my way. It sounded exciting and promising – they wanted a site similar in scope and function to an existing one, and wanted a quote for everything from domain name registration to monthly maintenance. I provided one, and they signed off on the project. However, there was a small catch – they needed to pay by credit card.

In and of itself, there is nothing strange about wanting to put a business expense on a credit card – especially if it’s a fairly new venture. I agreed to bill them accordingly, and sent an invoice via Paypal. Shortly thereafter, they emailed me, stating that they were having difficulty running the card, and would I run it manually. Now, I don’t like the idea of having someone’s credit card information in my personal possession. If something happens, it’s difficult for the person to feel confident that I was not somehow responsible. My sense of self-preservation led me to offer to bill through Stripe instead.

That’s when things got interesting. The next email I received asked if I could do the potential client a favor. They said that their graphic designer did not have a way to process credit cards (red flag), and if I would allow them to pay me my down payment, the graphic designer’s payment, and credit card processing fees, I could send a payment to the graphic designer (huge red flag).

So, you might be thinking, much as I did, that my credit card processing service would have my back here. After all, once the money was put in my account, it was mine – right?

I decided to look up information online to see what the worst case scenario would be. I was already feeling uncomfortable with the situation, and my “tummy voice” was screaming that this was some sort of scam, but I couldn’t understand how it could be. This is what Stripe has to say about credit card fraud:

Am I responsible for fraudulent charges made on my Stripe account?

Yes. We understand that this can be frustrating, but credit card networks require you to assume financial responsibility for an unauthorized charge. This is because you have the most information about your customer at the time of purchase and are responsible for filling the order.

No slam against Stripe, or any other company. This is a policy that actually makes some sense, although in the age of digital goods it can be difficult to verify the identity of a customer.  I continued to read.

How can I tell if a charge is fraudulent?

Sanity check your payments for anything out of the ordinary, such as unusually large transactions, an odd set of many purchases in a row, or gibberish names and email addresses. You may have more information about your customer than we see in their payment details.

Well, this doesn’t look good…

Identifying potential fraud

Since Stripe users are responsible for fulfilling orders for customers—and possess the most information about their customer at the time of purchase—they are best equipped to determine whether or not a transaction is potentially fraudulent. There are many indications of fraudulent activity that, while alone may seem fine, together can clearly indicate credit card fraud.

Review charges for anything out of the ordinary. Unlike in-person transactions, you can’t physically check the card’s security features to ensure it is genuine, or guarantee that the customer is in possession of the card when accepting payments online. While not an exhaustive list, some things to look out for are:

  • Unusually large orders (either number of items ordered or an expensive item/dollar amount)
  • Rush orders (which would allow fraudsters to take advantage of timing)
  • Use of international cards or orders with international shipping addresses
  • Many smaller transactions made with similar or the same card numbers, especially over a short duration
  • Many transactions made with the same card but different shipping addresses, or many cards with the same shipping address
  • Many transactions from the same IP address with different cards – this includes failed transactions (fraudsters will often attempt to use many cards, and keep trying until one succeeds)
  • Use of obviously or likely-fake information in the transaction (such as fake phone numbers or gibberish email addresses like asdkf12495@freemailexample.com)
  • Shipping to a freight forwarder. (There’s a list of known freight forwarders here.)
  • Billing addresses that do not match the card’s country of origin.
  • Inconsistencies in customer details across multiple purchases, e.g. seeing the same e-mail address but a different name provided for another payment.
  • Many failed attempts by the same customer name/email address – your declined charges can provide very valuable information and should be regularly reviewed! The same customer might have many failed charge attempts, and if each failure is associated with a different credit card, any successful charge carries much greater risk for fraud.
  • Any request that you run a charge through manually, either through your Stripe dashboard or your store – fraudsters may make this request in order to have the charge run with your local IP address instead of their own.
  • Any request to “overcharge” a card and pay out a third party (driver, shipper/freight company, etc.) via a different payment method (check, wire transfer, cash, money order, etc.)

My response to my “customer” was to express my level of discomfort with the transaction they were proposing. I suggested they find a different way of compensating their designer, and not use me as an intermediate in the transaction. I have not heard from them since.

Chances are, this person possessed some stolen credit card information, and needed to get access to the cash on the card. I am certain that the actual card owner eventually would have disputed the transaction (as well they should!), and I would not only lose the money, but also the time and energy invested in beginning work on a project that didn’t exist. In the meantime, the credit card owner would have to deal with all that goes with discovering your card has been compromised, and could possibly be held responsible for some portion of the money spent. No one wins in this situation except the scammer.

Rewind to about a month and a half ago. I was in a checkout in the supermarket when a young woman came up to me. She knew my name, and told me that I had taught a class she’d attended years prior. She just wanted to let me know that I had inspired her to return to school, and that she was now working in IT.

That experience allows me to have perspective about the nature of people and of interpersonal interaction. Having someone be willing to put complete strangers in a financial bind to get a few dollars for themselves could be really disheartening. And it does make me more than a little sad that there are people so self-absorbed with their own financial situation that they are willing to go out of their way to steal money from others. However, the fact that there are also people so touched by the encounters they have with their fellow humans that they feel compelled to reach out and tell people what their time together meant, and how it changed them.

I hope that both of these stories inspire you all to go out and make today a great day.