I just received a fax from my bank regarding our merchant account. It stated:
Full Version: One Or More Batches Have Been Suspended
| QUOTE |
This is to notify you that one or more batches, in the amount of $xxx.xx, have been suspended by the security department. These funds may have been suspended automatically, for a number of reasons, including but not limited to: · Unusually high dollar amount of cards used for authorizations. · Unusual method of processing, such as key entered sales, etc. |
It then goes on to say I need to fax them all documentation for that batch which demonstrates the validity of the sales.
However, I didn't manually key any of the orders and the dollar amount was about average, if anything a little lower.
This is the first time in a year that this has happened. I plan to call them first thing Monday morning to find out what the deal is and fax over whatever they need.
I wasn't sure if anyone else has been hit with one of these in the past or recently?
Please contact your merchant rep. I have never seen one of those myself, but, also, do not have a payment gateway. I am thinking that 
/ payment gateway keeps all batches, so, that you can later retrieve them for cases like this.
/ payment gateway keeps all batches, so, that you can later retrieve them for cases like this.
I called them first thing this morning. It was due to 20 back to back fraudulant attempts. Someone just kept trying different CC numbers for over $9,000 each. 
All got denied but my bank got concerned and asked me to alert that they should consider a per session limit. So if someone fails CC checkout x times it just drops into Non-Finalized and they need to start over. I mentioned this to a Dev and was told that in the interest of security it will be done. This will make it more difficult and less likely that someone will attempt so many different cards at once.
They also suggested the possibility of being able to block an IP from checkout. I wouldn't really want this due to dynamic IP's on DSL & Dialup, plus public terminals that are around in Library's, etc. However, if it's an issue with alot of stores maybe they can come up with a method to block an IP for x hours after too many invalid checkout/CC attempts. Just display a message to contact support@yourdomain.com or something. 
Just my 2 cents.
All got denied but my bank got concerned and asked me to alert
that they should consider a per session limit. So if someone fails CC checkout x times it just drops into Non-Finalized and they need to start over. I mentioned this to a Dev and was told that in the interest of security it will be done. This will make it more difficult and less likely that someone will attempt so many different cards at once.They also suggested the possibility of being able to block an IP from checkout. I wouldn't really want this due to dynamic IP's on DSL & Dialup, plus public terminals that are around in Library's, etc. However, if it's an issue with alot of
stores maybe they can come up with a method to block an IP for x hours after too many invalid checkout/CC attempts. Just display a message to contact support@yourdomain.com or something. Just my 2 cents.
Ultimate,
This is a great idea.... how many times should we allow someone to attempt a CC number before disallowing a purchase?
This is a great idea.... how many times should we allow someone to attempt a CC number before disallowing a purchase?
Hello Ultimate-
Your first suggestion will probably be implemented in the near future (per session limit). It would prevent things such as this happening.
The IP address blocking, as you stated, is not very practical. Namely, IP addersses do change, and people forge their own IP address to make it appear as another. Once the IP is blocked, they just get a new one and start over.
Your first suggestion will probably be implemented in the near future (per session limit). It would prevent things such as this happening.
The IP address blocking, as you stated, is not very practical. Namely, IP addersses do change, and people forge their own IP address to make it appear as another. Once the IP is blocked, they just get a new one and start over.
Hey Captain,
I would put the limit at 4. If the person can't get there information right by then, then they never will and they should contact customer service. If a hacker knows he only has 4 chances to get it right, he is likely to not waste his time.
Just my two cents
I would put the limit at 4. If the person can't get there information right by then, then they never will and they should contact customer service. If a hacker knows he only has 4 chances to get it right, he is likely to not waste his time.
Just my two cents
I think any limit could cause sales issues, so you don't want it set to 1. However, on the flip side you don't want it to be too high like 7. Thus I vote "3" 
Nice round figure... 3 strikes - your out! Just be nice about it and refer them to the contact us page or something. Better yet, let us customize the response
Nice round figure... 3 strikes - your out! Just be nice about it and refer them to the contact us page or something. Better yet, let us customize the response
I also believe 3 is the lucky number... If they mess up the first time they will have a second chance. If one is denied and they need to use another, by that time they should have better practice at punching in the numbers.
Alright MC clients... which should it be? 3 or 4? 
I vote for 3!
I vote 3 as well
3 sounds good to me also, if they can't get it right by three than they need to contact customer service (or buy new glasses)
Number is 3
I am late but 3...If they can not type it right after that....I just do not know.
Looks like 3 is a nice number for us so far... How about the handling of them if they get rejected on the third attempt? Refer them to contact us by displaying the contact us information, bring them to a email form so they can email for help, or just a page we can edit so that we can customize the response? Any takers on this one?
Personally I'd go for it being a page that we can customize. I'd like to add a picture with a person shrugging or a little kid frowning and politely explain that a unresolvable error has occured with the credit card processing and give several methods for contacting us so we may assist them.
Personally I'd go for it being a page that we can customize. I'd like to add a picture with a person shrugging or a little kid frowning and politely explain that a unresolvable error has occured with the credit card processing and give several methods for contacting us so we may assist them.
How about an Error ID10T page?
Something nicer than that.
Ok seriously,
I would like it to go to a customizable message page that explains there has been an error in the processing of their CC. It should give some reasons that this error may have occured.
I would like it to go to a customizable message page that explains there has been an error in the processing of their CC. It should give some reasons that this error may have occured.
I was on the receiving end of a chargeback from an issuing bank about 3 years ago, and it was due specifically to a card being tried repeatably. It was resolved ok. It turned out that the cardholder could not remember his expiration, and so tried like numerous times. Chargeback rep read me the mastercard/visa riot rules saying that I should be waiting 24hrs after receiving a decline on a card before trying again. It was the issuing bank that filed the complaint. (card member never knew)
From that time, I have 'automatic authorization' turned off.
One good positive side effect, is does help stop fraud orders from going thru.
These days, if I get a decline when clicking on that 'authorize' button, I usually find the wrong expiration date was entered, contact customer, edit expiration, and hit that button again...
I wonder if it was the nigerians or indonesians testing their cards on your system.
I remember a guy (if I remember an editor for 2600), writing about how those 'attempts' and play authorizations run up a large merchant bill due to the transaction fees.
From that time, I have 'automatic authorization' turned off.
One good positive side effect, is does help stop fraud orders from going thru.
These days, if I get a decline when clicking on that 'authorize' button, I usually find the wrong expiration date was entered, contact customer, edit expiration, and hit that button again...
I wonder if it was the nigerians or indonesians testing their cards on your system.
I remember a guy (if I remember an editor for 2600), writing about how those 'attempts' and play authorizations run up a large merchant bill due to the transaction fees.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.