I have burning question that I cannot find an answer to.
I would like to know if there is a way to confirm that the name a customer provided matches the credit card number they gave.
Basically, I manually process credit cards for the remote sale of lottery tickets. I cannot use a gateway since they do not allow use of their services for gambling activity and the lottery is gambling. I used to use PayPal but my account was suspended for that reason.
So, I have a playform that the customer (player) fills in in pdf format, prints, signs and FAXes to me. On the form I ask for the following info (aside from the type of lotto tickets they want to buy)…
E-mail.
Home country.
Phone number.
Card type (VISA or MC as those are the only 2 we accept).
Full name as it appears on the CC.
CC number.
CVV code.
EXP date.
I also provide the following warning in order to try and avoid fraud …
“NOTE: to avoid fraud, the name above is the name
any and all winnings will be paid out to so we
advise you not to use someone else’s credit card
unless you want to make them a millionaire.”
QUESTION IS, how can i cross-check the name of the customer with the CC number they have provided to be sure that it is really their card?
My CC processing machine only asks for the…
CC type.
CC number.
EXP date.
… and no more, it does not seem to validate by name so technically, a would-be scammer could buy a ticket with their name and a diff. person’s CC number and we would be none the wiser if it hit the jackpot and we paid out the prize.
Ok, found this online and tested it with an order from a client but it is time-consuming. Anyone know a faster way?
Calling to verify.
"You will press ‘2’ for either number, to obtain access to the phone number for the card issuing bank. The system will prompt you for the card number, and then give you the bank name and phone number. This is the phone number of the bank that ISSUED the card to the cardholder (Card Issuing Bank).
Next, you call that number, and tell them that you are a merchant, and need to verify cardholder provided information with “YES or NO” questions. This is important, as there are privacy issues, but they CAN confirm or deny information YOU provide. You give them the card account number, and you can ask them (again YES or NO), if the cardholder name is (give cardholder name), verify the address, phone number, and CVV2 number. If you tell them you suspect fraud they MAY (at their option) call the cardholder to verify that they actually performed the transaction. Remember, the issuing banks have a responsibility to provide privacy to their cardholders, but they are also interested in preventing fraud, so they can only confirm or deny that information you give them is correct. "
I understand that you’re not asking about the legality of your process but before you even begin to try and go down the fraud road I would strongly urge you to review the terms of your merchant agreement, local legislation and PCI compliance. Collecting their information via FAX and storing it on paper to avoid an online transaction is not the same as a terminal swipe. Of course if you have already looked into this then please ignore my comment.
As far as your original question, does your terminal system show anything about the credit card holder after you have auth’d them? What merchant provider do you use?
We are based in Spain and the transactions are legit but thanks for the warning anyway. We simply resell lottery tickets like any lotto agent.
The terminal provides no info about the customer, it just approves or denies the transaction and prints out a receipt.
The only thing we want to avoid is a customer who uses someone else’s CC illegally for a transaction and then collects a prize if the lotto ticket hits.
I am pretty sure we will go with the calling and verifying that I mentioned above as it worked well as a test. Even though it takes a few minutes to call and verify, at least we are sure that the cardholder name and CC number submitted to purchase the ticket belongs to the person who will collect any and all prizes won.
This makes the system pretty fraud free as a scammer would have to be out of their mind to use a stolen CC for a lottery purchase that could pay out millions to the real cardholder.