• credit_card_fraudIn this post I will protect some of the names/information of the people and businesses involved for obvious reasons, and ONLY the innocent were protected. But rest assured your credit card company is screwing everyone, including you!

    On January 1st 2014 an ecommerce store received and order for $120.19 (which is about average). This payment processed through Authorize.net without any filter problems, errors or issues.

    Later on January 1st 2014 the same store received another order from the same user without issue for $179.31. This is also not unusual and the merchant set out to contact them and let them know that they would be combining their orders to save money for them on shipping.

    After several emails and phone calls in which the merchant left messages about combining the orders.... the customer did not respond.

    On January 5th 2014 the same store received a $171.74 order from the same user, again without issue. At this point the merchant attempted to contact the customer more than 10 times via email and 2 different provided phone numbers in the orders... all to no avail.

    At this point the merchant contacted Authorize.net for advice. Authorize.net advised the merchant that there was nothing they could do and the merchant should consider cancelling the orders after 24hrs if they do not hear from the customer.

    On Jan 5th the merchant cancelled the orders and refunded all 3 transactions to the shopper.

    On January 7th the same store received a $1,089.34 order from the same customer and again no fraud filters were set off by the transaction. The merchant began searching Google and DNS records for more information on the customer and found:

    • The customer is a real live person and both the shipping and billing addresses used are listed as their winter/summer home addresses.
    • The customer's name, phone numbers and other information is also spot on correct.
    • The customer is elderly.
    • The customer uses Road Runner Internet Services and does NOT have a dedicated IP address (so we cannot just block the customer for the merchant)

    On January 8th the same store received another order from the same customer without issue for $926.92.

    On January 13th the same store received another order from the same customer for $844.76, again without setting off even the slightest fraud filter.

    On January 13 the merchant had voided/refunded all of the orders and set out to report this to Visa or whomever as fraud. To hopefully help protect the customer's credit and identity.

    Here is where the story will make you want to cut up your credit cards!

    Step one was to contact Authorize.net who instructed their was nothing they could do. They additionally provided no other information.

    Next the merchant set out searching on Google for things like "Report fraud to Visa". The searches helped the merchant find Visa's fraud information (http://usa.visa.com/merchants/merchant-resources/report-card-fraud.html) which is useless and the list to the acquirer list is broken even. Then a few more searches located a helpful blog which  instructed them that a "Code 10" was what they needed to do. A Code 10 is used to provide authorization to verify additional information on a suspicious transaction.

    So the merchant contacted their merchant services bank to "do a Code 10". The merchant's provider is Bank of America. Bank of America merchant services instructed the merchant that they could not help and transferred them to the "Loss & Fraud" department.

    The Loss & Fraud department said there was no way they could do anything as the merchant (per PCI/DSS requirements) had only the credit card's last 4 numbers.

    The merchant hung up and called Bank of America Merchant Services back. This time they told the CSR that the loss department was the wrong department and insisted they needed help to report this fraudulent activity on this woman's card. The CSR responded that unfortunately the tools and abilities they have,  "haven't yet caught up to the PCI/DSS Standards" and their was NOTHING they could do. This CSR then hung up.... or the call was miraculously dropped right after he finished saying their was "NOTHING they could do".

    The merchant, now pissed, called Bank of America Merchant Services back and demanded to speak to a supervisor. The young female CSR responded, "okay, but can I try to help you first"..... ahhh progress!

    The merchant and the female CSR went through about 10 minutes of verifications including batch transaction data and then she put the merchant on hold and went to speak with her supervisor.

    Upon returning to the call she instructed the merchant that she could now release the full credit card number and the customer's bank contact information.

    The merchant then called Bank Fia Card Services and began what turned out to be even less reassuring as the process had been thus far!

    A female CSR at Bank Fia Card Services said "there is nothing we can do".

    The merchant insisted, demanded even that she do something... so she went to speak to her supervisor.

    Upon returning, (10 minutes later) she still insisted there was nothing they could do, but offered to have their fraud team "peak" at the card holders account soon. She also inquired to the merchant if their was some reason they didn't want Ms. Cardholder's business. The merchant responded, business yes... fraud not so much.

    At this point the merchant, thinking about this elderly lady whose credit card is clearly compromised, used a very direct and offensive move. The merchant said, "fine, then I want to report this card holder for placing fraudulent transactions at my business". The Bank Fia Card Services CSR responded..... "uuuuum..., ugh, hang on, ugh... please hold". Nice huh?

    When the Bank Fia Card Services CSR returned to the line she said, "we have looked at Ms. Cardholder's account and placed a fraud alert on it, she will not be able to use this card until she contacts us".

    FINALLY... what a bunch of crap! A merchant may know your card has been compromised and cannot even report it! You are NOT safe as card holders and the banks don't give a rat's ass about you, your identity or anything else for that matter! This merchant went above and beyond to help protect this card holder.... but you can bet that many would not and moreover most do not have 3 hours to dedicate to something like this. You should also know that the merchant is out about $500 in stock ordered for the first few orders, that they will not recover.... Just a $500 loss and the ability to sleep at night is all the merchant gets!

  • So we have been working hard to create the proper and effective way to deliver schematic markup to Google and others. Up until recently yesterday, there was an issue delivering the product price for Zen Cart. I have 2 thoughts on this.

    1. Maybe we should ONLY be delivering the base price and not the specials price?

    2. Maybe we should be delivering the actual price, which is the special price for a product on sale?

    Some arguments for the issue include:

    • These are not real time in the search results anyhow. So a searcher could be given a special price in search results and get to your site to find it no longer on special.
    • The platforms, Schema.org, Rich Snippets, Good relations, Open Graph etc have only 1 price specification, regular and sale seem more logical.
    • All of the markup platforms have additional assignments for price expiration etc in the offer markup.

    So with Zen Cart I have worked it out both ways (below).... The actual price, which includes specials has a rounding hack in it because Google is too stupid to read 18.0000 as $18.00 and instead reads AND displays 180,000.00. No idea why, but duhhhhhhhhhhhh.

    google_bugSo thus, we have a hack because honestly because of taxes, quantity discounts and other pricing values in an ecommerce system such as Zen Cart we need 4 decimal places.

    So if you want to display the actual price you would use this

    <?php echo $specials_new_products_price = (round(zen_get_products_actual_price($product_info_metatags->fields['products_id']),2)); ?>

    Now if you want to use the base price, which based on the arguments above is trouble free, then you use this

    <?php echo $products_price = zen_get_products_base_price($product_info->fields['products_id']); ?>

    Likely you will all be asking about the expiration of a special...... Here are the instructions:

    1. Download Sale Ending/Special Ending from Zen Cart (because there is not reason to reinvent the wheel)

    2. Edit common_files/includes/languages/english/extra_definitions/sale_special_ending.php and edit the language definitions to be blank, like below:

    define('TEXT_SPECIAL_EXPIRES', '');
    define('TEXT_SALE_EXPIRES', '');

    3. Edit common_files/includes/functions/extra_functions/sale_special_ending.php and change the following line

    Line 6 function sale_special_ending($id, $longdate = true, $one_day_back = false) {


    function sale_special_ending($id, $longdate = false, $one_day_back = false) {

    4. Now in your details list in templates/product_info_display.php add your price like this

    <li>Products Current Price: <span itemprop="offerDetails" itemscope itemtype="http://data-vocabulary.org/Offer"><meta itemprop="currency" content="USD"/><?php
    $ssblock = sale_special_ending((int)$_GET['products_id']);
    if ($ssblock != '') {
    echo '<time itemprop="priceValidUntil" datetime="' . $ssblock . '"></time>';
    ?><span itemprop="price"><?php echo $specials_new_products_price = (round(zen_get_products_actual_price($product_info_metatags->fields['products_id']),2)); ?></span></span></li>

    5. You can also add another line item for the shopper if you like

    $ssblock = sale_special_ending((int)$_GET['products_id']);
    if ($ssblock != '') {
    echo '<li><b>Sale Ends:</b> <time itemprop="priceValidUntil" datetime="' . $ssblock . '"></time>' . $ssblock . '</li>';

    Want to catch up on all the markup we have worked out so far for your store? Get the Rich Snippets Tutorial for Zen Cart. That's all, stay advised and work hard!

© 2003-2015 PRO-Webs, Inc. Woodbine, GA 31569-2051