I work with a company one of whose branches is selling services over the internet in an automated way. A few days ago there was a guy who set up several hundred services in our system (which of course is not an abuse in itself and some people do it), however he made payments with all possible payment methods where you can pay with a card. About 70% of the transactions that he conducted in order to purchase these services were unsuccessful. We also know that he uses payment cards belonging to different people. It is also worth noting that this customer is from a completely different country than the country the company is targeting.
The services the company sells are activated automatically upon successful payment. So we have no way of manually verifying each transaction individually to stop such activity. However, I am looking for an effective solution to verify this type of situation, because I have run out of ideas.
The man provided only residual personal information at first, which he supplemented after the request and provided phone numbers. He also sent reliable identification documents upon request. I was not able to call the phone numbers he provided initially, I was only able to call the ones he provided after requesting verification and indeed someone is answering these calls. These could be VOIP numbers….
We contacted all the payment gateways we use and reported the possible abuse, but nothing happened – no response or anything.
Since the services the company sells can in theory be used for illegal activities, which the company would like to avoid – how else can we effectively verify the person? Manual verification is out of the question for technical reasons.