"Manual" approval of first order/payment

[whmfhh]

I've seen people here recommend manual approval of the first order from a customer as a way to reduce fraud. I'd like to do that, but I looked in WHMCS and I don't see how to set it up. Can I configure new accounts to have no automated billing, and then turn it on manually after I determine that they look legit?

 

I presume I am just not thinking about this the right way...

[JofleyUK]

I dont see that this would be a problem, if you were selling a tangible product that could be stolen from you and not paid for I would agree. As you are selling a service, if they dont pay, stop their service, agreed this is prolly not the answer you were looking for but it's the easiest solution as changing payment recurring billing methods would from what I imagine be non recurring is a great task if you get 100-200 customers sign up in one fell swoop.

 

Keep the recurring billing BUT monitor your unpaid invoices and suspend them as needed. Good paying customers will be your vast majority but the few who like to chance their arm are few and are easier dealt with as the minority rather than assuming you will get them "all the time"

 

Hope this helps and good luck.

[Neil Hennigan]

What would be great is an "authorize only" option for gateways like auth.net, so that all could go through as normal, and even still allow for automation, while being able to easily pull the plug pre-capture if fraud is, in fact, caught. I'd love to be able to carefully manually review each order in addition to other fraud filters.

 

Or does WHMCS already enable authorize only? Haven't seen it; doubt it. I do know that we left auth.net some time back because that had to be configured in the billing solution and not at auth.net.. stupid, really.. but, we're now switching back.

 

Chargebacks. We've been hit soooo many times when we would have caught them before capture if given the chance.

[trine]

Neil, WHMCS does Auth + Capture. There is no possibility to do Auth only without a building a custom payment module. You could do it yourself, or contact Matt to do this for you.

[Si]

Slightly off topic but re chargebacks.

 

We use paypal and worldpay. The only concern we have about first orders going through without manual approval are domain names. Worldpay (for this very reason) stopped us from offering domains for registration for more than 2 years at initial sign-up. Hosting can be stopped without any cost if we look at an order after it has been activated and find it too risky. Domains cannot.

 

But our maximum risk for the convenience of automation is the wholesale price of 2 years for a domain.

 

Re the chargebacks themselves. We avoid them mostly now by reviewing all orders and manually refunding the payment before any chargeback action is taken.

 

We stop all orders from free email addresses at the order source using the configuration options and also, if the IP address does not match the country of the card, that is also a manual stop. At present we do that manually, but are hoping, (once we go live with WHMCS) to use maxmind to intercept these and more to improve our stats further.

 

That's the theory anyhow.

 

Chargebacks. We've been hit soooo many times when we would have caught them before capture if given the chance.

 

I'm not familiar with auth.net, but can't you do the same, after capture?

 

Si

[trine]

auth.net = Authorize.net. It is for a real merchant accounts, meaning that your business accepts CCs directly through your bank.

 

To your point, you could monitor the transactions and refund the payment, but doing capture only first allows manual review BEFORE any service is turned active.

[Neil Hennigan]

Slightly off topic but re chargebacks.

 

I'm not familiar with auth.net, but can't you do the same, after capture?

 

Si

 

We can certainly refund after capture, but this doesn't necessarily solve the chargeback problem. With a "real" merchant account, it doesn't matter if you catch it manually, refund it, etc. - - if a true cardholder catches something before you do (or even sometimes after you do), and files a chargeback, or reports a card stolen, you still get hit with that $25 (or whatever) fee, and it still counts towards your risk assessment.

 

Thankfully, we have a decent history and relationship (now) with our processor, and they don't bother us much when our chargeback rate seems to be increasing. But for that first year there we lived in constant fear of losing our merchant account.

 

Being able to authorize only and catch problems pre-capture makes a real difference for us. Thanks for the tip, Trine - I will definitely add it to my list.

 

 

Neil