We ran an online store selling merchandise for a very large mobile-game vendor, so naturally we experienced these types of fraud attempts.
For us, there's one killer technique. Detect fraud however you want to / can (this can be a mix of heuristic data from your stats, third party, or whatever you want) - but when you detect it - don't decline the user.
Send them to a fake purchase confirmation page.
Suddenly they'll be getting 100% success from your site, and they'll drop you immediately.
On the backend, put the transaction to manual approval, so if it IS a legitimate client, when they email you, you can manually approve the order.
Over the years, as others have pointed out, detection methods change, but using the above technique invalidates their reasons test with your site. (very similar to Mailinator's technique for people scraping their site.. http://mailinator.blogspot.fr/2011/05/how-to-get-gmailcom-ba... )
I think Amazon does this. Regardless of whether the payment goes through or not, you'll always reach an 'order confirmed' page. Looks like they've adopted the same technique for curbing fraudulent purchases.
For us, there's one killer technique. Detect fraud however you want to / can (this can be a mix of heuristic data from your stats, third party, or whatever you want) - but when you detect it - don't decline the user.
Send them to a fake purchase confirmation page.
Suddenly they'll be getting 100% success from your site, and they'll drop you immediately.
On the backend, put the transaction to manual approval, so if it IS a legitimate client, when they email you, you can manually approve the order.
Over the years, as others have pointed out, detection methods change, but using the above technique invalidates their reasons test with your site. (very similar to Mailinator's technique for people scraping their site.. http://mailinator.blogspot.fr/2011/05/how-to-get-gmailcom-ba... )