ShopSite Forums

[Eddie Caplan]

In ShopSite 7.0.3:

1) Is there any way to validate the Customer Registration information
before the completion of the Customer Sign-up? I'm thinking of somehow
verifying the customer's email address.

2) If the customer has given a bogus email address during registration,
what happens to the emailed Receipt when it is undeliverable? Who gets
the bounced-back email error?


Thanks,
Eddie Caplan

[Eddie Caplan]

This is a Fraud issue.

In article <280120041056294389%eddiec_NOSPAM@NOSPAM_stararcher.com>,
Eddie Caplan <eddiec_NOSPAM@NOSPAM_stararcher.com> wrote:

In ShopSite 7.0.3:

1) Is there any way to validate the Customer Registration information
before the completion of the Customer Sign-up? I'm thinking of somehow
verifying the customer's email address.

2) If the customer has given a bogus email address during registration,
what happens to the emailed Receipt when it is undeliverable? Who gets
the bounced-back email error?


Thanks,
Eddie Caplan

[loren_d_c]

There is no way to validate the email address short of sending an email
to that email address (although I bet spammers would love it if there
were). Once the email is handed off from ShopSite to the sendmail
binary, it is pretty much out of ShopSite's hands, there is no way after
that for ShopSite to detect a bounce. The From and Reply-to headers in
the shopper receipt email are both using the Merchant Email Address
setting in Preferences -> Hosting Service, so the bounces should go to
that address.

This does not have anything specifically to do with customer
registration, even unregistered customers could order (if you allow
unregistered customers to order) using a bogus email address. And
non-fraudsters could also accidentally enter their email address wrong.

Anyone can set up a yahoo or hotmail account (or endless other free
email services out there), so even a valid email address does not assure
you that an order is not fraudulent. The best thing to prevent that
would be to use the AVS features of your payment processor that will
compare billing address information in the order to the billing address
the issuing bank has for that credit card account.

-Loren



Eddie Caplan wrote:

This is a Fraud issue.

In article <280120041056294389%eddiec_NOSPAM@NOSPAM_stararcher.com>,
Eddie Caplan <eddiec_NOSPAM@NOSPAM_stararcher.com> wrote:


In ShopSite 7.0.3:

1) Is there any way to validate the Customer Registration information
before the completion of the Customer Sign-up? I'm thinking of somehow
verifying the customer's email address.

2) If the customer has given a bogus email address during registration,
what happens to the emailed Receipt when it is undeliverable? Who gets
the bounced-back email error?


Thanks,
Eddie Caplan

[Eddie Caplan]

[Sorry for anyone who is seeing this twice]

Loren,

Thanks for your quick response.

I was thinking about verifying the email address as part of the
Customer Registration process. Some websites send a Link or
Verification Code to the email address provided, and the potential
customer needs to click the Link or enter the Code on the website to
complete the registration process.

Are you suggesting that these procedures have no security value?

Thanks,
Eddie


In article <bv907n$9g0$1@support.shopsite.com>, Loren
<loren_d_c@yahoo.com> wrote:

There is no way to validate the email address short of sending an email
to that email address (although I bet spammers would love it if there
were). Once the email is handed off from ShopSite to the sendmail
binary, it is pretty much out of ShopSite's hands, there is no way after
that for ShopSite to detect a bounce. The From and Reply-to headers in
the shopper receipt email are both using the Merchant Email Address
setting in Preferences -> Hosting Service, so the bounces should go to
that address.

This does not have anything specifically to do with customer
registration, even unregistered customers could order (if you allow
unregistered customers to order) using a bogus email address. And
non-fraudsters could also accidentally enter their email address wrong.

Anyone can set up a yahoo or hotmail account (or endless other free
email services out there), so even a valid email address does not assure
you that an order is not fraudulent. The best thing to prevent that
would be to use the AVS features of your payment processor that will
compare billing address information in the order to the billing address
the issuing bank has for that credit card account.

-Loren



Eddie Caplan wrote:

This is a Fraud issue.

In article <280120041056294389%eddiec_NOSPAM@NOSPAM_stararcher.com>,
Eddie Caplan <eddiec_NOSPAM@NOSPAM_stararcher.com> wrote:


In ShopSite 7.0.3:

1) Is there any way to validate the Customer Registration information
before the completion of the Customer Sign-up? I'm thinking of somehow
verifying the customer's email address.

2) If the customer has given a bogus email address during registration,
what happens to the emailed Receipt when it is undeliverable? Who gets
the bounced-back email error?


Thanks,
Eddie Caplan

[David H]

Generally it is a bad idea to add anything that slows down a sale. You want
the customer to quickly register and complete the check out. Any additional
hoops to complete a sign up could be a lost sale. Note that the customer
could always log in later with the incorrect e-mail address and change it or
the merchant could change it for them (assuming they call or e-mail you
asking where their receipt is.)

-David H.

"Eddie Caplan" <eddiec_NOSPAM@NOSPAM_stararcher.com> wrote in message
news:280120041436151398%eddiec_NOSPAM@NOSPAM_stararcher.com...

[Sorry for anyone who is seeing this twice]

Loren,

Thanks for your quick response.

I was thinking about verifying the email address as part of the
Customer Registration process. Some websites send a Link or
Verification Code to the email address provided, and the potential
customer needs to click the Link or enter the Code on the website to
complete the registration process.

Are you suggesting that these procedures have no security value?

Thanks,
Eddie


In article <bv907n$9g0$1@support.shopsite.com>, Loren
loren_d_c@yahoo.com> wrote:

There is no way to validate the email address short of sending an email
to that email address (although I bet spammers would love it if there
were). Once the email is handed off from ShopSite to the sendmail
binary, it is pretty much out of ShopSite's hands, there is no way after
that for ShopSite to detect a bounce. The From and Reply-to headers in
the shopper receipt email are both using the Merchant Email Address
setting in Preferences -> Hosting Service, so the bounces should go to
that address.

This does not have anything specifically to do with customer
registration, even unregistered customers could order (if you allow
unregistered customers to order) using a bogus email address. And
non-fraudsters could also accidentally enter their email address wrong.

Anyone can set up a yahoo or hotmail account (or endless other free
email services out there), so even a valid email address does not assure
you that an order is not fraudulent. The best thing to prevent that
would be to use the AVS features of your payment processor that will
compare billing address information in the order to the billing address
the issuing bank has for that credit card account.

-Loren



Eddie Caplan wrote:

This is a Fraud issue.

In article <280120041056294389%eddiec_NOSPAM@NOSPAM_stararcher.com>,
Eddie Caplan <eddiec_NOSPAM@NOSPAM_stararcher.com> wrote:


In ShopSite 7.0.3:

1) Is there any way to validate the Customer Registration information
before the completion of the Customer Sign-up? I'm thinking of
somehow
verifying the customer's email address.

2) If the customer has given a bogus email address during
registration,
what happens to the emailed Receipt when it is undeliverable? Who
gets
the bounced-back email error?


Thanks,
Eddie Caplan

[Eddie Caplan]

David,

Good points. But my main concern at the moment is security and fraud
reduction. We'll have some tolerance for slowing down the sale if it
increases the reliability and decreases credit-card chargebacks. I'm
just trying to evaluate which procedures are *do-able* and which
procedures are *worth* doing.

Eddie


In article <bv9are$bs2$1@support.shopsite.com>, David H
<davidalanhills@hotmail.com> wrote:

Generally it is a bad idea to add anything that slows down a sale. You want
the customer to quickly register and complete the check out. Any additional
hoops to complete a sign up could be a lost sale. Note that the customer
could always log in later with the incorrect e-mail address and change it or
the merchant could change it for them (assuming they call or e-mail you
asking where their receipt is.)

-David H.

"Eddie Caplan" <eddiec_NOSPAM@NOSPAM_stararcher.com> wrote in message
news:280120041436151398%eddiec_NOSPAM@NOSPAM_stararcher.com...

[Sorry for anyone who is seeing this twice]

Loren,

Thanks for your quick response.

I was thinking about verifying the email address as part of the
Customer Registration process. Some websites send a Link or
Verification Code to the email address provided, and the potential
customer needs to click the Link or enter the Code on the website to
complete the registration process.

Are you suggesting that these procedures have no security value?

Thanks,
Eddie


In article <bv907n$9g0$1@support.shopsite.com>, Loren
loren_d_c@yahoo.com> wrote:

There is no way to validate the email address short of sending an email
to that email address (although I bet spammers would love it if there
were). Once the email is handed off from ShopSite to the sendmail
binary, it is pretty much out of ShopSite's hands, there is no way after
that for ShopSite to detect a bounce. The From and Reply-to headers in
the shopper receipt email are both using the Merchant Email Address
setting in Preferences -> Hosting Service, so the bounces should go to
that address.

This does not have anything specifically to do with customer
registration, even unregistered customers could order (if you allow
unregistered customers to order) using a bogus email address. And
non-fraudsters could also accidentally enter their email address wrong.

Anyone can set up a yahoo or hotmail account (or endless other free
email services out there), so even a valid email address does not assure
you that an order is not fraudulent. The best thing to prevent that
would be to use the AVS features of your payment processor that will
compare billing address information in the order to the billing address
the issuing bank has for that credit card account.

-Loren



Eddie Caplan wrote:

This is a Fraud issue.

In article <280120041056294389%eddiec_NOSPAM@NOSPAM_stararcher.com>,
Eddie Caplan <eddiec_NOSPAM@NOSPAM_stararcher.com> wrote:


In ShopSite 7.0.3:

1) Is there any way to validate the Customer Registration information
before the completion of the Customer Sign-up? I'm thinking of
somehow
verifying the customer's email address.

2) If the customer has given a bogus email address during
registration,
what happens to the emailed Receipt when it is undeliverable? Who
gets
the bounced-back email error?


Thanks,
Eddie Caplan