As you probably noticed, the visual appearance of several sections of the WebAsyst website has changed, specifically that of the order checkout and the Customer Center. The update took place on Wednesday, April 25th.

WebAsyst Customer Center is the place where the changes were most obvious. Your Customer Center is now more convenient and offers more useful information and efficient actions, e.g., replacing necessity to send inquiries to the support team and to wait some time for response.

The Customer Center is now located at a different URL: from https://my.webasyst.net/ you are automatically redirected to https://webasyst.com/my/.

Users of WebAsyst online services may also have noticed that attempts to extend their paid account, to change the pricing plan, or to purchase extra SMS credit result in a completely new page being opened in the web browser. Its design now greatly differs from that of your WebAsyst account; however, in time, we will apply this common style to all pages to make the use of WebAsyst products and services even easier.

Tip: If you are using only online services and want to log in to your Customer Center but have no password, please click on the password recovery link on the Customer Center login page; this will send a special notification to the specified email address, which must be the one connected with your existing WebAsyst account.

If you have any questions related to the functioning of the new Customer Center or if you experience problems when placing an order on our website, be sure to report such cases to the support team via the request-sending form or directly to support@webasyst.net.  Most urgent issues are now being promptly resolved upon notice.

Tyres2Go.com is powered by WebAsyst Shop-Script.

Our company has been accepting bank card payments for 5 years now and during this time we have gained some experience in avoiding chargebacks which should be useful for beginners. We do not use automatic fraud detection tools because of their inability to provide very accurate and timely results and have instead assigned this task to human payment inspectors. This decision has been yielding very good results.

Because of the ambiguity of the payment verification procedure, fraud detection and prevention is more of an art than a science; however, there are specific rules you should follow to foil fraudulent credit card attempts. The first criterion is whether a customer previously purchased something successfully. If no orders have been processed from a customer’s email address in the past, it is necessary to apply other tests. We use the following checklist for additional payment verification:

1. Order price. If a customer orders the most expensive product, especially without testing the item or corresponding with our support team, chances are high that the person is attempting to use a stolen card and additional review should be made.
2. Payer’s IP address. We use special online services to determine the country name corresponding to the payer’s IP address. It is always suspicious when the payer’s country does not match that of the cardholder.
3. Payment time. After identifying the country name, we note the payer’s time zone. Any order placed between 3:00 am—6:00 am is suspicious, as it is extremely rare for a genuine customer to be purchasing during those hours. As a rule, true purchases and payments are made during the day, or at least before midnight.
4. Email address. If the customer’s email address is hosted by a free online service like Gmail, AOL, or Yahoo! and contains meaningless abracadabra before the @ character, that is a good indication of fraud. On the other hand, if a valid email address is based on an existing company website’s URL, and has the form sales@… or payment@…, etc., it probably belongs to an employee of an existing company; the probability of fraud is negligible in this case.
5. Number of declined transactions. We always review transaction history for each new payment. If a person has made several unsuccessful attempts to pay for an order, this is a red flag indicating possible fraud. Even if a card is finally accepted after several declined transactions, we perform additional verification in such cases.
6. Requests to the support team. If a customer “suddenly” decides to buy something without asking a single question (especially when other customers send an inquiry at least to ensure that we have an actively functioning support service at all!), this is suspicious, especially if combined with any of the other factors listed above.
7. Related information about the customer’s company. If a customer has specified his/her company name during checkout, we often perform an additional search on the Internet to find out whether the customer’s name and his company name are mentioned somewhere and are really associated with each other. If no evidence of such relationship is found, the transaction is flagged as suspicious.

If a payment inspector suspects a certain transaction to be fraudulent, he or she sends the so-called “verification request” to customer. This is an email message with standard content, requesting the customer to provide a scanned copy of an identification document as well as a scanned image of the bank card which was used for payment. If the provided documents identify the customer as the real cardholder, then the payment is accepted and the ordered items are delivered to customer. Scanned documents are always carefully reviewed for signs of alteration. We have seen cases where criminals, a.k.a. “fraudsters”, actually send requested “proof”, but the scanned or faxed documents turn out to be false.

Let us look at the situation from a different perspective. When genuine customers (not fraudsters) place an order on our website, they complete the order form, type in payment credentials and contact details, and simply wait for the order to be shipped. It may be an irritating obstacle for this person to receive a payment verification request, preventing the person from completing the sale. Besides, sending copies of personal documents over the Internet may make this person uncomfortable, even with key data blacked out on scanned images.

For this reason we rarely send payment verification requests if the expected risk of fraud is minimal. We have adopted an internal rule which says “if there are no clear indications of fraud, payment will be accepted and product shipped”; it works well because of the high professional level of our personnel. Even though this principle may occasionally result in a chargeback, it ensures that we treat our good customers well. Experience often gives immediate insight into what may be a potential fraud and which orders are genuine, and inspectors who have processed many orders are very good at telling the difference.

Remember: it is very important for online merchants to perform scrupulous verification of incoming bank card transactions, and this effort to stop fraud is well worth the rewards to their businesses as it is to ours.

NewHopeWinery is powered by WebAsyst Shop-Script.

If you decide to publish an email address on your website to receive customers’ inquiries, it is inevitable that you will very shortly begin to receive spam messages mixed with real support requests. You will then wonder whether there are efficient ways to protect oneself against unsolicited advertising and to receive only messages from website visitors and registered customers? The answer is “yes”.

We have been providing customer support services for more than five years and have never changed the email addresses of our support team. During this period anyone could have added our addresses to spam mailing lists, but we receive very little unsolicited mail.

The first line of defense is our mail server, which rejects over 90% of incoming messages at the mail pre-processing stage! Mail pre-processing involves several filtering steps:

1. The sender’s IP address is checked against the spammers black list; the presence of the correct DNS record on the sender’s mail server is also verified.
2. Message headers are checked for compliance with RFC standards and an additional check is performed to find out whether the sender’s “From” address actually exists on the outgoing mail server.
3. The message contents are scanned for spam-like text.

If negative results are returned on any of these steps, the mail server rejects the message and returns the appropriate error code to the originating server.

As expected, not all incoming messages which pass this filtering system are genuine customer requests. According to our statistics (collected during 3Q 2010), 9324 messages passed through the spam filter. Only 3056 of them (almost one third!) were later confirmed by their senders, which means approximately 6000 messages remained unconfirmed.

Summary of statistics:

What does “Not confirmed by senders” mean?

This corresponds to an additional spam filter in our customer tickets processing system. Every time it detects an incoming message sent from an email address which has not yet been registered in the customer database, it sends back an auto-response that asks the sender to click a special link to confirm the sending of his/her request. The confirmation link must be clicked only once for each email address; doing so automatically registers the sender’s address in the database. All further inquiries sent from the same address will be received directly by the support team and the confirmation link will no longer be sent to their author. This special spam filter is integrated in WebAsyst Help Desk application which we use to process support requests from our customers.

The majority of messages saved in the database (5939 of 9324, approximately 64%) were not confirmed by senders; therefore, they are categorized as spam. Additionally, 329 messages were manually deleted by our support team.  Although those messages had either been confirmed by senders or were received from registered email addresses, personnel identified these as duplicates or spam.

In addition to email, we also receive customer inquiries from a web form completed on the website and from customers’ personal online accounts. For more details on these three support request methods, see the article “Customer Messages – Stop Losing Them!“. Requests sent via web form or from an online account are directly saved in the Help Desk database; therefore, the mail server’s spam filter is not applied to such messages. The web form has its own means of spam protection:

1. CAPTCHA — an automatically generated image with several characters which a website visitor must type into a special text field to send a request successfully. CAPTCHA helps protect the website from spam robots trying to automatically submit messages using the web form.
2. A confirmation link is sent back to non-registered email addresses (similar tactic to that used for requests which are received by email).

The most reliable method of spam protection is the use of personal online accounts by customers. Since access to an account is provided only to registered customers and is possible only after successful authorization, the probability of spam sent by account users is negligible.

The table below shows the statistics for the three described request receiving methods during three months. In column “Email” data are provided for comparison with similar parameters of the other two methods: the web form and the online account.

We recommend the following means of efficient protection against spam when receiving customer requests online:

1. Offer a protected online account for each customer from which he/she can send requests to you. This will ensure almost 100% spam protection.
2. Place a web form with CAPTCHA on your website so that non-registered visitors can send their requests to the support team.
3. If you want to receive inquiries via email, set up a spam filter on your mail server and send auto-responses with a confirmation link to each new customer.

There are several methods of receiving inquiries or support requests from your website visitors and customers to ensure efficient handling.

Method 1: via email. To use this method, you may simply publish a special email address on your website; e.g., support@mycompany.com.

Method 2: using a contact form embedded on your website. Contact or feedback forms usually contain several fields where a visitor enters his/her name, email address (to receive response), the subject, and blank space for message content.

Method 3: through a personal online account. Users must register themselves prior to sending an inquiry.  A protected online account may also contain useful information such as  order and contact details, a link for quick access to the knowledge base, etc.

Which method is best greatly depends upon your website’s purpose and what kind of inquiries you expect to receive from your visitors. If your website is a simple personal page  about your hobby, then placing your email address on the home page (method 1) would be sufficient.  An online store selling technically complex products which require post-sale support and maintenance should choose method 3 to facilitate efficient customer request handling. (more…)

RedOctoberShop.Com is powered by WebAsyst Shop-Script.

Great Mystake E-shop is powered by WebAsyst Shop-Script.

JacoStore is powered by WebAsyst Shop-Script.

Natural Playgrounds Online Store is powered by WebAsyst Shop-Script.