Amember saved me from fraud!

Discussion in 'Testimonials' started by youjoomla, Aug 6, 2007.

  1. youjoomla

    youjoomla Member

    Joined:
    May 15, 2007
    Messages:
    61
    Well I was hoping when I purchased this peace of art that it will protect me at all times and it did. Yesterday someone signed up on my site , paid and went ahead and changed email adress and name. Than reported to paypal that this was a fraudulent activity and that someone stole his paypal account. With help of amember I was able to provide paypal fraud departmant with, ip adress, time loged in, actual name who paid, name change evrery single detail this person did on my site.

    Than I was able to block both emails, username, IP adress which helped me stoping this junk from further downloading products from my site.


    Trust me if I was using any other paymant system or just paypal I would never be able to find this person. Joomla was also fulled as it was not able to find the original person anymore.

    My suggestion to anyone.
    1.Do not let users change anything in account accept their password.
    2.Set you password generator on because in order to login they have to get that email.
    3. Turn off automatic login and change text from "Thank you for joining you can log in now" To " You will receive email with your new password"

    THANK YOU ALEX!
  2. draj

    draj New Member

    Joined:
    Dec 29, 2006
    Messages:
    252
    Hi,
    The most important is to view your server logs. This is available in any account and you do not need a server. Any fradulent activity is registered in there, provided it is activated in the correct manner. This would also help to track what other malicious activities one did on the website. The Access log in aMember simply provides you a small part of it.

    Yes, I highly recommend to turn off the automatic logins where money is involved.

    Password generator is not all that necessary because one registered email address exists, the user will have to activate his account. The actiation key is by itself a password, an additional one other to the one an user chose.
  3. youjoomla

    youjoomla Member

    Joined:
    May 15, 2007
    Messages:
    61
    Small update. Paypal just gave me my $$ back , so now let say the guy did not do real damage , I have the $$$ and he or she is blocked :)
  4. mdmr_llc

    mdmr_llc aMember Pro Customer

    Joined:
    Aug 22, 2006
    Messages:
    62
    I purchased aMember for 3 different site and highly recommend it to all my friends.

    I never user aMember with PayPal. my current gateway charges me a monthly fee only when I have transactions, but I am thinking some a-la-cart upgrades and price them low enough. I was thinking PayPal would be a better choice until volume picks up. Personally I don't like PayPal, but am open to give them another try. Any tips I need to know before I jump in?

    BTW any news when v. 3.0.9 of aMember may be released? I'm still on 3.0.7.
  5. atopcoach

    atopcoach New Member

    Joined:
    Jun 7, 2007
    Messages:
    3
    How can we disallow user to change email address and only allow change of passwords?
  6. teacherspet

    teacherspet New Member

    Joined:
    Jul 22, 2007
    Messages:
    1
    Go to Setup/Configuration --> Advanced --> then change it where it says "User can change the following fields"
  7. tahititatou

    tahititatou New Member

    Joined:
    Jun 12, 2007
    Messages:
    14
    I don't understand what is the risk of having the automatic logins turned on.
    Can someone explain me?
    Thanks!
  8. itstrish

    itstrish New Member

    Joined:
    Mar 3, 2008
    Messages:
    10
    great thread

    trish : - )
  9. CrackBaby

    CrackBaby Member

    Joined:
    Aug 22, 2006
    Messages:
    154
    This script canNOT save you from fraud with paypal. Paypal will not get involved in virtual goods or subscriptions.

    They will refund the money and wash their hands of it, it was explained to me that if they do not refund the money they risk a chargeback fee.

    So if you do not ship a real tangible item you better manually approve all new paypal users otherwise they will rob you blind.

    Paypal is the worst payment system on the planet for fraud, Google is a very close second.

    If you are going to do high volume just get your own merchant account, sign up for a gate way (Authorize.net), and use Maxmind Anti-Fraud services. I set this up ad I only had 1 chargeback that we had to fight and we won just because we used MaxMind and the built in Anti-Fraud from Authorize.net. Again this is high volume site, I bill between 1250 to 1900 a day depending on the day of the week etc.
  10. cyjcyj

    cyjcyj New Member

    Joined:
    Apr 24, 2008
    Messages:
    1
    Hello everyone,

    I'm helping setup a whole Moodle-aMember teaching site using Paypal temporarily until we can get a real Credit Payment Gateway. This is a great article talking about what can happen.

    Looking through the aMember logs, I cannot find where all these logs about user changing their details are. Where are these details logs about user activity? I can only find IP address and what pages they visited.

    Thanx.
  11. CrackBaby

    CrackBaby Member

    Joined:
    Aug 22, 2006
    Messages:
    154
    Authorize.net works great with any merchant account. Make sure you get the city service with maxmind. Seems like a lot of sign up and money going out but it iw well worth it.

    I have not had one error with authorize.net it has always worked flawlessly!

    Moneybookers is good too if you do not use their credit card option then their rates are ok and it works without issue either
  12. snargs

    snargs New Member

    Joined:
    May 30, 2008
    Messages:
    9
    Where do you change it to You will receive email with your new password"

    ? :confused:
  13. falcolm22

    falcolm22 New Member

    Joined:
    May 22, 2008
    Messages:
    2
    hmm, good to know this in emergency
  14. sharris203

    sharris203 New Member

    Joined:
    Feb 27, 2009
    Messages:
    45
    I too would like to know what's the harm in auto-logins.
    And I think it would frustrate customers to sign up and then need to check email for their password.
  15. amy66

    amy66 Member

    Joined:
    Apr 9, 2009
    Messages:
    33
    Moneybookers are my favourite payment processor.

Share This Page