Hello! We have an ongoing (and potentially fraudulent) problem with online constituents being created with gibberish names and bogus addresses. AND there are never any orders associated with the new accounts. I cannot figure out the purpose, if this is a preemptive attempt at setting up fraudulent order, and are they BOT created. I run a New Record Summary report everyday, and everyday go through the list of new online accounts that were created the day before. The bogus accounts are pretty easy to spot, but sometimes number in the teens or twenties each day. I then go into each account and deactivate them, which can be quite laborious. Does anyone else have this issue and do you have any other way of dealing with them. More often than not, they have emails with the word stellard in the address. I have an ongoing ticket trying to find a pattern that might help create some preventative measures in keeping these accounts from being created. Any shared experiences are welcome.
Bringing this to the top. Have we figured out a way yet to stop these Stellard accounts from being created? We deactivated 70 over the weekend and have since had 5 more created in the past 2 days.
Hi Jessica. No sure-fire solution has been discovered or developed. Mayo Performing Arts Center has addressed fraud in a recent CRM assessment, which basically deals with three layers of what one might consider fraud. First is the creation of what I call bogus accounts (stellard emails) Then there are secondary resellers (scalpers) which while legally not fraud as long as there is no legislature to prevent third parties from reselling our tickets at exorbitant prices, none-the-less interfere with our ability to give good customer service and sell to customers legitimately priced tickets. Then there are "bad actors" who make last minute online purchases, using fraudulent credit cards, then those sales are disputed as fraud after the show has past. Implementing AVS (address verification service) in TNEW should take care of this third case of fraud, but there are certain defects in the current functionality of AVS. Using delayed eTicket delivery method helps combat scalper activity. Currently, we have not been able to keep bogus accounts from being created. Nor do we understand the reason for such accounts being created other than their potential use for future fraudulent activity. We do use RECAPTCHA which should prevent BOT activity in creating a new account. We also have a "terms and conditions" waiver that we require to be checked at the end of the order creation. If these people/BOTS are getting around RECAPTA and are intending to create fraudulent orders, it is possible that our terms and conditions waiver is preventing the person/BOT from creating an actual order. This would result in a bogus new account with no order. This is just a guess at what might be happening. Perhaps someone from Tessitura can weigh in on this? We just continue to run a daily report of new constituents and inactivate these bogus accounts. We also are able to find some of these last minute fraudulent sales and return them before the show occurs and before a fraud dispute can be issued.
You have summed up the "issues" perfectly. Like what is their end game with these stellard email addresses? Thanks for posting!
My assumption is that stellardl is a bot begin trained against recaptcha, and possibly TNEW sites specifically. The fact that they seem to do a variety of things, up to placing products in the cart, but never checking out suggests they're just probing how the sites works generally. That said, the kind of nonsense that they use to fill in names and addresses feels pretty human, in particular feels like a number of humans with different tolerances for spending time on creating aliases.
I also wonder if the "stellardl" "tell" isn't actually a way to watch internet forum activity to see if they are being detected on different platforms. Hopefully with these forums behind invitation-only accounts, we won't be letting them know.
I like Gawain Lavers's assumptions. They tally with my own assumptions. Now, that being said, how much we are assuming on top of assumptions on top of other assumptions and thus affecting our resulting surmises... I do not know. Suffice it to say I think we are all well sick of it, but not entirely sure how to stop it.
It occurs to me that I never checked before, but the stellardl accounts are not linked to any rows in V_PAYMENT_GATEWAY_ACTIVITY, which would presumably happen if they were at least trying to pay for orders, right? I guess we wouldn't have any record of people entering incorrect gift certificate numbers...