What is a Card Security Code (CSC) or Card Verification Code (CVC)?

AbeBooks has recently received inquiries from booksellers with this question.

The AbeBooks checkout process provides buyers with the opportunity to enter a Card Security Code (CSC) or Card Verification Code (CVC) during the checkout process. The CSC/CVC is a 3, or 4-digit number that appears on their credit card and is an added security feature provided by several credit card companies. The CSC/CVC is not mandatory and we encourage booksellers to include information in their terms of sale indicating that they require buyers to enter the CSC/CVC on the order form.

To learn how to update your terms of sale, please view online help.

Hot Ticket Items

Did you know that books are as popular with internet criminals as electronics and jewellery now? Books are easy to ship and are quick and easy to resell. Such books include bibles, medical textbooks, dictionaries, computer books, and bestsellers like Harry Potter books.

What does this mean for booksellers? Ensure that you review orders for large volumes of these types of items carefully and use the fraud recognition and prevention tips provided on the Security Page.

Fraudulent Orders Outside the AbeBooks System

AbeBooks has recently been notified that potentially fraudulent clients from Nigeria are attempting to place orders with booksellers directly either by phone or email. These requests can be characterized by the following:

  • Request for unspecified number of books
  • Request for unspecified titles
  • List of authors provided
  • Request for bookseller to purchase other items like cell phones on buyer's behalf
  • Requests originate from African or Eastern Block clients
  • Contact indicates he/she works for a library, charity or other organization that needs books

What you can do:

  • Use extreme caution when accepting direct orders from clients in Africa and Eastern Block countries
  • Use AbeBooks' credit card processing facilities
  • Reject the order and direct the client to place their order from your store online through the AbeBooks Web site
  • Direct client to contact AbeBooks for more information on searching and ordering
  • Be familiar with the indicators of fraud and review the Security Page on Bookseller Central

Indicators of Spoof E-mails

It has come to our attention that third parties pretending to be AbeBooks have recently distributed fake or "Spoof" e-mails to some of our customers. The headers in these spoof e-mails have been altered so that it appears the e-mail is from AbeBooks. Spoof e-mails are used to commit identity theft and spread viruses.

There are a few common criteria that will help you identify Spoof e-mails:

Subject lines

  • May refer to billing, membership or security issues and indicate a level of importance

E-mail content

  • Solicits sensitive contact, sign-in, or personal information (including credit card details)
  • May include links to attachments or that direct user to the perpetrator's own site (The URL will indicate this)
  • May include password or sign-in information
  • May include a form for entering information
  • May indicate that your account will be deactivated if the requested information is not provided
  • An impersonal greeting such as, "Hello user of AbeBooks"

"From" field in email header is altered to make it appear that the email is from a legitimate source

  • Example - support@abebooks.com

Sample of an Unauthorized E-mail

Unauthorized E-mail

Protection

To protect yourself from spoof e-mails, please note the following:

  • AbeBooks does not solicit contact, sign-in, or personal information by e-mail.
  • AbeBooks always addresses you by the contact name on your account – we never use general terms like “Dear Valued Customer,” or even your bookstore name.
  • We will never provide links to our website for updating account, credit card or banking information. If we require you to do this, we will provide a set of instructions instead.
  • AbeBooks links always include.htm, .html or .shtml extensions. If you see an extension such as .php, the e-mail didn’t come from us.
  • If you hover over the link and it converts to an IP address, you can be sure that we didn’t send the e-mail.
  • If you can’t reply to the e-mail address, or if you receive a 404 error when you click any of the links in the e-mail, it is likely not a valid e-mail.
  • We never send e-mail to clients with attached documents and we never include links in our e-mails to attachments - AbeBooks only includes links to pages on our web site.
  • When provided with a link to another page or site, check the URL for legitimacy.
  • Unsolicited passwords are not provided within e-mails from AbeBooks.
  • Use caution when handling any unsolicited e-mail with attachments.
  • Most importantly, if you are ever unsure about an e-mail that seems to originate from AbeBooks, don’t hesitate to contact Customer Support to ask.

 

Security and Trust Bulletins

Current Issues

Jan 13th, 2006

AbeBooks has recently seen a trend of suspicious orders from a buyer that associates their account with charities. The characteristics of these orders include:

- The buyer usually places orders for lower-priced paperback books.
- The buyer's payment methods of choice are check and money order.
- The buyer associates their account with the name of a charity.
- The shipping addresses used often include "27th Ave, Brooklyn, NY."

We encourage you to review all of your orders carefully before shipping. Make sure to follow these guidelines for any suspicious order:

- Contact the buyer directly to fill in any missing details.
- Wait until the payment has cleared before you ship the book.
- Report suspicious orders to Customer Support. Make sure to include the details of why you are suspicious, and what steps you've taken to investigate the order.