I'm developing a marketplace website where tutors and students can find each other. I'm building an online payment system (much like elance or guru.com) where the tutor can get paid and we take a cut.
Couple questions:
What's the best way to block IP addresses from certain countries like Nigeria? (Note, I am using Ruby on Rails so any recommendations specific to that would be even better but if not thats fine too.)
What other techniques can I use besides blocking certain IP's? (I'm already doing AVS and normal gateway checks).
What common scams do I need to check for?
For example, one I can think of is someone using the system to pay themselves, they receive the funds as payment (minus our fee) and then do a chargeback on the credit card.
I imagine these are similar to problems faced by sites like Paypal or Google Checkout (some call these aggregation sites) since they are taking a small percentage fee - so if the original source of funds is lost it's a huge loss (many time multiple of the profit involved unlike normal higher margin products).
Couple additional notes:
- My user accounts already require email validation - this is a bare minimum, I'm looking for something beyond this
- There is a 3-5 day waiting period on the direct deposit - this is required by the bank - but still does not answer the question of how to determine during those 3-5 days whether it is fraud or not so it can be canceled
- I'd prefer to avoid a solution which punishes the good people along with the bad - such as charging to signup or having them leave their funds there account until a withdrawal is requested (like Paypal)