On-Line Fraud Detection

In today’s world where more and more transactions are performed without the cardholder’s physical presence, there is an increasing concern of exposure to credit cards fraudulent activity. The global increase in use of credit cards in combination with the growth in number of issuers and acquirers and the expanded accessibility of internet connectivity significantly increases the vulnerability of e-Commerce merchants to fraudulent activity.

The use of stolen credit cards details, prior to it being identified as such in the official channels, may appear as a totally legitimate yet most likely will result in charge back etc.

 

Fraudulent activity is ultimately denied by the real card holder and defined as a charge-back. Each charge back is accompanied by a fine. Merchants who exceed a certain threshold are exposed to a series of penalties such as:

- Heavy fines from the credit card companies, reaching hundreds of thousands and even millions of dollars.

- Increase in costs, both commissions (acquiring rates) and securities.

- Damage of reputation and credibility.

- And, in some cases, termination of processing agreement, hence blocking the merchants ability to accept credit cards.

 

As businesses increase their on-line payment activities the need for an Anti Fraud solution grows and its value for the organization increases. An Anti-Fraud solution helps the organization to keep fraudulent activity and charge-backs under control and sustain their on-line activity.

This document describes the various services provided by CreditGuard’s Anti Fraud solution.

The software performs a set of fraud tests prior to broadcasting the transaction to the acquiring bank. The fraud tests are performed simultaneously on different vectors of data and behavioral characterization of each transaction. Performance, alongside the variety and depth of tests, is critical to ensure minimum latency to the transactions. A validity scoring is attached to each transaction and according to this score the transaction is either approved and transmitted to the acquiring bank, immediately declined or transferred to further manual investigation at the call center.

CreditGuard is a PCI:DSS level 1 Service Provider. The company provides its services from a state of the art fully redundant hosting facility, connected to a handful of communication/internet providers. The facility owned by the largest local communication provider and is ISO 27001 certified. Communication with merchant and vendor is based on SSL v3 over web-services.

 

CreditGuard is a major supplier for both payment gateway and reconciliation solutions, connected to several acquirers, gateways and alternative payment solutions all over the world. Among CreditGuard’s hundreds of clients, are major players in the airline and tourism industry and as such CreditGuard has developed its’ expertise in this sector and offers Anti Fraud solution targeted at this sector’s specific requirements.

Each credit card transaction is verified against a large set of parameters, vectors and rules to receive a definite score between 0 – 100. Each parameter and rule provides an independent score and the final score is determined according to the type and sum of each transaction. Different rules and scores are assigned per the organization’s line of business and is an on-going process to adapt itself to new and changing fraudulent types.

 

Following is a description of some of the main rules and parameters the system uses –

 

Each organization manages its proprietary list of customers with negative track record. In some countries it is legal to share these black lists, while in others each organization needs to maintain a proprietary list. Each transaction is checked against the lists; a transaction that includes data that appears in the list is marked as highly vulnerable for fraud and treated accordingly. Black lists include information such as:

- Data received from processor on charge back activity of cards transmitted by the organization.

- BIN (Bank Identification Number) that must be blocked.

- Information that the organization has defined as highly indicative to fraudulent activity.

- Information which is not proprietary to the organization and that has been defined as indicative to fraudulent activity.

- Other proprietary data that the organization has defined.  

 

A set of tests that follow customers’ behavior. These tests inspect various parameters and trace suspicious behavior such as:

- A customer that is trying to conduct multiple transactions from a single IP address using different credit card numbers in a short time frame.

- A credit card that has been used frequently in a short period.

- Exceptional purchasing amounts.

- Several IPs using the same e-mail address in a short amount of time.

 

These tests are based on a large number of parameters. Each transaction is examined against every individual parameter as well as against any combination of two or more parameters. The outcome of each test may have a different effect on how the transaction is classified. Following are some of the more common parameters used in our tests:

- IP test – examines the country from which the payment request arrives from. The country of origin maybe an indication of the level of risk or should be blocked.

- Proxy origin test – does the IP arrive from an anonymous proxy that poses a risk.

- Compatibility between IP and various parameters such as card holder address etc.

- Compatibility between card holder location based on the IP to other parameters such as shipping address etc. 

- E-mail address tests

- Username & Password tests

- Shipping Address tests

- Browser tests

- BIN tests – check of issuer BIN and score according to its’ countries and/or banks. Compatibility checks between card holder’s issuer BIN to it’s current location, shipping address, etc. 

- Other parameters, proprietary to country, industry, card type, transaction size etc.

 

There are tests that are relevant only to the world of the travel industry, such as:

- Current card holder’s location is different than departure/arrival address of the purchased travel ticket.

- Name of card holder different from traveler’s name.

- Time left between flight order and departure.

- Travel routes that suffer from high probability for fraudulent activity.

- Purchase of only one-way tickets.

- Cross reference checks with Frequent flyer or such similar information.

- Type of air ticket: local, international, code share, number of legs etc.

- Whether the ticket is for a single person or several persons with or without children.

- Card holder’s current location is neither on the flights company’s departure destinations or arrival destinations.

 

On top of the tests examined by the Anti Fraud System, we recommend applying the known and available best practices. Following these guidelines may help prevent the fraudsters from attacking your business and send them elsewhere in search for an easier prey. Best practices include - 

- Request the use of CVV2 as part of the transaction.

- Provide the ability to use 3DSecure (VBV by Visa & MC SecureCode).

- Request AVS (Address Verification Service) where available. 

Client’s setup process and rules definition is based on sector history and experience, rapid and effective mapping of the business processes, and load of the client’s past denials (charge backs for example).
The system is configured with an initial adjustment of laws and the weights and runs in Learning Mode for up to three months. During this time the transaction scores, rules, thresholds, weights, etc. are constantly reviewed and updated