Fighting CNP fraud

Sales continue to grow in a card-not-present world and merchants are struggling to stay one-step ahead of the fraudsters. Managing online fraud remains the number 1 priority for loss prevention specialists.

Risk management teams are challenged each day to find better methods and new partners to help fight fraud and chargebacks. Without sophisticated risk tools, most merchants are forced to implement a costly manual review process. The answer is not “more bodies” but better technology and improved process. More robust fraud systems reduce the incidence of fraud by introducing better screening processes, rules management and more accurate identification of sophisticated (networks of) fraudsters operating internationally.

Most merchants use basic methods of risk management such as looking at IP addresses, order velocity, address verification (AVS), CVV, etc. These methods have their place and merchants should use them where appropriate. However a more sophisticated approach is needed to accurately differentiate good orders from bad ones in real time. Today’s fraud detection should incorporate real-time global intelligence assessments of transaction attempts across multiple merchants, identities, geographies, and methods of payment. This additional level of risk assessments are far more accurate than older card-centric technologies that rely on (generally) stale data models and mostly card-present usage patterns.

Examples of Bad Behavior on the Internet

• Multiple identities and multiple email addresses used
• Excessive number of cards or accounts for a single customer 
• Multiple purchase attempts from a single computer terminal.
• Multiple addresses using same card numbers and email addresses
• Multiple purchases with different cards going to a common shipping address (re-shipments)
• ACH transactions are easy to produce with high incidence of internet fraud
• Use of Public IP addresses such as schools, prisons and libraries

Characteristics of Professional Fraudsters-A Global Threat

• They have access to massive lists of stolen cards/ACH accounts and identities. 
• Digital content sites are often used to test stolen accounts.
• The fraudsters operates from many countries and geo-locations

The following issues are pervasive throughout all types of Internet merchants.

• Risk Changes Rapidly 
• Ability to change ID (persona) quickly to avoid detection
• Very sophisticated approaches using latest technologies
• Current Card Centric rules to authenticate a card user are inadequate
• Minimal real-time access to bank checking account data increase losses from ACH transactions.
• ID Theft is a rising problem and aided by the proliferation of Spamming, Phishing and Pharming techniques.
• High percentage of computers are compromised without the owners knowledge
• Recent studies suggest that many shoppers are still unaware of what needs to be done do to protect themselves from such fraud.

Simply applying the auth process is no longer sufficient in controlling this type of fraud, especially as you grow internationally or through new marketing channels. Advanced risk management solutions should become a part of your strategy and included in your arsenal of defense. Examples of real-time detection can include Device Fingerprint and Proxy Piercing technology. However, these are only part of a comprehensive solution and are more enablers into how you apply and write specific rules to meet your business objectives to stop fraud up-front and avoid chargebacks and losses.

Let me know your thoughts or contact me to learn more.

Jeremy Drzal 

512-234-3036

Stay tuned for my next post outlining device fingerprint and proxy piercing technology in more detail