>>Fraud Protection & Risk Management

Fraud Protection & Risk Management

One of the hottest topics making its rounds currently in the world of Merchant Services and Payment Service Provider’s is Fraud Protection and Risk Management. Criminals have become more sophisticated from days of old, and instead of physically robbing banks, they can now steal your personal information to drain your account without you physically seeing them, causing massive headaches. Increase in the use of the electronic payment industry has also caused an increase in credit card fraud. As a result, a necessity for credit card fraud protection tools emerged. These tools are intended to minimize fraud possibility and prevent potential losses of funds, resulting from such fraud.

Not all of below listed techniques and services are designed to be implemented on a merchant level, but it doesn’t hurt to know what’s being done to fight fraud, especially if you find yourself operating in a high-risk industry. Educating yourself on fraud and risk management is the surest way to improve your business’ fraud prevention capabilities and keep your information secure.

The following is a list and explanation of useful fraud protection techniques.

Risk Scoring

Risk scoring, or fraud scoring, involves the use of third-party services which perform an overall risk assessment of a transaction. Assessment results serve as a basis for the merchant to decide whether the transaction is safe to approve or not.

Website Traffic Information

In order to verify the legitimacy of a company, obtaining information on website can be used to check e-mails coming from the domain and potentially check the company overseeing your order. For example, web-sites with large volumes of non-human traffic are marked respectively and analyzed for potential fraud.

Mapping

Mapping allows verification of billing and shipping address locations via satellite or street view. If the two addresses do not match and have large discrepancies, for example the two locations are based in different countries, you may want to do additional research before submitting your order. This also serves useful in reverse address lookup.

Domain Registration Lookup

You can also verify the legitimacy of a company by verifying the websites registration information or domain. If the domain is unregistered, send a test email to the site. If the test email is returned by the mail delivery system, use caution if you decide to continue with your order.

Professional Social Network Lookup

You can also verify a company, or individual customer’s affiliation, location, and potential mutual connections on professional social networks, such as LinkedIn and others. If the number of connections is either extremely low for an established company, or the connections show affiliation with high-risk locations, expand your research.

There is a wide range of risk management services that merchants and processors can choose from and implement into their fraud prevention strategies. Some are free, others are paid for and some have the flexibility to be used in any type of credit card acceptance setting, and some are specifically designed for the card-not-present or face-to-face environment. The following is a list of useful fraud protection services you should look for when choosing a payment service provider for your company:

Stand-in processing — when the credit card company, such as Visa, authorizes transactions when the issuer’s host system is unavailable or when the issuer has chosen Visa to process certain transactions on their behalf.
Suspect activity reporting — helps identify excessive or abnormal cardholder activity levels. Reports can be configured to monitor transaction counts and dollar limits.

Falcon Fraud Manager — a customizable platform that performs fraud scoring to capture relationships and patterns and detect and stop potentially fraudulent activity. Primary system components are:

  • Falcon Debit — calculates fraud score for each transaction based on individual cardholder and transaction data. If the score indicates a high probability of fraud, the transaction can be sent to a fraud analyst for review or be blocked. The fraud score can also be used for making real-time authorization decisions.
  • Falcon Expert — enables users to define rules to automate fraud prevention procedures by allowing the use of other relevant transaction information, in addition to the fraud score.
  • Flash fraud rules — provide parameters based on a set of rules to help identify and block suspicious transactions. The following data fields can be used to block said transactions:

    – Merchant country and category code.
    – Merchant ZIP code.
    – Acquiring network ID.
    – Personal account number (PAN) entry mode.
    – Transaction amount range.
    – CVV checked indicator and CVV result – CVV number validates and verifies the unique three-digit code on the magnetic strip of credit cards to detect counterfeit cards and limit fraudulent card-not-present transactions.
    – BIN
    – Prior Falcon score
    – Visa Advanced Authorization Risk Score or Risk Condition Code.

Authorization edit checks — can be set at the financial institution, card group, or individual cardholder level. Users can set limits separately for cash and point-of-sale (POS) activity, and timeframes can be set for single- or multiple-day periods. Authorization edit checks include:

  • Daily spending limits — monitor amount spent and cash back.
  • Velocity checks — monitor the frequency of card use.
  • Expiration date checks — verifies if the card is expired and checks for an exact expiration date match.
  • Name match — limits the risk of counterfeit cards by comparing the Track 1 names on incoming authorizations to names on file.
  • PIN validation — matches entered PIN to the PIN on file (for ATM and select POS transactions).

The techniques and services listed and detailed above are only a few major players in the game of fraud protection and risk management, but they can provide you with a decent direction for your needs. Choose a PSP that is right for you based on your risk arena, target customer audience, and personal fraud protection desires.