Detecting and preventing e-commerce fraud can be quite time consuming if you have not designed and implemented a mechanism to automate the process. There are quite a few third-party vendors to help you do that, but I would suggest that a better approach would be for the management of each e-commerce business to invest the time and develop a proprietary internal system for screening potentially fraudulent transactions. It only makes sense that, as fraud prevention should be at the top of your priorities, you would want to become at least a minor an expert in the field.
Such a proprietary fraud screening mechanism should be able to detect certain preselected high-risk transaction characteristics and suspend the processing of the payment at issue until it is investigated more closely.
8 Characteristics of Potentially Fraudulent Transactions
The following transaction characteristics should be built into your fraud screening mechanism to trigger the suspension of a payment:
- Negative file match. If you maintain an internal negative file (and you should!), it will store information from transactions previously identified as fraudulent. Your fraud screening system should automatically match information from all new transactions against it.
- Exceeding your internal velocity limits and controls. You will need to establish review limits on the number and dollar amount of transactions approved for a single customer over a specified time period. These should be continually adjusted, as you accumulate more data.
- Address Verification Service (AVS) mismatch. AVS verifies whether or not the billing address provided by your customer at the checkout matches the one on file with the issuer. A “No Match” response is a strong fraud indicator and a “Partial Match” should also be investigated.
- Card security code mismatch. These are the three- or four-digit codes used to verify that the cardholder is in possession of the card during the transaction. All valid payment cards have a security code and a mismatch is a strong indicator of potential fraud.
- International shipping address. If you do accept orders from some foreign countries, but not from others, you should screen the undesirable transactions.
- International IP addresses. If you have identified certain international IP addresses as having a higher fraud rate than domestic or other foreign IP addresses, you would probably want to screen them as well.
- Different shipping and billing addresses. If you do not accept orders with a mismatch between the billing and shipping addresses or accept them, but want to take a closer look at them first, you would want to screen them.
- High-risk shipping address. A shipping address does not need to be international to be high-risk. There are certain domestic addresses that you may want to screen, such as P.O. boxes, prisons, hospitals, as well as ones found in third-party databases of high-risk shipping addresses.
What your fraud screening system does is separating high-risk from low-risk transactions, based on criteria you have pre-set, so that you don’t waste time reviewing orders that are unlikely to be fraudulent. As data accumulate, you will need to periodically review your selected criteria and make adjustments, as necessary. For example, you may want to add a high-risk shipping or IP address or add a country to your non-shipping list.
Image credit: Creditcardmerchantintl.com.