Fraudulent e-commerce transactions typically display certain characteristics that businesses should be able to identify. However, what is equally important, especially for high-volume merchants, is to be able to rate fraud risk, so that the highest-risk transactions get the most attention. Fraud scoring does just that.
Additionally, you need to be able to identify transactions for which the cost of an additional verification may be higher than the potential fraud loss. You need to decide whether your policy for such transactions should be to be processed without any further verification or to be rejected.
What Is Fraud Scoring?
Fraud scoring models are used to identify and rate the highest-risk card-not-present transactions that need to be additionally verified. They can pick up patterns of fraudulent activity and can differentiate these patterns from legitimate transaction activity. A numeric value (a score) is calculated for each transaction, reflecting the probability that it may be fraudulent.
If successfully implemented, a fraud scoring model would automate the decision-making process during periods of high transaction count, so that only transactions with a fraud score above a pre-determined level would be scrutinized.
How Is A Fraud Score Calculated?
Each transaction’s fraud score is a sum of the points the model assigns for various high-risk elements. Such elements typically include the following:
- Geolocation taken from the IP address.
- Anonymous IP address.
- AVS result code.
- Time of day the order is placed
- Type of merchandise.
- Shipment method.
- Sale’s amount.
- Evidence of previous fraud on this card account.
- Number of computers that have placed orders with this card account.
- Different shipping and billing addresses.
- Mismatch between time zone and geolocation.
- Length of time as a customer.
- ZIP codes.
Each model assigns different point levels for approving, rejecting or reviewing an order. These levels should be continuously reviewed and adjusted, as more and more data come in. Additionally, adjustments should be made to reflect different trends and the time of the year.
How to Use a Fraud Scoring Model?
You should only perform fraud scoring on transactions that have passed your internal fraud screening process. Those that have not are obviously high-risk and should be rejected anyway. Also, do not score transactions for which the issuer has declined authorization or that have otherwise been identified as fraudulent.
Additionally, you should not score low-risk transactions to keep costs down. Your system should also be able to identify transactions for which the potential fraud losses would be lower than the cost of fraud scoring and not subject them to the process.
Your fraud scoring system should allow you to:
- Identify multiple orders placed with the same shipping address, but with different cards. This may indicate that criminals have stolen several card numbers.
- Identify orders for an unusually high count of a single item.
- Check if multiple orders are placed from the same IP address.
- Check the card numbers – if they vary by only a few digits, these numbers may be software-generated.
- Identify orders with the same card number, but different expiration dates. Often criminals who have stolen a card number don’t know the expiration date, so they will keep trying to guess it.
- Account for the fact that most fraudulent e-commerce orders in the U.S. are placed between midnight and 2 a.m.
Each fraud scoring model assigns different weight to the various fraud elements used in its formula and there is no right and wrong approach there. Some businesses are more vulnerable to a particular fraud element than they are to others and their fraud scoring model should account for this unique weakness by increasing the weight of this element.
Image credit: Getentrepreneurial.com.