Sophisticated Fraud Protection Systems
Web Commerce Today, Issue 32, March 15, 2000
One way merchants can protect themselves against fraudulent credit card transactions is to take advantage of the fraud protection systems that are now becoming available. These take two directions.
- Transaction-based – Evaluates the individual transaction's inherent riskiness, without any other knowledge of the customer.
- Customer-based – Evaluates other charges for this card number to see if this transaction fits the pattern.
When these approaches are combined, the protection against fraud becomes very strong.
Scoring the Transaction for Risk
CyberSource.com pioneered a system for scoring an individual transaction for risk. These are some of the factors scored:
- Time of day . Most fraudulent transactions are conducted late at night when the system is not being closely monitored.
- Free e-mail account . Most fraudulent transactions are initiated with a free e-mail account, such as from yahoo.com or hotmail.com. Since e-mail account holders have privacy rights, individuals that use these accounts are difficult to trace without a search warrant.
- Address Differences . Fraudsters sometimes give a different bill to address from the ship to address. P.O. Boxes are also another danger signal.
- High ticket items . Few fraudsters will spend much time trying to steal low ticket items. But computers, software, airline tickets, diamonds, and the like are attractive targets.
- Country of origin . Customers from certain Eastern Europe countries such as Bulgaria and Russia register notoriously high levels of fraud. So do some Pacific Rim countries.
CyberSource allows the merchant to set his own comfort levels for each of these factors. When the score from each factor is totaled, the merchant can set the system to automatically reject any transaction with a score higher than a certain level. CyberSource found that implementing this kind of system cut the incidence of fraud from 40% to the single digits or below.
Customer Transaction Databases Checks
A second approach to detecting online fraud is to compare a transaction with previous transactions made for a given credit card number and make sure it fits the pattern. Companies like RiskWise enable their blue chip clients to instantly check credit cards with databases of 2.5 billion records to detect anomalies. This kind of service, available to traditional merchants for some time, is now becoming available to online merchants. Industry giant HNC Software has provided security for traditional offline merchants using neural networks to analyze patterns of transactions on huge databases. They have recently adapted their Falcon software for online merchants and are partnering with payment gateway providers Signio, CyberCash, DataCash, eBit, iCOMS, ShopNow.org, and others to provide eFalcon (http://www.eFalcon.com). In less than a second this will score a transaction based on all the intelligence it has gathered both about the transaction and former purchases. Implementations should be available this Spring, though the cost of the service through payment gateways is yet to be seen.
I am quite encouraged at the direction this is taking. When payment gateways support fraud detection, then these technologies become affordable for small business as well as the huge corporations.
