credit-card-fraud-prevention by xusuqin


									Following are the preventative process, procedures and warnings that merchants should be aware to
minimize credit card fraud. These process minimize fraud while maximizing transaction throughput.

Address Verification System
The Address Verification System (AVS) is a system used to verify the address of a person claiming to
own a credit card. The system will check the billing address of the credit card provided by the user,
with the address in the database at the credit card company. AVS verifies only the numeric portion of
the address.

Anonymous and Open Proxy IP Addresses
Organized credit card fraudsters often use anonymous proxies, which hide their true location. The IP
address sent by their computer can be a open proxy IP address instead of real IP address.
Authorization approval indicates that at the time the approval was issued, the card hasn't been reported
stolen or lost and the card limit has not been exceeded.
Bin Check
Bank Identification Number is the first 6 digits of a bank card number. Credit card bin help to identify
the credit card holder, issuing bank and the location. Customers sometimes use credit cards issued from
another country. The bin database site will provide bank name, card type, and a 3 character code for the
country when the Bank Identification Number is entered.
Calling the Card Issuing Bank

The merchant can request card issuing bank to make a courtesy call to your customer to verify the
charge. In such case the merchant needs to provide his merchant id , phone umber, customer name,
address and phone number to the issuing bank.

Calling the Customer
This is an excellent way to detect fraud. The telephone call also gives the merchant an opportunity to
welcome the customer, answer their questions and build solid relationship. Sometimes the fraudster
will submit the actual phone number of the person whose card was stolen. If the card holder did not
authorize the charge, then should call their credit card issuer to report the card theft.
Card Verification Method
The CVM response provides information that might help you decide whether or not to ship goods to
the customer. CVM uses a 3 digit security code that is appended to the credit card account number but
not printed on the magnetic stripe. Online Merchants prompt customers to provide the CVM value
along with credit card number and expiration date. The CVM value has become part of the
authorization request to the payment processor.

Credit Reference Agencies
Merchants can use credit reference agencies like Equifax, Experian, and Trans Union for high value
transactions.The customer would be asked to verify some specific information such as the mother's
maiden name or their social security number. This process can be expensive and moreover time
Fax Orders
When an order is received by fax the merchant should request fax copies of both the sides of the credit
card.This proves that the customer has possession of the credit card at the time of the order.The
merchant should also request a copy of state-issued id or drivers licence from the customer which
provides additional proof, preventing a chargeback.

Fraud Scoring Systems
Fraud scoring system is used by payment processors to identify the high risk transactions in card-not-
present environment that require additional verification. An efficient scoring model use software
techniques to capture patterns of fraudulent activity, and to differentiate these patterns from legitimate
purchasing activity. Scoring models typically assign a numeric value that provides the probability that a
transaction may be fraudulent

Fraud Screening Organizations
The Merchants should attend seminars offered by credit card companies and card processors to educate
themselves. Some merchants are joining fraud-screening organizations and beginning to use extra
security software that determines the risk assessment. The merchant can decide to accept the card
number or not, based on that fraud rate value. Some organizations such as offer tips,
databases of stolen credit cards, and web look up tools.
Free Email Accounts
May businesses refuse to accept orders from any free email accounts or any non isp email domains.The
fraudsters use free email addresses to remain anonymous. Most businesses purchasing a business
product would not use a free email address. Pl note that many legitimate customers also use free email

Internal Merchant Rules
This method is ideal to catch online transaction frauds. The Merchant sets up rules to stop or flag
specific orders from specific IP or country or if the transaction amount is bulk or huge, or if product is
often shipped to a specific address.This method reduce repeated or pattern specific frauds.

International Orders
The merchant must weigh the financial benefits of accepting international orders against the possibility
of fraud. Merchants cannot always refuse foreign orders since he could be missing potential good sales.
However the merchant needs to perform various checks before orders are shipped. Request the credit
card processor to provide a list of high risk countries.The high risk countries include
Indonesia,Nigeria,Pakistan,Egypt and most African nations. Placing an international phone call to the
issuing bank is recommended in case of large orders.
Merchant Rules
Merchants should follow the procedures recommended by the payment processor and the credit card
companies. If a merchant suspects a fraudulent order,should contact the registration service to cut
reduce the total number of chargebacks
Negative History File
The merchant should keep a database of problematic customers, prior fraud attempts, chargeback
records.The record should include customer name, billing address, phone, email and IP address.
Incoming orders can be searched for matches in the database. This method reduce the incidence of
repeat offenders.

Other Preventive Measures
Always check the data to determine if the buyer is a real person. Check if the zip code really exist and
the email is formatted properly.

Pattern Detection
Pattern detection checks if multiple orders are placed to a specific shipping address with different credit
cards. It checks for unusual purchase of a single item since fraudsters may have access to several stolen
card numbers. It identify users who repeatedly submit same credit card number with different expiry
dates. Since fraudsters will have only credit card numbers, they will just keep submitting that number
with different expiration date until they match.
Payer Authentication Program
Payer Authentication program is an optional process to increase the payment security and reduce the
risk of fraud. The process verify the cardholder's identity directly with the card issuer in real-time. The
card issuer remain liable to some losses for the online fraud which was generally borne by merchants.

Processing Orders
The merchant should have a policy of not shipping any order until the charge can be verified by their
additional checks. The merchant can send an immediate email confirmation of the order, and explain
additional checks are being performed to reduce fraudulent orders. The additional checks may take 30
minutes, or can take days if telephone and email exchanges are necessary. The processing delay may
cause the fraudster to hide themselves. Many fraudsters want instant gratification, and wish to remain
anonymous, so they will not reply to your emails requesting additional information.

Realtime Authorization

Authorization is a request send by the merchant to the card issuing bank to determine if sufficient
money is available for the payment or if the credit card has been reported as stolen or lost.This process
takes less than 5 seconds for the approval to take place.
Shared Negative History File
Merchants can exchange their negative historical database. Since this database has fraud data from
several merchants, using this file should reduce pattern specific frauds. However a bad customer for
one merchant may be good for another.

To top