Fraud Scoring Online Credit Card Transactions

Fraud scoring can be a powerful tool to help ecommerce merchants avoid online credit card fraud and chargebacks. Fraud scoring looks at each individual component of a credit card transaction to determine the probability that the transaction is unauthorized, fraudulent, or coming from a stolen credit card or credit card number. Many gateways include fraud scoring scripts. Merchants can also help themselves avoid fraud by knowing what to look for and knowing the relative value of each component of the transaction. Merchants must consider the results of their transaction authentication tools (checking AVS, CVV2, etc.), the behaviour of the buyer (what are they buying, where do they want it shipped, etc.), and how do these two factors interact with each other. Transactions with nothing wrong with them have a zero fraud score and are good to be completed. If there is one thing wrong with one component of the transaction, the transaction will have a low fraud score and the sale could be verified and completed. The more things that are wrong, the higher the fraud score, and the more a merchant should consider declining the sale.

Authentication Tools

3-D Secure

If you have implemented Verified by Visa and Mastercard Securecode 3-D Secure payer authentication, and a transaction by a cardholder enrolled in the program fails authentication, then the sale should be declined. When an enrolled card fails authentication, it means that the buyer has failed to provide the correct password for the card. This indicates that the card is not in the possession of the cardholder and therefore it’s possible the sale is unauthorized.

CVV2

Failure to enter the correct CVV2 should also trigger an automatic decline of the sale. The CVV2 is the 3 or 4 digit number appearing on the back of the card or on the front of the card after the card number. It is used in Card Not Present transactions to validate that the actual credit card is present and not just the credit card number. Lack of the correct CVV2 indicates that the card is not in the possession of the buyer and therefore it’s possible the sale is unauthorized.

AVS

Decline sales that failure to get at least a partial match on AVS. Even with a partial match, the transaction should still be reviewed before settlement.

PARTIAL AVS MATCH

This means that either the zip code or street number for the billing address of the credit card has failed. These transactions should be reviewed. If a partial AVS match is the only problem with the sale, the merchant can consider calling to verify the sale. If the transaction is scoring on other fraud indicators, then the merchant should consider declining the sa

GEO-IP ADDRESS: Non-US IP

Matches that yield a non-US IP, especially in known fraud areas, like Nigeria, Malaysia, etc., should be declined.

GEO-IP ADDRESS: Matches that yield a plausible mismatch.

This means that the mismatch could be the difference between, for example, a computer at home or at the workplace. It’s within a range of distance that could make sense: same town, same state, county, etc. The farther away the more likely it’s a problem. If it’s the only issue, the merchant can consider calling to confirm and verify the sale. If the transaction is scoring on other fraud indicators, then the merchant should consider declining the sale.

IP ADDRESS: Open Proxy and Anonymous IP Addresses

Anonymous open proxy IP addresses allow a buyer to conceal their identity or use another computer for an online transaction and hide their identity and location. The use of an open proxy could indicate organized fraudulent activity or the use of a zombie computer to commit fraud. Open proxy IP addresses are widely used in affiliate fraud and allow buyers to place orders anonymously. There are legitimate reasons to use an open proxy IP and some wireless internet connections and devices, such as plug-in "air cards" or modems, appear as an open proxy. If an open proxy is detected, always investigate further. If the transaction is scoring on other fraud indicators, then the merchant should consider declining the sale. 

Buyer Behaviour

INTERNATIONAL ORDERS

Unless selling internationally is part of the business plan, most merchants should avoid international orders. However, if it is part of the plan, these transactions should be thoroughly scrutinized. If they are not absolutely perfect, they should be declined. International orders to certain high risk countries should always be blocked: Nigeria, Iran, North Korea, Vietnam, etc.

SHIPPING ADDRESS

Anytime the customer requests shipping to an address that does not match the billing address of the credit card, the transaction must be verified prior to completing the sale and shipping product. If it’s the only problem with the sale and it can be confirmed, the merchant can consider completing the sale. If its one of several problems, then the merchant should lean toward declining the sale.

INCOMPLETE INFORMATION

Transactions missing order information such as phone numbers, email addresses, etc. should be reviewed. If there's only one thing missing and it can be confirmed, the merchant can consider completing the sale. If its one of several problems, then the merchant should lean toward declining the sale.

Unusually Large Orders

Transactions that seem too good to be true may very well be fraudulent. Often fraudsters will make large orders to get the most they can out of the stolen card or card number and also has a means to tempt the merchant into completing a sale against their better judgement. Your biggest sale of the year isn't going to be very profitable if its being shipped to Vietnam on a stolen credit card charge. Always confirm large orders.

Repeat Purchases and / or Attempts

Repeated attempts at a transaction can be an indicator that the buyer is testing a stolen card number to try and match it to a zip code, CVV2, etc. Lock out buyers after two or three attempts. Similarly, repeat orders from different cards from the same IP might be testing as well. Testers tend to to target low tickets.

Time of Order

Pay attention to when an order is placed. Always compare the time of purchase to the time zone of the billing address on the credit card. Purchases occurring at odd hours or outside of regular business hours can be an indicator of fraud. Nobody knows the business better than the merchant. Do customers normally order from the website at 3am? Does the website marketing strategy make it likely that the a customer would even be able to find your site at that time? Purchases made at hours when it would be assumed that the cardholder would be asleep or not shopping could mean that the sale is not authorized.

Free Email Addresses

Free email addresses are an indicator of fraud. Its not usually enough to pass on the sale by itself, but if its part of a pattern, consider declining

Know Your Customer

Merchants can often identify fraud by comparing the details of a suspect transaction to what they know about their legitimate customer base. Would a customer from that state or country normally buy your product or service? Does the purchase fit the season? Would someone really need that number or amount of product? If the profile does not match that of a typical customer, then always call to confirm the order.