The Right Combination of Tools at the Right Time
The chart below highlights credit card‘s layers of security by business type.
Other Fraud Prevention Solutions
Third Party Vendor Fraud Prevention Solution Providers offer a combination of leading technology and innovative tools for detection and prevention of fraud within the various card-not-present channels. These solutions are designed to help merchants protect their customers and brand by reducing fraud losses and making the Internet a safer place to conduct business. To obtain a list of fraud prevention solutions, contact your account manager.
Fraud Prevention for Card-Not-Present Merchants
Mail order/telephone order and Internet merchants must verify (to the greatest extent possible) the cardholder‘s identity and the validity of the transaction.
Basic fraud control actions include these key actions
- Obtain an authorization. Avoid using a $1 authorization to verify if the account is in good standing.
- For Internet transactions, use 3D Secure to authenticate the cardholder‘s identity at the time of purchase. Do not submit an authorization request for a transactions that has failed the authentication.
- Ask the customer for card expiration date and include it in your authorization request. An invalid or missing expiration date can be an indicator that the person does not have the actual card in hand.
- If participating in the CVV2 service, obtain the CVV2 three or four-digit code from the cardholder. An issuer-validated CVV2 code is a good indicator that the card is genuine.
- Where available, verify the cardholder‘s billing address via AVS. This helps to validate the cardholder‘s billing address directly with the issuer.
- Submit the authorization request with the cardholder‘s billing address and necessary CVV2 code information. The issuer will return a CVV2 and AVS result codes with the authorization.
- Perform internal screening or use a third-party tool to screen for questionable transaction data or other potential warning signs indicating out of pattern route transactions with higher risk characteristics for fraud review.
If You Suspect Fraud
- Ask the customer for day/evening phone numbers and then call the customer with any questions.
- Ask for additional information (e.g. bank name on front of card).
- Separately confirm the order by sending a note via the customer‘s billing address, rather than the ―ship to address
Potential Warning Signs of Card-Not-Present Fraud
Stay alert for the following fraud indicators. When more than one of the following statements is true during a card-not-present transaction, fraud might be involved. Follow up just in case.
- Startup companies: Criminals are always looking for new merchants to steal from.
- Larger-than-normal orders: Because stolen cards or account numbers have a limited life span, criminals need to maximize the size of their purchase.
- Orders that include several varieties of the same item: Having multiples of the same item increases criminal‘s profits.
- Orders made up of big-ticket items: These items have maximum resale value and therefore maximum profit potential.
- Rush or overnight shipping: Criminals want their fraudulently obtained items as soon as possible for the quickest possible resale and aren‘t concerned about extra delivery charges.
- Shipping outside of the merchant‘s country: There are times when fraudulent transactions are asked to be shipped to fraudulent criminals outside of the home country.
- Transactions with similar account numbers: May indicate the credit card numbers used have been generated using software available on the Internet.
- Shipping to a single address, but transactions placed on multiple cards: it could involve an account number generated using special software, or even a batch of stolen cards.
- Multiple transactions on one card over a very short period of time: Could be an attempt to run a card until the account is closed.
- Multiple transactions on one card or a similar card with a single billing address, but multiple shipping addresses: Could represent organized activity, rather than one individual at work.
- For online transactions, multiple cards used from a single IP (Internet Protocol) address: More than one or two cards could indicate a fraud scheme.
- Orders from Internet addresses that make use of free e-mail services: These e-mail services involve no billing relationships, and often neither an audit trail nor verification that a legitimate cardholder has opened the account.