There are two general approaches available. You can use software programs to automatically detect and screen through all of your transactions or you can manually check each transaction for possible fraud. Neither approach is perfect when used by itself. The automatic approach can sometimes flag or impede legitimate sales. While performing the manual checks for all transactions is ideal, there is a trade-off in merchant time and hassle, long-distance bills, and customer inconvenience.
MaxMind's minFraud enables you to combine both automatic and manual checks. MaxMind's service allows you to screen transactions automatically so that you can pay attention only to the transactions that are flagged as potentially fraudulent by the system. With this service, your business will save money and time, increase productivity, and maintain a high security guard against fraud.
Learn more about the various automated and manual checks you can perform to help reduce credit card fraud.
- Automated Checks:
- Manual Checks:
- Related Information:
Automated Checks available from minFraud
A potential risk of fraud can result from a discrepancy between a person's claimed location and the location of the computer he is making the transaction from. MaxMind services can authenticate the transaction by matching up the billing address of the card holder with their actual physical location, determined by examining their IP address*. Of course, the person could simply be travelling or using a business card issued to a company branch in a different city or even country.
Many fraudsters use a free email provider such as hotmail.com to remain anonymous. Of course many legitimate clients use free email as well. For business to business transactions, we recommend checking out the domain by typing "http://www." and the domain name into your browser and looking to see if the website looks like a legitimate business. For consumer purchases, of course this doesn't apply.
One of the ways fraudsters evade attempts to track them down is to use an Anonymous or Open Proxy. These proxies hide the true location of the client, like a mask would hide the identity of a bank robber in the real world. We have noticed a high number (around 26%) of our fraudulent purchases come from Open Proxies, and it is known that organized credit card fraud rings use Open Proxies.
On the other hand, legitimate orders do come from Open Proxies - usually these are orders where the user's computer has been unknowingly infected by a virus that allows spammers and credit card hackers to hijack their computer. In our experience about 4% of legitimate purchases come from Open Proxies, due to the widespread propagation of computer viruses. Our suggestion is to contact the customer to obtain more information.
Many international credit cards don't support address verification. Checking the Bank Identification Number (BIN) provides a way to see if the issuing bank for the credit card is in the same country as where the card holder is resident. Note that legitimate users sometimes do use a credit card from another country.
You can also ask the customer to provide the bank name and customer service phone number as listed on the credit card. This information can then be verified against the MaxMind database to see if it matches the information we have on record for the BIN. This provides an additional layer of protection by verifying that the user has physical possession of the credit card unless a fraudster found this information by accessing a compromised BIN name and phone number list.
This is one of the best ways of verifying whether the card holder authorized the purchase, the trade-off being that it is more time-consuming for you, the merchant. The way that it works is that you request the phone number as listed on the credit card account on your order form. You then validate this number by calling your merchant provider and/or the issuing bank for the credit card. Once you have obtained the valid card holder's number, you then call it and ask if they authorized the transaction. If they are the owner of the credit card and didn't authorize the transaction, suggest that they call their credit card company and report the card as stolen. Generally we recommend doing this for high value transactions or when the automated checks return a high fraud score. MaxMind's Telephone Verification service can automate the verification process.
This is another way of verifying the card holder, the trade-off being that it makes the customer do more work. The customer fills out an authorization form you provide, and then faxes it back to you with a signature and copies of the front and back of the credit card. For digital delivered goods, this is the best way to protect against "friendly" chargebacks, namely when the authorized card holder denies that they authorized the transaction.
Many merchants who accept credit cards also accept PayPal. In general we are as careful about accepting PayPal payments as we are with credit card payments. You can get chargebacks with PayPal, and furthermore, many PayPal accounts have been hijacked. We have had at least one payment from a hijacked account reversed. Fortunately we had noticed that they used the same IP address as a fraudulent credit card purchase, so we contacted the PayPal account holder and notified him that his account was hijacked. Generally PayPal accounts that have a hotmail or other free email address are risky, since often people will use the same password for both their hotmail and PayPal accounts, so the hijacker will have access to both the PayPal account and their email.
* For transparent proxies, you should obtain the IP address behind the proxy by examining the HTTP headers HTTP_X_FORWARDED_FOR and HTTP_CLIENT_IP. Our minFraud service supports passing these values using the forwardedIP input field.
Please send any feedback to firstname.lastname@example.org