These are the measures taken by CardPay which is a payment gateway to rate fraud. It wouldn?t be really hard to imagine that other gateways take the same measures. Although we all know the rules of thumbs, I thought it would be interesting to see what they *actually* measure to evaluate high risk of fraud. The amount of information that they actually collect is mind blowing.
Fraud Screening system of CardPay Inc. Payment gateway performs comprehensive analysis of transaction data, using several techniques simultaneously. Data from external systems used during screening process, also as internal transactions history and various lists.
Transaction passes through so called ?pipeline?, consisting of following steps:
Rules system
Card and cardholder?s data analysis using automated fraud screening service
Multivariate regression analysis of in-house transactions database.
The above mentioned subsystems are described in more details in the following section.
Rules system: Fraud rules logic implemented in stored procedures by Oracle DBMS, which enables adding and modifying rules without service downtime. Before passing order through rules chain, additional information retrieved from MaxMind credit card fraud prevention service. MaxMind returns to gateway following data:
Cardholder located in high-risk country. At a moment following countries recognized as high risk: Egypt, Ghana, Indonesia, Lebanon, Macedonia, Morocco, Nigeria, Pakistan, Romania, Serbia and Montenegro, Ukraine, or Vietnam.
Whether country of IP address matches billing address country (mismatch = higher risk)
Country Code of the IP address
Distance from IP address to Billing Location in kilometers (large distance = higher risk)
Estimated State/Region of the IP address
Estimated City of the IP address
Estimated Latitude of the IP address
Estimated Longitude of the IP address
ISP of the IP address
Organization of the IP address
Whether IP address is behind an anonymous proxy(anonymous proxy = very high risk)
Likelihood of IP Address being an open proxy(transparent)
Whether e-mail is from free e-mail provider
Whether e-mail is in database of high risk e-mails
Whether usernameMD5 input is in database of high risk usernames.
Whether passwordMD5 input is in database of high risk passwords.
Whether country of issuing bank based on BIN number matches billing address country
Country Code of the bank which issued the credit card based on BIN number
Whether name of issuing bank matches entered BIN name. A return value of Yes provides a positive indication that cardholder is in possession of credit card
Name of the bank which issued the credit card based on BIN number
Whether customer service phone number matches BIN phone. A return value of Yes provides a positive indication that cardholder is in possession of credit card.
Customer service phone number listed on back of credit card.
Whether the customer phone number is in the billing zip code.
Whether shipping address is in database of known mail drops.
Whether billing city and state match ZIP code.
Whether shipping city and state match ZIP code.
After gathering of all data, rules in chain applies to order data sequentially, increasing or decreasing total fraud score.
Rules chain consists of following rules:
Cardholder country rating(global list)
Cardholder country rating(as set up by merchant)
Cardholders IP found in black lists
Cardholders IP range found in black list
Cardholders email found in merchants black list
Cardholders email found in global black list
Cardholders email found in forbidden email providers list
Card PAN doesnt present in global black list
Card PAN doesnt present in merchants black list
Cardholders address not in global black list
Cardholders address not in merchants black list
Order amount doesnt exceeds global purchase limit
Order amount doesnt exceeds local(merchant) purchase limit
Single PAN daily turnover doesnt exceeds global daily limit
Single PAN daily turnover doesnt exceeds local(merchant) daily limit
Billing address daily turnover doesnt exceeds global daily limit
Billing address daily turnover doesnt exceeds local(merchant) daily limit
PAN number brute force check
Expiry date brute force check
CVV brute force check
This is base rules set. Our fraud officer constantly monitors transaction flow and modifies existing rules and implements new ones to gain maximum fraud prevention efficiency.
Transaction history analysis(in-house service): After successful rules checking, transaction data verified against pool of existing transactions, enabling most accurate results and fraud decisions possible. If this routine detects no reasons to block further processing.
Transaction history analysis(external service): If in-house transaction history doesn?t shows signs of fraud, external database enters into business.
Online Verification Procedures Over the years, I?ve come across dozens of procedure lists for top-tier merchants regarding online transations and fraud reduction. I?ll detail several companies verification procedures below.
While most virtual carders are aware of the various procedures in place to verify orders placed online, few actually understand the implementation of fraud scoring, and the order in which these verification methods are used. The Risk Management Toolkit
AVS
CVV
IP/GEO/BIN
Cardholder Authentication (VbV/MSC)
Phone Verifications
Manual Order Reviews
Chargebacks & Representments
PCI Compliance & Data Security
AVS ? Address Verification Service
How It Works
Provides a Match or Non-Match Result for only the Billing Street # and Billing Zip Code? not the actual address. (i.e. ?1234 Test Street? is parsed into ?1234? just the same as ?1234 Wrong Way? would be).
Implementation
Available on any Internet merchant account and virtually any Payment Gateway.
Most gateways provide an AVS configuration area where you can specify whether you want to automatically?decline? (i.e. do not settle) an authorization that has an AVS mis-match or non-match.
Benefits
Easy to implement
Limitations
Works only for U.S., CND, U.K. cardholders so this does not help you scrub most international transactions.
A growing % of compromised credit cards ? especially those obtained through inside jobs or hacked databases? will also contain the necessary information to provide a valid AVS match result.
Recommendation
If you handle a mix of int?l and U.S. sales, you will want consider scrubbing with AVS on the U.S. transactions but do NOT scrub via AVS for any international transactions as they will always fail. AVS should not beconsidered a primary means of verifying the validity of a transaction. Nearly 20% of the fraud can potentially be eliminated by scrubbing ?Non-Matched? AVS match results.
CVV ? Card Verification Value
How It Works
A service with many names ? CVV2, CVC2, CID ? but the premise is the same for all.
Provides a Match or Non-Match Result for the 3-digit or 4-digit number embossed on the back of the cardholder?s card. The CVV is NOT generally encoded on the magnetic stripe and therefore is less likely to be captured as part of a card skimming tactic.
Implementation
Available on any Internet merchant account and virtually any Payment Gateway.
Most gateways provide an CVV configuration area where you can specify whether you want to automatically ?decline? (i.e. do notsettle) an authorization that has an CVV non-match or non-entry.
Benefits
Works for virtually ALL cardholder accounts ? both U.S. and international.
There is no valid reason why a legitimate cardholder, in possession of the card, would not be able to enter a 100% matching numberfor this.
Merchants are not allowed to store CVV and as such the CVV # is less vulnerable than the data used for AVS.
Limitations
CVV data can only be used for a real-time transaction. CVV data can not be stored and therefore can not be utilized for Recurring Transactions.
Recommendation
CVV is a recommended service to utilize for ALL initial transactions processed. Based on our internal charge-back analysis, merchants can reduce their fraud ratesby as much as 70% by simply requiring a matching CVV result.
IP/GEO/BIN Scrubbing
How It Works
Compares the IP address of the customer purchasing with their stated geographic location (i.e. why is the customer from California ordering from Europe?)
Compares the BIN # (first 6 digits) of the credit card with the IP or stated geographic location of the customer (i.e. the customer isusing an US-issued credit card but they are from Europe?)
Based on the IP and BIN # and other customer-inputted data, a vast amount of information can be returned on the transaction.
Implementation
Custom direct integration into a service such as MaxMind.com
Use an existing integration that is part of a Shopping Cart such as X-Cart, LiteCommerce, osCommerce, ZenCart,ASPDotNetStorefront.
Use an existing integration that is part of a Billing System such as WHMCompleteSolution, ClientExec or Ubersmith.
Use an existing integration that is part of a Payment Gateway such as the Quantum Payment Gateway.
Benefits
Fast, Cost Effective and Non-Intrusive
Provides merchants with an excellent ?do the pieces fit consistently?? analysis.
Can block up to 89% of all fraud if properly implemented
Limitations
Generally not reliable for AOL users due to the way that AOL routes its traffic (AOL users require a merchant-specific approach)
Proxy database is always in a real-time process of being updated as new proxies open up.
Recommendation
IP/GEO/BIN fraud scores should be used in the order evaluation process more as a means of flagging transactions as ?high risk? formore intensive scrubbing vs. being an outright decline.
Examples of what IP Geo-Location can tell you:
YELLOW ALERTS
Free E-mail Address: is the user ordering from a free e-mail address?
Customer Phone #: does the customer phone # match the user?s billing location? (Only for U.S.)
BIN Country Match: does the BIN # from the card match the country the user states they are in?
BIN Issuing Bank Name: does the user?s inputted name for the bank match the database for that BIN?
BIN Phone Match: does the customer service phone # given by the user match the database for that BIN?
RED ALERTS
Country Match: does the country that the user is ordering from match where they state they are ordering from?
High Risk Country: is the user ordering from one of the designated high risk countries?
Anonymous Proxy & Proxy Score: what is the likelihood that the user is utilizing an anonymous proxy?
Carder E-mail: is the user ordering from an e-mail address that has been used for fraudulent orders?
High Risk Username/Passwords: is the user utilizing a username or password used previously for fraud?
Ship Forwarding Address: is the user specifying a known drop shipping address
IP/GEO/BIN Scrubbing (Continued)
Open/Anonymous Proxies: an open proxy is often a compromised ?zombie? computer running a proxy service that was installed by a computer virus or hacker. The computer is then used to commit credit card fraud or other illegal activity. In some circumstances, an open proxy may be a legitimate anonymizing service that is simply recycling its IP addresses. Detecting anonymous proxies is always an on going battle as new ones pop up and may remain undetected for some time.
26% of orders placed with from open proxies on the MaxMind min Fraud service ended up being fraudulent. Extra verification steps are strongly recommended for any transaction originating from anopen/anonymous proxy.
High-Risk Countries: these are countries that have a disproportionate amount of fraudulent orders, specificallyEgypt, Ghana, Indonesia, Lebanon, Macedonia, Morocco,Nigeria, Pakistan, Romania, Serbia and Montenegro, Ukraine and Vietnam. 32% of orders placed through the MaxMind min Fraud service from high-risk countries were fraudulent. Extra verification steps should be required for any transaction originating from a high risk country.
Country Mismatch: this takes place when the IP geolocation country of the customer does not match their billing country. 21% of orders placed with a country mismatch on the MaxMind m******* service ended up being fraudulent. Extra verification steps are recommended for any transaction with a country mismatch.
Results that speak for themselves:
ChangeIP ? is a DNS and domain name registration provider. The company provides free and custom Dynamic DNS services to more than 50,000 users. Before implementing MaxMind, ChangeIP was losing as much as $1,000 per month because it sold instantly delivered digital goods and could not recover the losses if the purchase turned out to be fraudulent. After implementing MaxMind, losses were reduced by 90%.
MeccaHosting ? is a Web hosting company based in Colorado. Since integrating MaxMind, Mecca Hosting has not received a single chargeback. On average, 12-15 fraudulent orders pass through the in-house checks each month but are flagged by MaxMind. Over the last 5 months, this has saved MeccaHosting atleast 60 chargebacks and $6,000 in unnecessary costs.
Red Fox UK ? is a Web hosting provider and software development company based in the UK which offers solutions for smalland medium sized businesses all over the world. By using MaxMind, Red Fox UK was able to increase its revenue by 4% while reducing its chargebacks by 90%.
365 Inc. ? is a digital media and e-tailer specializing in soccer & rugby with a large international customer base that processes over 10,000 transactions per month. By integrating MaxMind, chargebacks were reduced byover 96% from more than $10,000 per month to less than $500 per month. At this point, most charge backs are general order disputes as opposed to fraud.Post What the CC payment gateways check for fraud [snoopy666]
Hi everyone !!! I found this tuto in hackbb wiki it's really interesting for the newbees like me
enjoy :
These are the measures taken by CardPay which is a payment gateway to rate fraud. It wouldn?t be really hard to imagine that other gateways take the same measures. Although we all know the rules of thumbs, I thought it would be interesting to see what they *actually* measure to evaluate high risk of fraud. The amount of information that they actually collect is mind blowing.
Fraud Screening system of CardPay Inc. Payment gateway performs comprehensive analysis of transaction data, using several techniques simultaneously. Data from external systems used during screening process, also as internal transactions history and various lists.
Transaction passes through so called ?pipeline?, consisting of following steps:
Rules system
Card and cardholder?s data analysis using automated fraud screening service
Multivariate regression analysis of in-house transactions database.
The above mentioned subsystems are described in more details in the following section.
Rules system: Fraud rules logic implemented in stored procedures by Oracle DBMS, which enables adding and modifying rules without service downtime. Before passing order through rules chain, additional information retrieved from MaxMind credit card fraud prevention service. MaxMind returns to gateway following data:
Cardholder located in high-risk country. At a moment following countries recognized as high risk: Egypt, Ghana, Indonesia, Lebanon, Macedonia, Morocco, Nigeria, Pakistan, Romania, Serbia and Montenegro, Ukraine, or Vietnam.
Whether country of IP address matches billing address country (mismatch = higher risk)
Country Code of the IP address
Distance from IP address to Billing Location in kilometers (large distance = higher risk)
Estimated State/Region of the IP address
Estimated City of the IP address
Estimated Latitude of the IP address
Estimated Longitude of the IP address
ISP of the IP address
Organization of the IP address
Whether IP address is behind an anonymous proxy(anonymous proxy = very high risk)
Likelihood of IP Address being an open proxy(transparent)
Whether e-mail is from free e-mail provider
Whether e-mail is in database of high risk e-mails
Whether usernameMD5 input is in database of high risk usernames.
Whether passwordMD5 input is in database of high risk passwords.
Whether country of issuing bank based on BIN number matches billing address country
Country Code of the bank which issued the credit card based on BIN number
Whether name of issuing bank matches entered BIN name. A return value of Yes provides a positive indication that cardholder is in possession of credit card
Name of the bank which issued the credit card based on BIN number
Whether customer service phone number matches BIN phone. A return value of Yes provides a positive indication that cardholder is in possession of credit card.
Customer service phone number listed on back of credit card.
Whether the customer phone number is in the billing zip code.
Whether shipping address is in database of known mail drops.
Whether billing city and state match ZIP code.
Whether shipping city and state match ZIP code.
After gathering of all data, rules in chain applies to order data sequentially, increasing or decreasing total fraud score.
Rules chain consists of following rules:
Cardholder country rating(global list)
Cardholder country rating(as set up by merchant)
Cardholders IP found in black lists
Cardholders IP range found in black list
Cardholders email found in merchants black list
Cardholders email found in global black list
Cardholders email found in forbidden email providers list
Card PAN doesnt present in global black list
Card PAN doesnt present in merchants black list
Cardholders address not in global black list
Cardholders address not in merchants black list
Order amount doesnt exceeds global purchase limit
Order amount doesnt exceeds local(merchant) purchase limit
Single PAN daily turnover doesnt exceeds global daily limit
Single PAN daily turnover doesnt exceeds local(merchant) daily limit
Billing address daily turnover doesnt exceeds global daily limit
Billing address daily turnover doesnt exceeds local(merchant) daily limit
PAN number brute force check
Expiry date brute force check
CVV brute force check
This is base rules set. Our fraud officer constantly monitors transaction flow and modifies existing rules and implements new ones to gain maximum fraud prevention efficiency.
Transaction history analysis(in-house service): After successful rules checking, transaction data verified against pool of existing transactions, enabling most accurate results and fraud decisions possible. If this routine detects no reasons to block further processing.
Transaction history analysis(external service): If in-house transaction history doesn?t shows signs of fraud, external database enters into business.
Online Verification Procedures Over the years, I?ve come across dozens of procedure lists for top-tier merchants regarding online transations and fraud reduction. I?ll detail several companies verification procedures below.
While most virtual carders are aware of the various procedures in place to verify orders placed online, few actually understand the implementation of fraud scoring, and the order in which these verification methods are used. The Risk Management Toolkit
AVS
CVV
IP/GEO/BIN
Cardholder Authentication (VbV/MSC)
Phone Verifications
Manual Order Reviews
Chargebacks & Representments
PCI Compliance & Data Security
AVS ? Address Verification Service
How It Works
Provides a Match or Non-Match Result for only the Billing Street # and Billing Zip Code? not the actual address. (i.e. ?1234 Test Street? is parsed into ?1234? just the same as ?1234 Wrong Way? would be).
Implementation
Available on any Internet merchant account and virtually any Payment Gateway.
Most gateways provide an AVS configuration area where you can specify whether you want to automatically?decline? (i.e. do not settle) an authorization that has an AVS mis-match or non-match.
Benefits
Easy to implement
Limitations
Works only for U.S., CND, U.K. cardholders so this does not help you scrub most international transactions.
A growing % of compromised credit cards ? especially those obtained through inside jobs or hacked databases? will also contain the necessary information to provide a valid AVS match result.
Recommendation
If you handle a mix of int?l and U.S. sales, you will want consider scrubbing with AVS on the U.S. transactions but do NOT scrub via AVS for any international transactions as they will always fail. AVS should not beconsidered a primary means of verifying the validity of a transaction. Nearly 20% of the fraud can potentially be eliminated by scrubbing ?Non-Matched? AVS match results.
CVV ? Card Verification Value
How It Works
A service with many names ? CVV2, CVC2, CID ? but the premise is the same for all.
Provides a Match or Non-Match Result for the 3-digit or 4-digit number embossed on the back of the cardholder?s card. The CVV is NOT generally encoded on the magnetic stripe and therefore is less likely to be captured as part of a card skimming tactic.
Implementation
Available on any Internet merchant account and virtually any Payment Gateway.
Most gateways provide an CVV configuration area where you can specify whether you want to automatically ?decline? (i.e. do notsettle) an authorization that has an CVV non-match or non-entry.
Benefits
Works for virtually ALL cardholder accounts ? both U.S. and international.
There is no valid reason why a legitimate cardholder, in possession of the card, would not be able to enter a 100% matching numberfor this.
Merchants are not allowed to store CVV and as such the CVV # is less vulnerable than the data used for AVS.
Limitations
CVV data can only be used for a real-time transaction. CVV data can not be stored and therefore can not be utilized for Recurring Transactions.
Recommendation
CVV is a recommended service to utilize for ALL initial transactions processed. Based on our internal charge-back analysis, merchants can reduce their fraud ratesby as much as 70% by simply requiring a matching CVV result.
IP/GEO/BIN Scrubbing
How It Works
Compares the IP address of the customer purchasing with their stated geographic location (i.e. why is the customer from California ordering from Europe?)
Compares the BIN # (first 6 digits) of the credit card with the IP or stated geographic location of the customer (i.e. the customer isusing an US-issued credit card but they are from Europe?)
Based on the IP and BIN # and other customer-inputted data, a vast amount of information can be returned on the transaction.
Implementation
Custom direct integration into a service such as MaxMind.com
Use an existing integration that is part of a Shopping Cart such as X-Cart, LiteCommerce, osCommerce, ZenCart,ASPDotNetStorefront.
Use an existing integration that is part of a Billing System such as WHMCompleteSolution, ClientExec or Ubersmith.
Use an existing integration that is part of a Payment Gateway such as the Quantum Payment Gateway.
Benefits
Fast, Cost Effective and Non-Intrusive
Provides merchants with an excellent ?do the pieces fit consistently?? analysis.
Can block up to 89% of all fraud if properly implemented
Limitations
Generally not reliable for AOL users due to the way that AOL routes its traffic (AOL users require a merchant-specific approach)
Proxy database is always in a real-time process of being updated as new proxies open up.
Recommendation
IP/GEO/BIN fraud scores should be used in the order evaluation process more as a means of flagging transactions as ?high risk? formore intensive scrubbing vs. being an outright decline.
Examples of what IP Geo-Location can tell you:
YELLOW ALERTS
Free E-mail Address: is the user ordering from a free e-mail address?
Customer Phone #: does the customer phone # match the user?s billing location? (Only for U.S.)
BIN Country Match: does the BIN # from the card match the country the user states they are in?
BIN Issuing Bank Name: does the user?s inputted name for the bank match the database for that BIN?
BIN Phone Match: does the customer service phone # given by the user match the database for that BIN?
RED ALERTS
Country Match: does the country that the user is ordering from match where they state they are ordering from?
High Risk Country: is the user ordering from one of the designated high risk countries?
Anonymous Proxy & Proxy Score: what is the likelihood that the user is utilizing an anonymous proxy?
Carder E-mail: is the user ordering from an e-mail address that has been used for fraudulent orders?
High Risk Username/Passwords: is the user utilizing a username or password used previously for fraud?
Ship Forwarding Address: is the user specifying a known drop shipping address
IP/GEO/BIN Scrubbing (Continued)
Open/Anonymous Proxies: an open proxy is often a compromised ?zombie? computer running a proxy service that was installed by a computer virus or hacker. The computer is then used to commit credit card fraud or other illegal activity. In some circumstances, an open proxy may be a legitimate anonymizing service that is simply recycling its IP addresses. Detecting anonymous proxies is always an on going battle as new ones pop up and may remain undetected for some time.
26% of orders placed with from open proxies on the MaxMind min Fraud service ended up being fraudulent. Extra verification steps are strongly recommended for any transaction originating from anopen/anonymous proxy.
High-Risk Countries: these are countries that have a disproportionate amount of fraudulent orders, specificallyEgypt, Ghana, Indonesia, Lebanon, Macedonia, Morocco,Nigeria, Pakistan, Romania, Serbia and Montenegro, Ukraine and Vietnam. 32% of orders placed through the MaxMind min Fraud service from high-risk countries were fraudulent. Extra verification steps should be required for any transaction originating from a high risk country.
Country Mismatch: this takes place when the IP geolocation country of the customer does not match their billing country. 21% of orders placed with a country mismatch on the MaxMind m******* service ended up being fraudulent. Extra verification steps are recommended for any transaction with a country mismatch.
Results that speak for themselves:
ChangeIP ? is a DNS and domain name registration provider. The company provides free and custom Dynamic DNS services to more than 50,000 users. Before implementing MaxMind, ChangeIP was losing as much as $1,000 per month because it sold instantly delivered digital goods and could not recover the losses if the purchase turned out to be fraudulent. After implementing MaxMind, losses were reduced by 90%.
MeccaHosting ? is a Web hosting company based in Colorado. Since integrating MaxMind, Mecca Hosting has not received a single chargeback. On average, 12-15 fraudulent orders pass through the in-house checks each month but are flagged by MaxMind. Over the last 5 months, this has saved MeccaHosting atleast 60 chargebacks and $6,000 in unnecessary costs.
Red Fox UK ? is a Web hosting provider and software development company based in the UK which offers solutions for smalland medium sized businesses all over the world. By using MaxMind, Red Fox UK was able to increase its revenue by 4% while reducing its chargebacks by 90%.
365 Inc. ? is a digital media and e-tailer specializing in soccer & rugby with a large international customer base that processes over 10,000 transactions per month. By integrating MaxMind, chargebacks were reduced byover 96% from more than $10,000 per month to less than $500 per month. At this point, most charge backs are general order disputes as opposed to fraud.
Fraud Screening system of CardPay Inc. Payment gateway performs comprehensive analysis of transaction data, using several techniques simultaneously. Data from external systems used during screening process, also as internal transactions history and various lists.
Transaction passes through so called ?pipeline?, consisting of following steps:
Rules system
Card and cardholder?s data analysis using automated fraud screening service
Multivariate regression analysis of in-house transactions database.
The above mentioned subsystems are described in more details in the following section.
Rules system: Fraud rules logic implemented in stored procedures by Oracle DBMS, which enables adding and modifying rules without service downtime. Before passing order through rules chain, additional information retrieved from MaxMind credit card fraud prevention service. MaxMind returns to gateway following data:
Cardholder located in high-risk country. At a moment following countries recognized as high risk: Egypt, Ghana, Indonesia, Lebanon, Macedonia, Morocco, Nigeria, Pakistan, Romania, Serbia and Montenegro, Ukraine, or Vietnam.
Whether country of IP address matches billing address country (mismatch = higher risk)
Country Code of the IP address
Distance from IP address to Billing Location in kilometers (large distance = higher risk)
Estimated State/Region of the IP address
Estimated City of the IP address
Estimated Latitude of the IP address
Estimated Longitude of the IP address
ISP of the IP address
Organization of the IP address
Whether IP address is behind an anonymous proxy(anonymous proxy = very high risk)
Likelihood of IP Address being an open proxy(transparent)
Whether e-mail is from free e-mail provider
Whether e-mail is in database of high risk e-mails
Whether usernameMD5 input is in database of high risk usernames.
Whether passwordMD5 input is in database of high risk passwords.
Whether country of issuing bank based on BIN number matches billing address country
Country Code of the bank which issued the credit card based on BIN number
Whether name of issuing bank matches entered BIN name. A return value of Yes provides a positive indication that cardholder is in possession of credit card
Name of the bank which issued the credit card based on BIN number
Whether customer service phone number matches BIN phone. A return value of Yes provides a positive indication that cardholder is in possession of credit card.
Customer service phone number listed on back of credit card.
Whether the customer phone number is in the billing zip code.
Whether shipping address is in database of known mail drops.
Whether billing city and state match ZIP code.
Whether shipping city and state match ZIP code.
After gathering of all data, rules in chain applies to order data sequentially, increasing or decreasing total fraud score.
Rules chain consists of following rules:
Cardholder country rating(global list)
Cardholder country rating(as set up by merchant)
Cardholders IP found in black lists
Cardholders IP range found in black list
Cardholders email found in merchants black list
Cardholders email found in global black list
Cardholders email found in forbidden email providers list
Card PAN doesnt present in global black list
Card PAN doesnt present in merchants black list
Cardholders address not in global black list
Cardholders address not in merchants black list
Order amount doesnt exceeds global purchase limit
Order amount doesnt exceeds local(merchant) purchase limit
Single PAN daily turnover doesnt exceeds global daily limit
Single PAN daily turnover doesnt exceeds local(merchant) daily limit
Billing address daily turnover doesnt exceeds global daily limit
Billing address daily turnover doesnt exceeds local(merchant) daily limit
PAN number brute force check
Expiry date brute force check
CVV brute force check
This is base rules set. Our fraud officer constantly monitors transaction flow and modifies existing rules and implements new ones to gain maximum fraud prevention efficiency.
Transaction history analysis(in-house service): After successful rules checking, transaction data verified against pool of existing transactions, enabling most accurate results and fraud decisions possible. If this routine detects no reasons to block further processing.
Transaction history analysis(external service): If in-house transaction history doesn?t shows signs of fraud, external database enters into business.
Online Verification Procedures Over the years, I?ve come across dozens of procedure lists for top-tier merchants regarding online transations and fraud reduction. I?ll detail several companies verification procedures below.
While most virtual carders are aware of the various procedures in place to verify orders placed online, few actually understand the implementation of fraud scoring, and the order in which these verification methods are used. The Risk Management Toolkit
AVS
CVV
IP/GEO/BIN
Cardholder Authentication (VbV/MSC)
Phone Verifications
Manual Order Reviews
Chargebacks & Representments
PCI Compliance & Data Security
AVS ? Address Verification Service
How It Works
Provides a Match or Non-Match Result for only the Billing Street # and Billing Zip Code? not the actual address. (i.e. ?1234 Test Street? is parsed into ?1234? just the same as ?1234 Wrong Way? would be).
Implementation
Available on any Internet merchant account and virtually any Payment Gateway.
Most gateways provide an AVS configuration area where you can specify whether you want to automatically?decline? (i.e. do not settle) an authorization that has an AVS mis-match or non-match.
Benefits
Easy to implement
Limitations
Works only for U.S., CND, U.K. cardholders so this does not help you scrub most international transactions.
A growing % of compromised credit cards ? especially those obtained through inside jobs or hacked databases? will also contain the necessary information to provide a valid AVS match result.
Recommendation
If you handle a mix of int?l and U.S. sales, you will want consider scrubbing with AVS on the U.S. transactions but do NOT scrub via AVS for any international transactions as they will always fail. AVS should not beconsidered a primary means of verifying the validity of a transaction. Nearly 20% of the fraud can potentially be eliminated by scrubbing ?Non-Matched? AVS match results.
CVV ? Card Verification Value
How It Works
A service with many names ? CVV2, CVC2, CID ? but the premise is the same for all.
Provides a Match or Non-Match Result for the 3-digit or 4-digit number embossed on the back of the cardholder?s card. The CVV is NOT generally encoded on the magnetic stripe and therefore is less likely to be captured as part of a card skimming tactic.
Implementation
Available on any Internet merchant account and virtually any Payment Gateway.
Most gateways provide an CVV configuration area where you can specify whether you want to automatically ?decline? (i.e. do notsettle) an authorization that has an CVV non-match or non-entry.
Benefits
Works for virtually ALL cardholder accounts ? both U.S. and international.
There is no valid reason why a legitimate cardholder, in possession of the card, would not be able to enter a 100% matching numberfor this.
Merchants are not allowed to store CVV and as such the CVV # is less vulnerable than the data used for AVS.
Limitations
CVV data can only be used for a real-time transaction. CVV data can not be stored and therefore can not be utilized for Recurring Transactions.
Recommendation
CVV is a recommended service to utilize for ALL initial transactions processed. Based on our internal charge-back analysis, merchants can reduce their fraud ratesby as much as 70% by simply requiring a matching CVV result.
IP/GEO/BIN Scrubbing
How It Works
Compares the IP address of the customer purchasing with their stated geographic location (i.e. why is the customer from California ordering from Europe?)
Compares the BIN # (first 6 digits) of the credit card with the IP or stated geographic location of the customer (i.e. the customer isusing an US-issued credit card but they are from Europe?)
Based on the IP and BIN # and other customer-inputted data, a vast amount of information can be returned on the transaction.
Implementation
Custom direct integration into a service such as MaxMind.com
Use an existing integration that is part of a Shopping Cart such as X-Cart, LiteCommerce, osCommerce, ZenCart,ASPDotNetStorefront.
Use an existing integration that is part of a Billing System such as WHMCompleteSolution, ClientExec or Ubersmith.
Use an existing integration that is part of a Payment Gateway such as the Quantum Payment Gateway.
Benefits
Fast, Cost Effective and Non-Intrusive
Provides merchants with an excellent ?do the pieces fit consistently?? analysis.
Can block up to 89% of all fraud if properly implemented
Limitations
Generally not reliable for AOL users due to the way that AOL routes its traffic (AOL users require a merchant-specific approach)
Proxy database is always in a real-time process of being updated as new proxies open up.
Recommendation
IP/GEO/BIN fraud scores should be used in the order evaluation process more as a means of flagging transactions as ?high risk? formore intensive scrubbing vs. being an outright decline.
Examples of what IP Geo-Location can tell you:
YELLOW ALERTS
Free E-mail Address: is the user ordering from a free e-mail address?
Customer Phone #: does the customer phone # match the user?s billing location? (Only for U.S.)
BIN Country Match: does the BIN # from the card match the country the user states they are in?
BIN Issuing Bank Name: does the user?s inputted name for the bank match the database for that BIN?
BIN Phone Match: does the customer service phone # given by the user match the database for that BIN?
RED ALERTS
Country Match: does the country that the user is ordering from match where they state they are ordering from?
High Risk Country: is the user ordering from one of the designated high risk countries?
Anonymous Proxy & Proxy Score: what is the likelihood that the user is utilizing an anonymous proxy?
Carder E-mail: is the user ordering from an e-mail address that has been used for fraudulent orders?
High Risk Username/Passwords: is the user utilizing a username or password used previously for fraud?
Ship Forwarding Address: is the user specifying a known drop shipping address
IP/GEO/BIN Scrubbing (Continued)
Open/Anonymous Proxies: an open proxy is often a compromised ?zombie? computer running a proxy service that was installed by a computer virus or hacker. The computer is then used to commit credit card fraud or other illegal activity. In some circumstances, an open proxy may be a legitimate anonymizing service that is simply recycling its IP addresses. Detecting anonymous proxies is always an on going battle as new ones pop up and may remain undetected for some time.
26% of orders placed with from open proxies on the MaxMind min Fraud service ended up being fraudulent. Extra verification steps are strongly recommended for any transaction originating from anopen/anonymous proxy.
High-Risk Countries: these are countries that have a disproportionate amount of fraudulent orders, specificallyEgypt, Ghana, Indonesia, Lebanon, Macedonia, Morocco,Nigeria, Pakistan, Romania, Serbia and Montenegro, Ukraine and Vietnam. 32% of orders placed through the MaxMind min Fraud service from high-risk countries were fraudulent. Extra verification steps should be required for any transaction originating from a high risk country.
Country Mismatch: this takes place when the IP geolocation country of the customer does not match their billing country. 21% of orders placed with a country mismatch on the MaxMind m******* service ended up being fraudulent. Extra verification steps are recommended for any transaction with a country mismatch.
Results that speak for themselves:
ChangeIP ? is a DNS and domain name registration provider. The company provides free and custom Dynamic DNS services to more than 50,000 users. Before implementing MaxMind, ChangeIP was losing as much as $1,000 per month because it sold instantly delivered digital goods and could not recover the losses if the purchase turned out to be fraudulent. After implementing MaxMind, losses were reduced by 90%.
MeccaHosting ? is a Web hosting company based in Colorado. Since integrating MaxMind, Mecca Hosting has not received a single chargeback. On average, 12-15 fraudulent orders pass through the in-house checks each month but are flagged by MaxMind. Over the last 5 months, this has saved MeccaHosting atleast 60 chargebacks and $6,000 in unnecessary costs.
Red Fox UK ? is a Web hosting provider and software development company based in the UK which offers solutions for smalland medium sized businesses all over the world. By using MaxMind, Red Fox UK was able to increase its revenue by 4% while reducing its chargebacks by 90%.
365 Inc. ? is a digital media and e-tailer specializing in soccer & rugby with a large international customer base that processes over 10,000 transactions per month. By integrating MaxMind, chargebacks were reduced byover 96% from more than $10,000 per month to less than $500 per month. At this point, most charge backs are general order disputes as opposed to fraud.Post What the CC payment gateways check for fraud [snoopy666]
Hi everyone !!! I found this tuto in hackbb wiki it's really interesting for the newbees like me
enjoy :
These are the measures taken by CardPay which is a payment gateway to rate fraud. It wouldn?t be really hard to imagine that other gateways take the same measures. Although we all know the rules of thumbs, I thought it would be interesting to see what they *actually* measure to evaluate high risk of fraud. The amount of information that they actually collect is mind blowing.
Fraud Screening system of CardPay Inc. Payment gateway performs comprehensive analysis of transaction data, using several techniques simultaneously. Data from external systems used during screening process, also as internal transactions history and various lists.
Transaction passes through so called ?pipeline?, consisting of following steps:
Rules system
Card and cardholder?s data analysis using automated fraud screening service
Multivariate regression analysis of in-house transactions database.
The above mentioned subsystems are described in more details in the following section.
Rules system: Fraud rules logic implemented in stored procedures by Oracle DBMS, which enables adding and modifying rules without service downtime. Before passing order through rules chain, additional information retrieved from MaxMind credit card fraud prevention service. MaxMind returns to gateway following data:
Cardholder located in high-risk country. At a moment following countries recognized as high risk: Egypt, Ghana, Indonesia, Lebanon, Macedonia, Morocco, Nigeria, Pakistan, Romania, Serbia and Montenegro, Ukraine, or Vietnam.
Whether country of IP address matches billing address country (mismatch = higher risk)
Country Code of the IP address
Distance from IP address to Billing Location in kilometers (large distance = higher risk)
Estimated State/Region of the IP address
Estimated City of the IP address
Estimated Latitude of the IP address
Estimated Longitude of the IP address
ISP of the IP address
Organization of the IP address
Whether IP address is behind an anonymous proxy(anonymous proxy = very high risk)
Likelihood of IP Address being an open proxy(transparent)
Whether e-mail is from free e-mail provider
Whether e-mail is in database of high risk e-mails
Whether usernameMD5 input is in database of high risk usernames.
Whether passwordMD5 input is in database of high risk passwords.
Whether country of issuing bank based on BIN number matches billing address country
Country Code of the bank which issued the credit card based on BIN number
Whether name of issuing bank matches entered BIN name. A return value of Yes provides a positive indication that cardholder is in possession of credit card
Name of the bank which issued the credit card based on BIN number
Whether customer service phone number matches BIN phone. A return value of Yes provides a positive indication that cardholder is in possession of credit card.
Customer service phone number listed on back of credit card.
Whether the customer phone number is in the billing zip code.
Whether shipping address is in database of known mail drops.
Whether billing city and state match ZIP code.
Whether shipping city and state match ZIP code.
After gathering of all data, rules in chain applies to order data sequentially, increasing or decreasing total fraud score.
Rules chain consists of following rules:
Cardholder country rating(global list)
Cardholder country rating(as set up by merchant)
Cardholders IP found in black lists
Cardholders IP range found in black list
Cardholders email found in merchants black list
Cardholders email found in global black list
Cardholders email found in forbidden email providers list
Card PAN doesnt present in global black list
Card PAN doesnt present in merchants black list
Cardholders address not in global black list
Cardholders address not in merchants black list
Order amount doesnt exceeds global purchase limit
Order amount doesnt exceeds local(merchant) purchase limit
Single PAN daily turnover doesnt exceeds global daily limit
Single PAN daily turnover doesnt exceeds local(merchant) daily limit
Billing address daily turnover doesnt exceeds global daily limit
Billing address daily turnover doesnt exceeds local(merchant) daily limit
PAN number brute force check
Expiry date brute force check
CVV brute force check
This is base rules set. Our fraud officer constantly monitors transaction flow and modifies existing rules and implements new ones to gain maximum fraud prevention efficiency.
Transaction history analysis(in-house service): After successful rules checking, transaction data verified against pool of existing transactions, enabling most accurate results and fraud decisions possible. If this routine detects no reasons to block further processing.
Transaction history analysis(external service): If in-house transaction history doesn?t shows signs of fraud, external database enters into business.
Online Verification Procedures Over the years, I?ve come across dozens of procedure lists for top-tier merchants regarding online transations and fraud reduction. I?ll detail several companies verification procedures below.
While most virtual carders are aware of the various procedures in place to verify orders placed online, few actually understand the implementation of fraud scoring, and the order in which these verification methods are used. The Risk Management Toolkit
AVS
CVV
IP/GEO/BIN
Cardholder Authentication (VbV/MSC)
Phone Verifications
Manual Order Reviews
Chargebacks & Representments
PCI Compliance & Data Security
AVS ? Address Verification Service
How It Works
Provides a Match or Non-Match Result for only the Billing Street # and Billing Zip Code? not the actual address. (i.e. ?1234 Test Street? is parsed into ?1234? just the same as ?1234 Wrong Way? would be).
Implementation
Available on any Internet merchant account and virtually any Payment Gateway.
Most gateways provide an AVS configuration area where you can specify whether you want to automatically?decline? (i.e. do not settle) an authorization that has an AVS mis-match or non-match.
Benefits
Easy to implement
Limitations
Works only for U.S., CND, U.K. cardholders so this does not help you scrub most international transactions.
A growing % of compromised credit cards ? especially those obtained through inside jobs or hacked databases? will also contain the necessary information to provide a valid AVS match result.
Recommendation
If you handle a mix of int?l and U.S. sales, you will want consider scrubbing with AVS on the U.S. transactions but do NOT scrub via AVS for any international transactions as they will always fail. AVS should not beconsidered a primary means of verifying the validity of a transaction. Nearly 20% of the fraud can potentially be eliminated by scrubbing ?Non-Matched? AVS match results.
CVV ? Card Verification Value
How It Works
A service with many names ? CVV2, CVC2, CID ? but the premise is the same for all.
Provides a Match or Non-Match Result for the 3-digit or 4-digit number embossed on the back of the cardholder?s card. The CVV is NOT generally encoded on the magnetic stripe and therefore is less likely to be captured as part of a card skimming tactic.
Implementation
Available on any Internet merchant account and virtually any Payment Gateway.
Most gateways provide an CVV configuration area where you can specify whether you want to automatically ?decline? (i.e. do notsettle) an authorization that has an CVV non-match or non-entry.
Benefits
Works for virtually ALL cardholder accounts ? both U.S. and international.
There is no valid reason why a legitimate cardholder, in possession of the card, would not be able to enter a 100% matching numberfor this.
Merchants are not allowed to store CVV and as such the CVV # is less vulnerable than the data used for AVS.
Limitations
CVV data can only be used for a real-time transaction. CVV data can not be stored and therefore can not be utilized for Recurring Transactions.
Recommendation
CVV is a recommended service to utilize for ALL initial transactions processed. Based on our internal charge-back analysis, merchants can reduce their fraud ratesby as much as 70% by simply requiring a matching CVV result.
IP/GEO/BIN Scrubbing
How It Works
Compares the IP address of the customer purchasing with their stated geographic location (i.e. why is the customer from California ordering from Europe?)
Compares the BIN # (first 6 digits) of the credit card with the IP or stated geographic location of the customer (i.e. the customer isusing an US-issued credit card but they are from Europe?)
Based on the IP and BIN # and other customer-inputted data, a vast amount of information can be returned on the transaction.
Implementation
Custom direct integration into a service such as MaxMind.com
Use an existing integration that is part of a Shopping Cart such as X-Cart, LiteCommerce, osCommerce, ZenCart,ASPDotNetStorefront.
Use an existing integration that is part of a Billing System such as WHMCompleteSolution, ClientExec or Ubersmith.
Use an existing integration that is part of a Payment Gateway such as the Quantum Payment Gateway.
Benefits
Fast, Cost Effective and Non-Intrusive
Provides merchants with an excellent ?do the pieces fit consistently?? analysis.
Can block up to 89% of all fraud if properly implemented
Limitations
Generally not reliable for AOL users due to the way that AOL routes its traffic (AOL users require a merchant-specific approach)
Proxy database is always in a real-time process of being updated as new proxies open up.
Recommendation
IP/GEO/BIN fraud scores should be used in the order evaluation process more as a means of flagging transactions as ?high risk? formore intensive scrubbing vs. being an outright decline.
Examples of what IP Geo-Location can tell you:
YELLOW ALERTS
Free E-mail Address: is the user ordering from a free e-mail address?
Customer Phone #: does the customer phone # match the user?s billing location? (Only for U.S.)
BIN Country Match: does the BIN # from the card match the country the user states they are in?
BIN Issuing Bank Name: does the user?s inputted name for the bank match the database for that BIN?
BIN Phone Match: does the customer service phone # given by the user match the database for that BIN?
RED ALERTS
Country Match: does the country that the user is ordering from match where they state they are ordering from?
High Risk Country: is the user ordering from one of the designated high risk countries?
Anonymous Proxy & Proxy Score: what is the likelihood that the user is utilizing an anonymous proxy?
Carder E-mail: is the user ordering from an e-mail address that has been used for fraudulent orders?
High Risk Username/Passwords: is the user utilizing a username or password used previously for fraud?
Ship Forwarding Address: is the user specifying a known drop shipping address
IP/GEO/BIN Scrubbing (Continued)
Open/Anonymous Proxies: an open proxy is often a compromised ?zombie? computer running a proxy service that was installed by a computer virus or hacker. The computer is then used to commit credit card fraud or other illegal activity. In some circumstances, an open proxy may be a legitimate anonymizing service that is simply recycling its IP addresses. Detecting anonymous proxies is always an on going battle as new ones pop up and may remain undetected for some time.
26% of orders placed with from open proxies on the MaxMind min Fraud service ended up being fraudulent. Extra verification steps are strongly recommended for any transaction originating from anopen/anonymous proxy.
High-Risk Countries: these are countries that have a disproportionate amount of fraudulent orders, specificallyEgypt, Ghana, Indonesia, Lebanon, Macedonia, Morocco,Nigeria, Pakistan, Romania, Serbia and Montenegro, Ukraine and Vietnam. 32% of orders placed through the MaxMind min Fraud service from high-risk countries were fraudulent. Extra verification steps should be required for any transaction originating from a high risk country.
Country Mismatch: this takes place when the IP geolocation country of the customer does not match their billing country. 21% of orders placed with a country mismatch on the MaxMind m******* service ended up being fraudulent. Extra verification steps are recommended for any transaction with a country mismatch.
Results that speak for themselves:
ChangeIP ? is a DNS and domain name registration provider. The company provides free and custom Dynamic DNS services to more than 50,000 users. Before implementing MaxMind, ChangeIP was losing as much as $1,000 per month because it sold instantly delivered digital goods and could not recover the losses if the purchase turned out to be fraudulent. After implementing MaxMind, losses were reduced by 90%.
MeccaHosting ? is a Web hosting company based in Colorado. Since integrating MaxMind, Mecca Hosting has not received a single chargeback. On average, 12-15 fraudulent orders pass through the in-house checks each month but are flagged by MaxMind. Over the last 5 months, this has saved MeccaHosting atleast 60 chargebacks and $6,000 in unnecessary costs.
Red Fox UK ? is a Web hosting provider and software development company based in the UK which offers solutions for smalland medium sized businesses all over the world. By using MaxMind, Red Fox UK was able to increase its revenue by 4% while reducing its chargebacks by 90%.
365 Inc. ? is a digital media and e-tailer specializing in soccer & rugby with a large international customer base that processes over 10,000 transactions per month. By integrating MaxMind, chargebacks were reduced byover 96% from more than $10,000 per month to less than $500 per month. At this point, most charge backs are general order disputes as opposed to fraud.
0 Comments:
Post a Comment