Detecting Credit Card FraudOur Top 15 Fraud Detection Tips For Merchants

Detecting Credit Card Fraud: 15 Steps to Follow for Safer, More Secure Transactions

Credit card fraudsters have some new tricks up their sleeves.

As more commerce shifts online, spikes in card-not-present fraud are occurring in lockstep. In fact, CNP fraud now accounts for a staggering 80% of all fraudulent transactions in the US.

If you accept debit and credit cards online, investing in resources to detect fraud is absolutely essential. You’ll need the right tools and strategies in place to meet this challenge head-on and limit your exposure.

Having said that, what exactly does credit card fraud detection refer to? What’s the real value of detecting credit card fraud, and how do you start the process? Let’s get into it. 

What Does Credit Card Fraud Detection Entail?

First, let's start at the beginning.

At their core, fraud detection strategies require some form of data gathering and analysis. Most depend on one of two core frameworks: statistical analysis and artificial intelligence-based analysis through machine learning. These break down as follows:

Statistical Analysis

The general concept behind statistical analysis is to detect and gather potentially fraudulent data. Then, compare it against any historical data to determine if the transaction raises any fraud red flags. 

Statistical analysis can be performed through a series of system-based operations (through a POS terminal or CRM management system). It can also be done manually. In either case, it often includes:

• Data Matching: Comparing data points to eliminate duplicate records and identify links between data sets.
• Establishing Parameters: Statistical parameters and benchmarks based on averages, performance metrics, and probability ranges for accurate data capturing.
• Probability Factoring: Mapping the probability of fraudulent activities based on data captures and analysis to determine the likelihood of fraud.
• Variable Analysis: Analyzing the potential relationship between two or more variables and comparing incoming and historical data to establish patterns.

Machine Learning

Many merchants have shifted their fraud detection focus to AI-based software like machine learning. It’s capable of eliminating much of the “heavy lifting” in data analysis. AI-based programs can observe, identify, isolate, and sort incoming transactions in literal seconds. This is obviously a speed human beings simply can’t match.

AI-based machine learning programs use the following techniques to detect fraud:

• Data Mining: Based on predetermined rulesets, AI systems can collect and filter data in real-time. From this, associations can be made that signify fraud patterns to the computer.
• Neural Classification: Neural network functionality enables the system to classify incoming data and associations. Any flagged data will then proceed through a series of interconnected rulesets to determine if they meet pattern-based fraud criteria.
• Pattern Recognition: Neural networks can be scanned for fraudulent patterns. If a transaction meets any preset fraud parameters, it will be sorted for more screening or flagged for manual review.

The “learning” in machine learning represents the software’s key capability. The system can effectively “learn” based on the amount and quality of data it is fed, essentially becoming more accurate over time. But, while this system is incredibly advanced and innovative, it must be guided by human oversight to function properly. 

Machines aren’t capable of making complex, logical decisions. The machine can, therefore, only sort and flag that information according to predetermined rules. This is why most merchants tend to benefit from a more blended approach to detecting credit fraud (more on this later).

The Value of Credit Card Fraud Detection

Remember: fraud isn’t going anywhere. Technology can provide many helpful tools, but none of these can fully stop fraud on their own. If anything, fraud simply becomes more advanced as we do, making it apparent that you will need a fraud strategy that is adaptable, scalable, and versatile.

You can’t limit your fraud strategy to only responding to incoming attacks. You also have to prepare your business for the future, too.

This calls for a comprehensive, multi-faceted fraud strategy. With a strategy like this in place, you should see the following benefits:

As you can see, having a comprehensive fraud detection strategy in place provides a lot of benefits. However, if you don’t have a fraud prevention strategy already, how do you get started? Better still, if you have one that isn’t working, where can it be improved? 

Our Top 15 Best Practices for Detecting Credit Card Fraud

Detecting credit card fraud involves a lot of moving parts. You want to ensure that you’re catching fraudulent transactions before you process them. However, the true aim here is to go beyond fraud detection alone.

You can’t just st up on a couple of static tools and expect that’s going to work. You need to coordinate tools and practices, and also compare your data to incoming trends and potential patterns. This will let you refine processes and adapt as fraudsters’ tactics evolve.

To help you get started, here are our top 15 best practices for detecting credit card fraud in eCommerce today:

The absolute first step for detecting credit card fraud is to know what you’re looking for. Educating yourself about the various threats your business faces should be the foundation you build your strategy on. 

Generally speaking, there are three main types of fraud:

• Third-Party Fraud: Criminal fraud committed by an outside party unknown to the cardholder or merchant in question. Third-party fraud consists of methods like account takeover fraud (ATO), phishing, synthetic fraud, and others.
• Second-Party Fraud: This usually involves a third-party fraudster making an ally of a legitimate cardholder to defraud an organization or business. So-called “muling” and reshipping schemes are both examples of second-party fraud.
• First-Party Fraud: This is post-transactional in nature and is typically committed by an otherwise legitimate cardholder. Friendly fraud, wardrobing, and refund fraud are all examples of first-party fraud.

Not every payment processor is going to be right for your business. You’ll need to shop around to find the one that suits your needs best, beginning with their fraud management policies and fee scales. 

It’s also important to note that if your fraud rate climbs above a certain threshold, your processor may label you a “high-risk” merchant. Merchants who find themselves in this category often pay much higher fees than their peers, but will have more leeway in terms of how they approach fraud and chargeback management.

A key point of your strategy should be the fraud detection tools you use in-house to identify and flag incoming transactions. Like we mentioned above, though, deploying individual tools with no strategy for how to coordinate them won’t get you results.

Rising to meet a dynamic challenge like third-party fraud requires having multiple tools in place, all working in tandem. A few options you should look into include:

• Address Verification Service (AVS)
• Device Fingerprinting
• Geolocation
• Proxy Piercing
• Velocity Checks

Your business produces a lot of valuable data. You have incoming sales data, historical transactional data, and key performance indicators (KPIs), just to name a few sources.

This data should be easily accessible, retrievable, actionable, and comparable with other factors to compile a more informed risk profile for your business. This information can tell you if your business has been targeted by the same fraudster more than once, which acts of fraud you’re most susceptible to, and how much revenue you’re losing overall. 

Without accurate data analysis, you will struggle to know what is working for (or against) your business. By extension, you won’t know how to resolve any issues.

Accurate data analysis requires excellent recordkeeping. Many point-of-sale software platforms come with built-in analytics and data retrieval programs. However, you should probably not depend on these alone, as you may be required to dig a little deeper into your processes should chargebacks become a factor. 

You need to have a dedicated space, process, and data management protocol in place for all transactional and user documentation. 

Beyond analysis and filing, your POS software itself needs to be consistently updated to keep your business safe from fraud. If you miss too many updates, there’s a chance that your software could be vulnerable to attack or influence.

Running daily, weekly, and monthly checks is always a prudent plan. Also, if you are instructed by the software’s creator to patch or update your software, this should be done as quickly as possible.

EMV chip technology is effectively mandated for merchants in the US.

If you refuse to comply with EMV standards and regulations, or process a card transaction using magnetic stripe for any reason, you will be held liable for any resulting acts of fraud. So, generally speaking, if you want to accept credit and debit cards as payment, then maintaining EMV compliance is a must. 

That said, remember that EMV technology only has use in card-present transactions. It won’t help you in the card-not-present space. You’ll need to deploy multiple fraud tools in tandem (above) to spot and stop online credit card fraud.

IP addresses are typically logged every time an online customer makes a purchase. You can locate these near the customer’s physical address field

If a buyer’s IP address originates well outside of that customer’s physical region, the transaction should be flagged for manual review. How you should proceed varies on a case-by-case basis. It might be safer to aggravate a paying customer than expose your business to potential fraud. 

Never take any orders from an anonymous source. Make email input fields mandatory for checkout, and validate the email in question to ensure it’s not a fake or temporary email. Finally, always verify that the email matches any historical data you may have for that customer. 

It’s often much easier to spot a fraudster in a physical situation, like at an in-store cash wrap. People generally have tells that give them away, like shifty mannerisms or lacking a physical identification in the cardholder’s name, etc. 

Online, it’s trickier. You have to weed through suspect behaviors. For instance, a buyer making an uncharacteristically large purchase all of a sudden, making lots of little orders all at once, or shopping well outside of the cardholder’s physical location. It is more difficult to spot fraud online, but combining fraud tools with manual review can help you stop those transactions before they ever happen. 

Many products and services are automatically considered higher risk than others. For example, if you sell any of the products below, you might consider additional authentication procedures:

• Digital goods (games, music etc.)
• Electronics
• Gift cards
• Jewelry
• High-dollar ticket items

When you’re unsure about a transaction, you can call the credit card issuer or company directly to investigate the matter. This is known as a code 10 authorization call in bankspeak. 

Basically, Code 10 authorization procedures will pass you through a series of “yes” and “no” questions that are designed to help verify the cardholder’s identity. If the customer is shopping online, you’d do this during your manual review process. If in person, the customer will never know what you’re asking about since you’ll only be answering “yes” or “no” over the phone. If it’s approved, the customer will walk away happy, and if denied, you can simply say the transaction was rejected by the cardholder’s bank and supply them with a number to call.

Now that you’ve become more familiar with the fraud detection and prevention process, you need to set up training and resources for your employees. Odds are you won’t always be the person ringing orders in a physical location, nor the individual performing manual review of flagged online orders. In any case, every person that handles transactions for your company should receive regular and ongoing fraud training. 

Don’t forget about the post-transactional threats we mentioned above. For instance, friendly fraud accounts for up to 60% of all chargebacks and disputes.

If anything feels “off” about a transaction, you should take a closer look at that transaction or note those feelings before settlement. But keep in mind, you probably won’t know that your customer is going to commit first-party fraud until the moment you get notified about the dispute. This is why it’s absolutely critical that you take first-party fraud into consideration when crafting your fraud prevention strategy. 

Our stance has always been that you can’t fight one fraud source without thinking about all other sources. That’s why taking a more blended approach to detecting credit card fraud is your best bet.

Multi-layered fraud management strategies include conventional tools like address verification and geolocation. However, there are also tools like chargeback alerts and dispute management, as well as best practices to limit risk and increase revenue. 

Fraud detection is complex. Even with a solid plan, there’s no guarantee that you’ll see optimal results. But, by incorporating more tools and tactics, and deploying them in a strategic manner, you can give yourself a good chance of minimizing fraud.

You’ve got the basics. But, why not go the extra step to improve your odds and optimize your approach to fraud detection?

End-to-end dispute management solutions from Chargebacks911® can help you retain more revenue and make fraud detection and chargeback mitigation tasks more efficient. We give your clients the ability to reallocate their resources from defense to more revenue-generating operations. And, of course, this is all backed by the industry’s only performance-based ROI guarantee.

Contact us today to learn more about our solutions and how Chargebacks911 can help optimize your online fraud detection efforts.