How to Prevent Bust-Out FraudHelpful Tips & Tricks to Stay Safe
Tips to Stop Bust-Out Fraudsters From Harming Your Business
The difficult thing about preventing bust-out fraud as a merchant is that the ability to stop this type of scam largely lies upstream. That is, the financial institutions that approve and issue credit to customers.
In other words, if an issuing bank fails to prevent a fraudster from getting their hands on a credit card, there’s little stopping that same fraudster from transacting with you. That said, there are a few things you can do, which we’ll share with you in this chapter.
Bust-Out Fraud
Scammers often look like legitimate cardholders... at least until they suddenly don’t. Take bust-out fraud, for instance. This happens when a scammer uses a synthetic identity to open up credit cards with issuing banks, build up a credit history, then max out the card and disappear.
Preventing Bust-Out Fraud as a Merchant
Some best practices that can help you avoid bust-out fraud include mandating account creation, using biometrics when possible, and requesting multiple forms of ID.
It’s common to rely on fraud detection tools at checkout, like address verification services (AVS) and card verification value (CVV) checks, to prevent eCommerce fraud.
Unfortunately, these traditional tools are mostly ineffective against bust-out fraud. That’s because bust-out fraudsters receive cards directly from the issuing banks they con. Unlike a traditional scam, bust-out scammers aren’t using stolen payment details to checkout, so the information they provide at the point of sale is likely to appear legitimate.
There is one weakness to a bust-out scam, though, that could be key. To hide their tracks, fraudsters don’t apply for cards using their own information. Instead, they supply stolen or synthetic identities to issuing banks. As a merchant, you can use this same weakness to your advantage by:
Mandating Account Creation Prior to Checkout
Here’s the logic: if bust-out fraudsters are using fake identities to obtain credit cards, they’ll probably create an account with you using that same fake information.
By disabling guest checkout and requiring customers to create accounts pre-purchase, you make it harder for bust-out scammers to buy from you anonymously. This puts you in a better position to identify accounts that appear suspicious.
Using Biometric Verification at Signup
Requiring users to sign up and stay logged in during checkout won’t matter, however, if you let just anyone create an account.
Deliberately introducing friction into the signup process by requiring biometric verification during the account creation process can help weed out bust-out fraudsters who use synthetic identities.
Some sophisticated scammers may attempt to defeat your biometric security systems via presentation attacks. But, even these tactics can be thwarted (or at least mitigated) if you implement active liveness detection checks at onboarding.
Requiring Multiple Forms of Authentication Before Onboarding
To make your account creation flow as secure as possible, you shouldn’t rely on biometrics alone.
Instead, require users to provide multiple forms of authentication at signup. We’re talking about government-issued identification documents, photographs, proof of address, and other records that prove that they are who they say they are.
Once you receive these documents, scrutinize them for signs of tampering, and cross-reference them with information available on public databases and social media platforms. This can help you catch users who attempt to pass off fabricated information as their own. In turn, that may help you block bust-out fraudsters from engaging with your business before they even have a chance to buy anything from you.
