Velocity ChecksA Critical Component of Your Fraud Prevention Strategy

Velocity Checks: One of the 10 Key Fraud Prevention Tools

When we talk about fraud, it’s important to remember that it’s not a singular, static problem with just one solution. Effective fraud management demands a multilayer approach, deploying a variety of tactics to attack fraud from multiple angles.

For instance, did you know that a fraudster who submits an unauthorized transaction is probably not the same person who stole a cardholder’s information?

Fraudsters usually buy stolen cardholder information in bulk from hackers. They also run numerous transactions in quick succession, with the aim being to get as much value out of the data as possible before being detected.

So, if that’s the case, you could stop many fraud attacks — or at least minimize losses — by deploying a tool to restrict the number of transactions a user can submit at a time. That’s why velocity checks should become a cornerstone of your anti-fraud strategy.

What are Velocity Checks?

Velocity Checks

[noun]/* və • lä • sə • dē • CHek/

Velocity checks (sometimes referred to as “velocity limits”) are a fraud prevention mechanism widely used by eCommerce merchants. The tool is designed to flag potential fraud based on the rate at which a buyer submits multiple transactions.

Many of the card numbers that fraudsters buy will be invalid. Knowing this, they typically “test” the cards by trying to run repeated transactions. If the transaction is declined, they know the card information is invalid. If it’s accepted, though, then they have a finite window of time in which to use the stolen information before the cardholder discovers the abuse.

When fraudsters find a valid card number, they’ll typically max out the card. They run repeated transactions in an attempt to get as much out of the stolen data as possible. The result: they get away with a cache of stolen information, while you get slammed with chargebacks.

If a fraudster uses your shop to test cards or to run transactions using a working card, you’re the one who ends up footing the bill. You’ll face chargebacks once the cardholders discover the fraud and will be responsible for the resulting fees, lost revenue, and additional costs. This is where velocity checks come in.

Velocity checks are designed to scan the information submitted with each transaction and flag repeated submissions of the same information in a designated time period. This allows you to segment out suspicious transactions. You can identify cases in which a fraudster might be engaged in card testing, or trying to run multiple transactions with a valid card number.

This technology lets you review customer data based on a variety of factors including:

• Email Address
• First/Last Name
• Device
• IP Address
• Billing Address
• Shipping Address
• Card Number

How Do Velocity Checks Work?

Velocity limits can be implemented according to two specific indicators:

Velocity checks establish a correlation between users and actions (or combinations thereof). These data points are then ranked by a complex system of algorithms to determine a regularity function. This function is then compared against an element of time.

In English, this means the velocity algorithm compares historical user data against current transaction data. This is done in the context of a pre-programmed ruleset. For example, if a user initiates a bunch of transactions in rapid succession which contradicts historical data for that customer, the transaction will be flagged.

A secondary component of this system would entail a customer initiating transactions that trigger the predetermined ruleset in any meaningful way. For instance, a handful of purchases made outside of regional operating hours, several purchases made in unusually small increments, etc. These data points can be found using sources like device fingerprinting and canvas fingerprinting.

4 Steps to Deploy Velocity Limits

To date, there are countless combinations of velocity rules that you can apply to filter out questionable users or transactions. That said, fraud detection platforms offering velocity checks typically follow specific steps:

Once the machine has done its work, it’s up to you to decide how to proceed. This is a fairly swift process that occurs in just seconds, with limited friction introduced at checkout.

The Importance of Velocity Checks

The beauty of velocity checks is how customizable they are. You literally get to pick and choose which combinations of fraud indicators are most relevant for your business, and how you want to respond to each instance.

Additionally, when implemented wisely, controls can have a profound impact on our understanding of fraudster behaviors. They can also provide a benchmark for responding to and fighting back against friendly fraud. Indeed, velocity rules can help identify several threats, such as:

• Account Takeover (ATO) Fraud
• Card Testing Fraud
• Bots and Bot Farms
• Chargeback Fraud
• Synthetic Fraud

All that said, it’s never wise to rely on one anti-fraud tool at a time. There could be a potential downside to this software if not deployed correctly.

Velocity Checks & False Positives

Unfortunately, no anti-fraud solution is perfect on its own. There’s a genuine risk that velocity checks could generate false positives and stop legitimate buyers from completing purchases. The odds of this happening are low, but it’s possible if you’re over-relying on these checks as an indicator.

Velocity checks should operate as a cumulative indicator. You shouldn’t necessarily reject a transaction based on a single data element that happens to show up multiple times. For instance, let’s say you have multiple purchasers with the same name or living in the same building. If you relied solely on one data element to judge whether that transaction was fraudulent, you might end up rejecting both of these legitimate buyers.

The key to making this technology work is having relevant data elements and leveraging them properly. When you use velocity checks, there are three basic components you’re monitoring. First, there’s the individual data element, then the number of transactions in which that data element is present. Finally, there’s the time frame in which those transactions are submitted.

There isn’t a clear standard for all merchants across the board that can determine whether the activity should be flagged and reviewed manually for potential fraud. Instead, you should adapt the tool to flag transactions based on what makes sense for your business.

Is it common for your customers to complete several transactions within a 24-hour time frame? Or for the same customer to buy the same item several times? Do you often see multiple transactions using the same address, but different payment methods?

How you set the parameters for velocity controls will determine how effective the tools will be. Going a step further, adopting a multi-layered strategy will be the key to your fraud prevention success.

A Multi-Tiered Strategy is Best

Even with precision-tuned velocity checks in place, you still won’t be able to intercept every fraudulent transaction that comes your way.

A single fraud prevention tool can stop some bad actors, but it won’t be able to stop every scammer. This is because fraud is a dynamic and constantly-evolving problem. Fraudsters can use a variety of different tactics and approaches to steal from you and your customers.

This doesn’t imply that you should write off velocity checks. It simply means you shouldn’t rely solely on velocity checks as a singular fraud indicator.

In the examples we used above, we advised against using a single data element to judge whether a transaction was or wasn’t fraudulent. The same goes for individual fraud prevention tools. You should think of velocity checks as just one part of a larger fraud management strategy.

Velocity checks work best alongside other fraud prevention tools as part of a broader strategy. For instance, you could adopt:

• Address Verification Service (AVS)
• CVV Verification
• Geolocation
• Proxy Piercing
• Biometrics
• Affiliate fraud screening

Learn more about fraud detection tools

All these fraud management tools and tactics should be examined in context by submitting each transaction to dynamic fraud scoring. This will produce a simple, data-driven figure determining the relative risk each transaction poses. You can then reject risky transactions automatically, or on a case-by-case basis.

Velocity Controls Can’t Detect All Fraud Sources

While it’s important to use velocity checks and other tools to identify and prevent fraud before the sale, you need to be aware of fraud that occurs after the sale, too.

Friendly fraud is projected to represent more than 60% of all chargebacks by 2023. Velocity checks can’t address this problem because the fraud is post-transactional in nature. For friendly fraud, your best bet is to engage in tactical chargeback representment.

Have additional questions about chargeback management? Want to learn how you can implement velocity checks as part of your fraud management strategy? Click below and speak to one of our experts today.