DataHosts Posted October 20, 2006 Share Posted October 20, 2006 fraudlabs.com whitepaper Every merchant should aware of online credit card fraud, although it is something that can never be completely eliminated, but rather something that must be managed. One of the most important factors in controlling fraud is understanding the customer and implementing security measures that can adapt to the level of risk in each transaction. Applying fraud detection web services such as FraudLabs™ supplies in the order management can greatly reduce credit card fraud. This white paper focuses on preventative methods and procedures that merchants can perform in order to limit credit card fraud. 1. Geolocation by IP address In the world of e-commerce, knowing the online buyers geographic information can help to prevent fraud. Geolocation technology provides the absolute geographic location by IP address of the computer from which the order is made in real-time e-commerce transactions, which can identify locations where the probability of fraud is the highest. Geolocation by IP address can identify the user's exact location or calculate the distance between billing address of online buyers and actual location of persons entering the orders. As a result, it allows the merchants to apply additional authentication measures or identification for those transactions which show a great difference of distance. As a result, Geolocation technology delivers data that helps merchants determine which transactions to review and which to allow. This creates a beneficial balance between the risk of fraud losses and that of blocking legitimate customers. Legitimate customers will actually welcome legitimate authentication measures, which will protect them from credit card fraud also and keep the costs of doing business on the Internet down, especially if the customer is properly informed and advised by the merchant of these protection measures. Using a service such as that provided by FraudLabs™ can keep the cost of authentication down as you can target the authentication toward the most probably geographic locations for fraud. 2. Comparison of the IP address country with the billing address country An IP address is a unique network identifier issued by an Internet Service Provider to a user’s computer every time they are logged on to the Internet. Make sure the IP address country and the billing address country are the same. By using fraud detection web services like FraudLabs™, you can detect the IP address country for the customers that are placing the orders. If the customers billing and shipping addresses are in the US, but the person placing the order is logged in from an IP in Russia, this will require closer scrutiny, and will often trigger anti-fraud precautions. Although this situation could be legitimate, but it's probably worth a phone call to the customer's US phone number or other measures to confirm the order and the identity of the credit card user. 3. Check whether the country is a “high risk” country Always require closer inspection for orders that being shipped to an international address. Pay more attention if the card or the shipping address is in an area prone to credit card fraud. According to a ClearCommerce® survey, the top 12 international sources for online fraud are Ukraine, Indonesia, Yugoslavia, Lithuania, Egypt, Romania, Bulgaria, Turkey, Russia, Pakistan, Malaysia, and Israel. The same survey also showed that the 12 countries with the lowest fraud rates are Austria, New Zealand, Taiwan, Norway, Spain, Japan, Switzerland, South Africa, Hong Kong, the UK, France, and Australia. FraudLabs™ IP Geolocation service can identify the country of origin for businesses who need this information. While the fact that an order originates or is being delivered to one of the high risk countries is not, in itself, an indication of fraud, nor is the indication that the order originates in a low risk country any guarantee of its legitimacy, the trends and statistics are there, and merchants must use information about the origin and delivery addresses as a guide to how much authentication they should require from customers. 4. Check whether a free or anonymous e-mail address was used Be aware that online buyers using free anonymous e-mail providers such as hotmail.com or yahoo.com are virtually untraceable. There is a much higher incidence of fraud coming from free email services than from paid service providers. Virtually everyone who has a free, web-based email address or forwarding address also has a traceable ISP address. While many legitimate customers use free email addresses, because they are convenient and economical. It is also true that most fraudsters use free email addresses in order to remain anonymous. However, most businesses purchasing a business product have their own domain names and even if they do not, they would not use a free email address. For these reasons, you need to have some way to get additional information when a free email address is used, such as the ability to locate the customer geographically when they place their order, so you will know which orders need further checking for authenticity. Keep an eye out for newly registered domain names. This is because fraudsters can register a new domain easily using the stolen credit card to pose as a new business entity. FraudLabs™ can provide the free email detection to help you make these decisions. 5. Check whether an anonymous proxy server was used to place the order Anonymous proxy servers allow Internet users to hide their actual IP address. The main purpose using a proxy server is to remain anonymous or to avoid being detected. While well known businesses use this to protect internal networks, fraudsters hide themselves behind anonymous proxy servers. It is not easy to detect anonymous proxy servers because they appear and disappear from time to time. FraudLabs™ provides a hassle free method to keep the always up-to-date anonymous proxy server list as web service. 6. Check whether the mailing address is a mailbox or ship-forward service Fraudsters prefer to stay untraceable but still need to collect physical merchandise. One way is to use a public P.O.Box, a private mailbox, or a drop shipment forwarding address as a temporary point of receiving. Never send merchandise to a public rented mailbox, a P.O. Box (except for those you identify as legitimate major companies by phoning their listed number), or shipping forwarder, because the actual location and identity of the receiver is undetectable. 7. Check whether the phone number is valid and located within the correct ZIP code Often, merchant will discover orders with invalid zip codes or a mismatch between the zip code and area code will produce fraud rates that are significantly higher than usual. They may wish to apply more rigorous fraud prevention standards by verifying the validity of zip code and the area code. In addition, if the phone is identified as a V.O.I.P phone, offered by many services these days, a delay in shipment until the payment clears may be in order, especially for non-times sensitive items. 8. Compare the credit card issuing bank’s country with the billing address country Another key point to bear in mind is to check the issuing country and the billing address. Make sure the issuing country and billing address country are the same. This is especially important, because minor banks may not have rigorous identification procedures. 9. Call the credit card issuing bank to verify the validity of credit card If online merchants have any suspicions about an order and need to confirm the details of the order, they can call the issuing bank and ask to confirm the general account details. This is to make sure that the card is not stolen. The issuing bank phone number is based on the first 6 digits of credit card number known as the Bank Identification Number (BIN). 10. Request more identification if in doubt While consumers value their privacy and require quick web site ordering facilities, it is important to gather sufficient customer identity details during the ordering process. The customers’ name, credit card number and expiry date is not enough. Merchants should call them for verification through phone or request a photo ID to be faxed if they have any doubts.[/url] 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.