Results 1 to 13 of 13

Thread: Fraud Checking

  1. #1

    Fraud Checking

    I know there are several different services and companies which can be used to do fraud screening or even to insure you against credit card fraud. Who is using any of these? What are some of them? Do they work?

    What else are you doing to avoid fraudulent charges?

  2. #2
    Join Date
    Mar 2003
    Posts
    2,677
    We have begun using fraudguardian (modernbill module) as well as our own system of checks to verify each order.

  3. #3
    Hey Matt, can you please explain a little more about FraudGuardian? How it works, what it checks, effectiveness, etc?

    Thanks.
    SuperWebHost.com, a Digitally Justified Company
    Celebrating our 9th year in Business

    Proudly Hosting with CANADIAN bandwidth
    Managed Hosting, Multi-Domain Hosting, Colocation, Merchant Accounts

  4. #4
    Join Date
    Aug 2003
    Location
    Chesapeake, VA
    Posts
    3,381
    There are a number of things that can be done to screen for fraud. Here are a few:

    1) AVS - Address Verification Service. Verifies whether the specified street # and zip code match the one on record for the cardholder. Not available on foreign-issued cards.

    2) CVV2 - Cardholder Verification Value. 3-digit on VISA/MC, 4-digit on AMEX code that is embossed on the card. The cardholder should be able to produce and have this number match. This is a useful security precaution but not 100% foolproof. (nothing is)

    3) IP-Logging and Verification - long story short, if someone claims to be from Texas but their IP shows them being in Russia, then "Houston, we have a problem"

    4) Negative Databases - these are databases that have lists of cardholders who abuse their card privileges and frequently charge back sales. Sales to these folks can be declined.

    5) Geographic Limits - there are certain "hot spots" for credit card fraud and it is possible to setup your system to auto-reject orders from these regions and/or countries.

    6) Momentum Tracking - to avoid fraudsters from going to a site and running through a hundred stolen cards just to test which ones are good or not, IP-based and time-based momentum tracking can be used to prevent this from happening.

    7) Transaction floor & ceilings - it is possible to set a minimum or maximum transaction amount on the back-end of some gateways to prevent people from spoofing a higher value or lower value through your shopping cart or ordering system.

    8) Limitation on credit returns - to protect against someone who tries to get into a merchant's vterminal and issue a credit return back to a stolen card for some huge amount, some gateways can limit credit returns to only be able to be applied to previous sales.

    9) Phone Verifications on any large sales - if someone orders a big package or a big ticket item, it always pays to do a phone verification prior to releasing access. Some people do this for -every- sale but this is a decision individual to each merchant.

    10) "Verified by VISA" and other new initiatives - these are designed to add another layer of verification and authentication on a given credit card transaction. Once they become more widely adopted, these initiatives will be useful tools.

    11) Combined Multi-Factor Analysis - very much akin to a "spam filter", there are systems that attach points or weighted values to all of the above risk factors to reach a final risk factor figure and then the trans is accepted or rejected based upon that final "risk score."

    So... in a nutshell, those are a few ways to conduct fraud screening. There are many "detail points" underneath each of them of course but the above is a good quick overview.

    With respect to actually companies that "bundle in" all of the above - there are several. FraudScreen.net is probably one of the most popular and this one is offered through Authorize.Net.

    In addition, there is a service offered by Qualsys through Verisign that provides a comparable fraud screening function.

    Lastly, the FraudGuardian service from ModernGigabyte is another screening service.

    For any fraud screening/scrubbing system, additional monthly and transaction costs apply so a decision needs to be made whether or not the many internal safeguards that you can take as a business owner/manager are sufficient or whether a fraud screening system would be better.
    CDGcommerce.com - Trusted Merchant Account Solutions since 1998
    Many thousands of successful, growing businesses benefit from our expertise every day. You can, too!
    We help merchants to eliminate gateway costs, reduce & mitigate fraud and achieve streamlined PCI compliance.
    Learn more today at http://www.cdgcommerce.com - we look forward to helping your business grow!

  5. #5
    Join Date
    Mar 2003
    Posts
    2,677
    VanHost,

    Sure, but a quick clarification to those reading this, I am speaking about fraudguardian not fraudscreen. What's the difference? Fraud Guardian is currently only available to ModernBill users. Fraudscreen is a service through Authorize.net.

    Ok, here is what Fraud Guardian does:

    From the member interface, you enter in details of the order:

    IP
    Email Domain
    Billing Address/Country
    CC Bin

    The service then does a lookup that compares all of these variables and returns a hypothetical fraud score. The higher the score, the higher the risk. Keep in mind that nothing is exact and even a low score does not mean the transaction is not fraudulent.

    When it does return the score, it also details what comprised it. Things like IP address compared to location, whois check, CC Bin check and match to area and a few other things.

    I have found this service useful but do not think it should be the only method in fraud checks. In essence, it only simplifies part of the process. There are still manual checks we do beyond this to be sure the order is legit.

  6. #6
    Thanks for the info Matt. It might just be time to upgrad our version of ModernBill to the latest and greatest
    SuperWebHost.com, a Digitally Justified Company
    Celebrating our 9th year in Business

    Proudly Hosting with CANADIAN bandwidth
    Managed Hosting, Multi-Domain Hosting, Colocation, Merchant Accounts

  7. #7
    Join Date
    Jan 2001
    Location
    Vienna, Austria
    Posts
    2,531
    is this fraudguardian included in the monthly fee (leased) or is it $$ extra?

  8. #8
    Join Date
    Aug 2003
    Location
    Chesapeake, VA
    Posts
    3,381
    FraudGuardian is an extra cost. It is $5.95/month and then a tiered rate based upon the number of inquiries.
    CDGcommerce.com - Trusted Merchant Account Solutions since 1998
    Many thousands of successful, growing businesses benefit from our expertise every day. You can, too!
    We help merchants to eliminate gateway costs, reduce & mitigate fraud and achieve streamlined PCI compliance.
    Learn more today at http://www.cdgcommerce.com - we look forward to helping your business grow!

  9. #9
    Join Date
    Mar 2003
    Posts
    2,677
    It is extra, $5.95/month I believe. That gives you 100 checks per month. You can purchase additional checks as well.

    Vanhost, we are using the newest version and have not experienced any bugs (knock on wood). Technically I believe the module for fraudguardian is still in a "beta" stage but it works for us.

    My only request would be that the site for fraudguardian as well as the info contained within the MB forums and documents were more thorough. You have to search to get answers to any questions and the forum contains very little so far. Hopefully with time that will be addressed.

  10. #10
    Matt / CDG - Thanks for the info. Perhaps I will make testing out the new version of MB my weekend project

    Thanks a bunch.
    SuperWebHost.com, a Digitally Justified Company
    Celebrating our 9th year in Business

    Proudly Hosting with CANADIAN bandwidth
    Managed Hosting, Multi-Domain Hosting, Colocation, Merchant Accounts

  11. #11

    Great information

    Any more choices people are aware of?

  12. #12
    Join Date
    Mar 2003
    Posts
    2,677
    You may also look at MaxMind GeoIP Verification. It's a neat little program that returns a fraud rating based on IP, domain, country, etc. It is currently in beta and free. Here's their URL:

    http://www.maxmind.com/app/ccv2

  13. #13
    Join Date
    Jul 2002
    Posts
    287
    Matt, that sounds like a good resource, thanks.

    We are implementing a check where we debit the card two unspecified amounts ranging from $0.14 - $0.35 each. The customer is then to confirm the mounts in our system. If they don't confirm the amounts, they are not authorized to use that card to purchase with us, if they can confirm the numbers, they're free to spend.

    Though, for basic hosting, this may not be a very viable solution.

    Richard

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •