There are a number of things that can be done to screen for fraud. Here are a few:
1) AVS - Address Verification Service. Verifies whether the specified street # and zip code match the one on record for the cardholder. Not available on foreign-issued cards.
2) CVV2 - Cardholder Verification Value. 3-digit on VISA/MC, 4-digit on AMEX code that is embossed on the card. The cardholder should be able to produce and have this number match. This is a useful security precaution but not 100% foolproof. (nothing is)
3) IP-Logging and Verification - long story short, if someone claims to be from Texas but their IP shows them being in Russia, then "Houston, we have a problem"
4) Negative Databases - these are databases that have lists of cardholders who abuse their card privileges and frequently charge back sales. Sales to these folks can be declined.
5) Geographic Limits - there are certain "hot spots" for credit card fraud and it is possible to setup your system to auto-reject orders from these regions and/or countries.
6) Momentum Tracking - to avoid fraudsters from going to a site and running through a hundred stolen cards just to test which ones are good or not, IP-based and time-based momentum tracking can be used to prevent this from happening.
7) Transaction floor & ceilings - it is possible to set a minimum or maximum transaction amount on the back-end of some gateways to prevent people from spoofing a higher value or lower value through your shopping cart or ordering system.
8) Limitation on credit returns - to protect against someone who tries to get into a merchant's vterminal and issue a credit return back to a stolen card for some huge amount, some gateways can limit credit returns to only be able to be applied to previous sales.
9) Phone Verifications on any large sales - if someone orders a big package or a big ticket item, it always pays to do a phone verification prior to releasing access. Some people do this for -every- sale but this is a decision individual to each merchant.
10) "Verified by VISA" and other new initiatives - these are designed to add another layer of verification and authentication on a given credit card transaction. Once they become more widely adopted, these initiatives will be useful tools.
11) Combined Multi-Factor Analysis - very much akin to a "spam filter", there are systems that attach points or weighted values to all of the above risk factors to reach a final risk factor figure and then the trans is accepted or rejected based upon that final "risk score."
So... in a nutshell, those are a few ways to conduct fraud screening. There are many "detail points" underneath each of them of course but the above is a good quick overview.
With respect to actually companies that "bundle in" all of the above - there are several. FraudScreen.net is probably one of the most popular and this one is offered through Authorize.Net.
In addition, there is a service offered by Qualsys through Verisign that provides a comparable fraud screening function.
Lastly, the FraudGuardian service from ModernGigabyte is another screening service.
For any fraud screening/scrubbing system, additional monthly and transaction costs apply so a decision needs to be made whether or not the many internal safeguards that you can take as a business owner/manager are sufficient or whether a fraud screening system would be better.
Linear Mode
