to add some more information. We do have a security gateway provider in place, but they don't have a fraud detection offering.
We are requiring CVV checks and doing AVS against the billing address. We also do flag all transactions initiated from foreign locations for approval since at this time we are a US based business.
Our biggest issue is our businesses desire to ship to alternate addresses from the main billing address and the fact that we are a big ticket business which apparently sees much higher fraud than small ticket venues.
The fraudsters are entering valid CVV and billing information and then shipping to a pickup location. Because of the nature of our business, we often have this behavior occur with valid transactions and the business is concerned about limiting shipping to addresses associated with the card and to our certified installer network only. Often individuals will ship the tires to their offices, non-certified installers, friends, children at college, etc.
We are looking for tools that assess the risk based on multiple datapoints like IP, cookie, remarketing, previous transactions, fraud history, darkweb data, etc.
------------------------------
Chad Taylor
TBC Corporation
Palm Beach Gardens FL
------------------------------
Original Message:
Sent: 08-20-2018 15:22
From: Gerald Heath
Subject: Online Fraud Detection
Fraud detection is a complex subject which often needs to be tailored to individual businesses. A lot of the payment providers allow you to create rules to catch potential fraud but in most cases you need to define what those rules are.
Things you can do to mitigate the risk of fraud:
- Store the X-forwarded-for header against the order (this contains a list of the IP Address(es) used to place the order). Use a geo-ip location service to then cross reference these with the shipping and billing address and flag orders where there are anomalies e.g. an ip address from Russia shipping to the Washington DC might be fine if you are the president, but probably not ok for most businesses ;-)
- Store the Geo-location of where the order was placed (if available). Again cross reference this with billing and shipping addresses and flag orders where there are anomalies
- For B2C implement strict Address Verification (AVS) checks for orders placed
- Review orders where the shipping address differs from the billing address
- Do not allow shipping to freight forwarder or PO Box addresses (or force the customer to include the final destination address)
- Consider implementing email verification (My email address was recently used to commit fraud for Buy Online Pickup In Store order with a well known retailer - they found out when I called their help center explaining that I did not place those orders. Turns out the fraudster had a credit card with my name on it)
- Look for suspicious order placement patterns e.g. if someone places 5 orders in a row for high value items in a very short space of time these orders should probably be reviewed.
- Set a limit on the order amount and dont allow users to circumvent by placing multiple orders using the same card etc
- Consider only allowing registered users to place these types of orders
I know that Cybersource has Decision Manager built in which allows you to define rules which put an order on hold pending a manual review.
Hope some of the above is helpful.
------------------------------
Gerald Heath
Executive Director,
Pipeline Pros
Original Message:
Sent: 08-20-2018 14:47
From: Chad Taylor
Subject: Online Fraud Detection
TBC has just introduced their first true e-commerce solution for buy online, ship direct to consumer. Until now everything has been B2B against customer accounts and buy online, complete order in the stores.
Because of this, we are facing online credit card fraud for this first time and I'm looking to lean on those who have been dealing with this for years on how they have tackled this huge issue.
What products is everyone using for online fraud detection, if any, and what other processes have been put in place to combat this growing trend?
------------------------------
Chad Taylor
TBC Corporation / Tire America
Palm Beach Gardens FL
------------------------------