Topic: FRAUD DETECTION FOR ONLINE MERCHANTS - TWO METHODS
Reasons for this subject:
- Explanation of the two major types of fraud detection that online merchants use
- Pros and cons for each method
Fraud Detection for Online Merchants -- Two Methods
When processing credit card payments in real-time, online merchants typically choose between one of two types of fraud detection: scoring methods and rules-based methods.
Scoring methods typically use neural network technology to compute a score for the credit card transaction. Neural networks are “learning” systems -- when set up correctly, they “get smarter” over time about what is and is not a fraudulent credit card transaction.
The process works like this: an online merchant passes the invoice and credit card information to the scoring system. The scoring system compares that transaction to a database of millions of credit card transactions and what it “knows” to be signs of fraud. A score is returned, usually between 0 and 1000, with 0 meaning no chance of fraud (a “perfect” credit card payment), and 1000 meaning a perfectly fraudulent transaction.
The merchant then decides what the threshold score should be for acceptance. For example, Merchant A may decide that a score of 400 is the limit for acceptance. This means that any transaction with a score below 400 is approved and above 400 is declined. Merchant B may decide to set their threshold score to 350.
Although very good at detecting certain types of credit card fraud, merchants must be aware of the drawbacks. Scoring systems are very difficult to configure because they run the transaction through hundreds of fraud screens. Many of these screens may not be applicable to the merchant. Knowing which screens to leave on and which to turn off requires the merchant to understand, in some detail, how the scoring system works.
Merchants are also required to determine their threshold for acceptance. This can be difficult because each merchant experiences different types of fraud. A score of 400 for one merchant may not be the same as a score of 400 for another merchant. Determining the threshold limit is time consuming and confusing.
Finally, scoring systems frequently produce false-positive readings, which means they decline credit card payments that should have been approved. This can severely dampen a merchant’s reputation and tarnish its customer service.
Rules-based systems, on the other hand, use a series of “if-then” rules to screen for credit card fraud. The merchant passes the invoice information and credit card data through a series of “fraud screens”. If one of the screens trips, the transaction is flagged as possibly fraudulent. Because fraud screens have only two values, pass or fail, it’s relatively easy for the merchant to manage the rules-based system.
For example, industry experience shows that fraudulent transactions occur much more frequently when the buyer uses a free email account. A rules-based system can flag all credit card orders that list a free email account.
Again, various merchants experience fraud differently and it’s important that they be able to configure a rules-based system to block the type of fraud that they experience.
Rules-based systems, although easier to manage, are typically not as predictive as scoring systems that use neural networks. Neural networks are better at detecting “odd” transactions that rules-based systems might overlook. For example, if a credit card was used to purchase a $1000 stereo system, and that credit card was never used for a transaction of more than $50 in the past, a neural network might very well flag the stereo transaction as suspected fraud because the transaction doesn’t match past purchase behavior. A rules-based system probably wouldn’t see that type of fraud and would approve the transaction. But note: it might be that the owner of the card is legitimately buying the stereo as a gift; the neural network might be generating a false-positive reading.
Online merchants should also be aware of other fraud deterrent tools, including:
- Negative files -- a file of customers or credit card numbers that the merchant has decided NOT to accept (a “black list”).
- Automated real-time call back -- the technology now exists to place an automated call to the buyer, while they’re still on the web site, to confirm the order. The merchant can even capture a confirmation code via the telephone keypad or ask for a voice recording. This is an especially useful fraud deterrent for business-to-business orders done over the web.
- Customer service follow-up (placing the transaction “on hold”) -- using the right payment processing system, a merchant can place a suspect transaction “on hold”, rather than simply declining the order. This allows a customer service representative to review the order, call the customer, etc., before approving the order. This process allows the merchant to complete a higher percentage of orders.