How many ways are there to fight online credit card fraud? About as many ways as there are scams.
How high is credit card fraud on the Internet? The card companies say one thing and the payments processors and merchants say another. But one thing both agree on: It urgently needs to be stopped.
Visa U.S.A. reports that overall fraud amounts to 8 cents per $100 in charge volume and that card-not-present fraud-so far, mostly catalog and mail-order sales which still outstrip Internet sales-is as high as 16 cents per $100 in sales. What’s the Internet rate? Could be as much as 24 cents per $100, Visa says.
Could be higher, say others. “It’s true that online fraud is greater than offline fraud,” says Jeff King, director of product management at payments processor CyberSource Corp. “The payment associations say online fraud is three or four times higher than offline fraud but our merchant customers say it’s more like 10 times higher.”
Whatever the rate, online merchants are acutely interested in the fraud rate because they bear the brunt of fraudulent transactions. In the offline world, the credit card companies and merchants have 50 years of dealing with fraudulent transactions and more than 15 years of electronic authorization and capture of transactions to help them keep the fraud artists in check. Banks and credit card companies have gotten sophisticated in protecting themselves from offline fraud and merchants have devised many methods for making sure that the card issuers don’t push the fraud chargebacks onto the merchants.
But it’s a different world online where many of the rules are still being written and procedures put in place, criminals are still devising new ways of ripping off merchandise and merchants are carrying almost all the liabilty. “It’s really a challenge to keep up with fraud online,” says Greg Keene, chief technology officer of Qsent Inc., a provider of databases to fight fraud. “Online fraud happens even faster than offline because crooks are more anonymous and they have access to more technology with the web as a platform.”
Easing the pain
But where there’s pain, there is relief. A number of payments processors, spotting the pain of retailers, have come up with solutions to fight online fraud. Some of them are extensions with a web-twist of what’s available in the real world and some of them wouldn’t exist without the web.
Among the innovations:
l Neural networks, well known in the offline world, have been adapted to the high-speed, super-velocity that the Internet makes possible for fraud,
l Online address and phone authentication services are now using information no more than 24 hours old,
l Identifying IP addresses tells merchants almost instantly where an online transaction is originating and compares that to shipping address or cardholder billing address as well as if a an order is coming from a high risk country,
l Cardholder authentication systems from the payment associations, their bank members and certified processors ask for passwords similar to what consumers are accustomed to doing at an ATM.
Experts say online fraud is not a whole lot different from offline fraud, but that technology has made it move faster. “Some of the new fraud is really the old fraud in a new way,” says Wesley Wilhelm, director of risk management and consulting for HNC Software Inc.
For instance, stolen numbers and counterfeit cards are now used both
offline and online and rings of international thieves are hitting web sites as well as stores. But fraudsters have an edge today because they can use web-based information technology-open to anyone with a browser and an Internet connection-to learn the legitimate addresses and phone numbers for stolen cards, Wilhelm notes. They need such data to complete online purchases.
Neural networks, long used in the offline world, are key to flagging such fraudulent transactions on the web. Neural networks identify patterns on credit cards transactions, customer histories and order histories, among other details. What makes web applications of neural networks different is that web products update information in real-time. Offline neural networks are bogged down by the typical 30- to 90-day delay in which the fraud is first noticed in the billing cycle and the time it takes the banks and merchants to investigate the transactions. Online neural networks are trained to flag transactions based on suspicious information provided during the checkout process, such as address, IP, names, locations as well as card numbers. Much of that information is not available at a store’s point of sale.
“We’re getting a broader and broader picture of the fraud data as well as non-fraud data so merchants can see the difference,” Wilhelm says. “We’ve got transactions from all segments of the ‘Net and today it’s a more realistic picture of what’s going on.”
HNC ‘s e-Falcon software is used by 1,500 merchants online, Wilhelm says. HNC has fraud models for computers, electronics, gift certificates and general merchandise and can develop segment-specific models for retailers customized to show fraud trends for whatever the retailer sells.
Understanding fraud patterns can help merchants with cost analysis by allowing them to ease up on business rules that may be keeping them from making sales. For example, a merchant who decides never to accept non-US transactions may be missing out on global sales. “It could be that only a small percentage of non-US transactions are fraud, which means maybe 90% of those transactions are good,” Wilhelm says. “When you can catch that small percentage of fraud, you’ve just increased your sales.”
Offline vs. online
Mountain View, Calif.-based CyberSource, a major processor of online transactions, this month will launch a neural network product called the Advanced Fraud Detection Service. The service will access Visa International’s Virtual Intelligent Risk Technology which will allow the processor to compare Visa’s offline and online transaction databases to determine fraud patterns. The CyberSource product is able to react in real time by connecting to the Visa VIRT system, instead of waiting the 30 to 90 days for a fraudulent transaction to appear on a cardholder’s account. “The reason it’s important to have online and offline data is because fraud trends change so quickly on the Internet,” King says. “Real-world buyer behavior is static and bad guys are very sophisticated. They adapt to stay ahead of the trends. Having offline data allows us to validate more transactions against the norm.”