The home improvement chain also said the malware responsible for the breach has been removed from all stores.
When a thief tries to make an online purchase with a stolen credit card, Verid’s anti-fraud system requires him to answer online or through a call center questions only the legitimate cardholder would know – like ‘Which of these cars did you once own?”
When a thief attempts to make an online purchase with a stolen credit card, Verid Inc.’s fraud-prevention system requires him to answer online or through a call center questions only the legitimate cardholder would know – like ‘Which of these cars did you once own?”
Verid is among a new breed of crime-fighting software companies whose products are designed to make it harder and more costly for criminals to use stolen identities and credit card accounts to make card-not-present purchases. Its Knowledge Based Authentication system pulls data from thousands of sources, including government records and databases of purchasing records.
When a transaction is suspected of fraud, such as because of a foreign-country ship-to address that doesn’t match the customer’s records, the Verid system will automatically query its library of data sources to produce a question that only the legitimate consumer would be likely to know, says Verid COO Chris Rickborn. If the system recouped information that the consumer once owned a 1988 Chevrolet Impala, for instance, it would produce a question asking the purchaser which of several cars – including the Chevy and other cars not in ownership records – he had once owned.
“It takes the system about five seconds to produce the questions and about 15-20 seconds for the purchaser to answer them,” Rickborn says.
The system is designed to produce the questions in pop-ups the purchaser sees during checkout. But the purchaser can opt after seeing the pop-up to click to speak with a call center rep, who would automatically receive a different question on her computer screen. The rep would then enter the purchaser’s answer to the question and wait for an identity confirmation or rejection.
To further guard against fraud, the system is designed so that the call center rep never sees the correct answers, Rickborn says.