Online movie rental site iReel.com blocked hundreds of fraudulent transactions per day after implementing a fraud-detection system that screens transactions using a variety of device and transaction-related data, says chief operating officer Adam Altman.
IReel.com had an ongoing problem with first-time customers who would go online and order a movie for instant viewing using a credit card, Altman says. Many of the cards later proved to be invalid.
“The scale of the problem was extraordinary,” Altman says. “We were being hit by hundreds of false credit card transactions on a daily basis. We also had a specific instance of an affiliate who referred new customers using stolen credit card data. The affiliate was based in Serbia, while the credit card charges were in the U.S.”
The problem was so severe that it jeopardized not only the retailer’s profitability but its good standing with its card processor, he says.
To address the growing problem, iReel.com in December implemented a fraud-detection system from ThreatMetrix, Altman says. The ThreatMetrix Fraud Network, delivered as an Internet-based software service, verifies customers, authorizes transactions and authenticates users without customers providing personally identifiable information. The web-based system uses a wide variety of device and transaction-related data to build a score, which the retailer uses to accept or reject a transaction.
“Since ThreatMetrix is a rules-based system, I can assign various scores or create my own rules to determine whether we should accept or reject a personal transaction,” Altman says.
iReel uses ThreatMetrix as part of its automated order process when new customers sign up. “It scores people on how likely they are to be fraudulent,” he says. “I don’t really need to do a lot other than view reports during the week to see how many orders were rejected or flagged.”
ThreatMetrix enables retailers to select from hundreds of options for setting up rules, Altman says, adding that iReel uses between 50 and 100 rules for generating a score. For example, iReel flags transactions in the following situations: when a customer is surfing the web through a proxy computer, when multiple e-mail addresses are used on a single web-acccess device, or when a single credit card number is used on multiple web-access devices.
If a criminal based overseas attempts to disguise his identity by working through a captive proxy computer in the U.S., for example, the ThreatMetrix system is designed to identify enough of the criminal’s source computer and IP address to ascertain its geographic location, ThreatMetrix says. A proxy computer is one that a criminal can control and uses to conduct the final leg of a transaction before it hits a targeted web site, in an effort to mask the original computer a criminal is using to conduct fraud.
Alman adds that ThreatMetrix offers an interface designed for simple operation. “For someone who’s somewhat familiar with payment processing and fraud, it shouldn’t take more than a day to a week of learning the terms and messing around with the system and understanding the rules and changing them,” he says.