Risk & Scrubbing
The Internet is not a risk free place. Nowhere is that more so than when money changes hands. Most people are consuming on the web and are rightly concerned about fraud and loss of personal information. However, the other side of the transaction is often even more risky and the real danger is that these risks are considerably more transparent than the consumer's risk.
In almost all of the markets we serve, when a payment is completed online the customer isn't physically present as is unable to give a signature for the sale that's going to stand up to much scrutiny. Therefore merchants must take proactive steps to identify high risk customers at the other end of the transaction that are either downright fraudulent, or otherwise not profitable.
There are several approaches to reducing consumer transaction risks. From a purely technical perspective we were right there on the front lines in the 1990s when online payments first surfaced, and along with them the first fraudsters. We have unsurpassed experience identifying, tracking and blocking transactions that are going to cost you more to accept than to decline. Years ago this meant stopping the fraud, more modern approaches dictated by card associations now makes this an exercise in risk assessment.
If you accept traffic from affiliate sources and need risk management and consulting, please contact us. Because of our expertise in managing Internet Payment Service Providers (IPSPs), we've processed and managed the risk on millions of affiliate sourced transactions. This is a scrubbing niche all to itself.
Credit card acceptance on the web is fraught with danger from both consumers and the card associations. There are many tools to identify and block the consumer fraud, and we provide and maintain a comprehensive list. You also need compliant software that is capable of alerting you to card association limits and violations which can be many times more expensive than the consumer fraud itself.
Online Checks (ACH, etc.)
Online Checks, although less prevalent than credit cards serve an important function for many businesses. Along with our proprietary heuristics and solid knowledge of the check processing flow, there are several good databases available for matching good and bad accounts.
Other Payment Types
Standard included technologies include a rule-set filter which looks at all parts of the transaction before and after authorization. We dig into transaction velocity, geo-location, and issuer returned data. We can quickly port-scan a customer's machine to detect proxies and other compromises. We examine and balance almost every piece of information a customer exposes when they purchase. For customers who need a little extra, we offer a more complex neural (learning) filter that works better on high throughput clients and is highly adaptive.
The Scrubbing Process
All transactions may pass through several configured layers of scrubbing filters, as prescribed by administrators or by merchants themselves. All transactions are examined as soon as they are received, before they go for payment authorization, for indicators they are high risk. Once the transaction has been authorized we take any additional information from the process, such as AVS or CVV responses and blend them into the decision. At the end of day batch settlement process, all transactions are reviewed in the context of their peers once again, and any transactions that fail are flagged and dropped from batches.
Our three stage risk management engine is capable of catching fraud that escape many other filters, and provides feedback to customers and merchants that makes sense, without divulging methods to circumvent the process. In general the harder attackers try, the easier they are to spot. The following main scrubbing methods are all combined to make evasion very difficult:
- Data Alignment
- If the phone number given is a land-line in Texas, and the address is in Alaska, you may have a problem. If the billing address is in France and the credit card was issued in China, you may also have a problem. Low risk orders generally make sense and their data points mostly tie together.
- Language Analysis
- Mr. Jones is preferable to Mr. bgkdfhgkjdfh. When people commit fraud, they get lazy and think we don't look at fields like their name.
- Physical Reality
- If the customer manages to fill out the payment page in less than a second, they're probably not human. If you're using our checkout pages for very high risk merchants, we pay attention to how you fill out the form also, including your typos.
- Velocity Management
- People who commit fraud often, like to do so quickly and often. If we see more orders than usual from a given email, card number, IP address, even city, state, zip or country, the alarms start going off.
- Cross Referencing/History
- If you have a customer who charged back with friendly fraud who tries to buy again, they are blocked. If that customer's email is tied to a credit card, which is tied to a phone number, which is tied to another email, which also has a friendly fraud chargeback, we know about it real-time. As soon as we detect fraud, all your data points can and most certainly will be used against you.
- IP Trickery
- You can tell a lot about a customer from their IP address (their unique Internet address). You can tell even more if you detect an open proxy there, or malware, or other malicious software running on computers related.
This is the technology we can discuss in public. Imagine what else we've come up with in the last decade.