X
X
Back to the top

Blog

Blog

Blog

Velocity Checks: An Immediate Response to New Fraud Patterns

Velocity Checks: An Immediate Response to New Fraud Patterns

Over the past year, every successful attack turned into a chargeback costing merchants a fortune and leading to significant business losses. As eCommerce fraud evolves and becomes more sophisticated, the staggering amount of financial losses makes you understand how crucial it is to have an efficient security toolset in place to fight it. 

This is where velocity checks play a critical role in identifying risks and fighting nearly any type of systematic fraud. Monitoring the pace of buyers’ submissions and recurring patterns allow merchants to segment out suspicious transactions, identify cases in which a fraudster might be engaged in card testing or driving multiple transactions with a valid card. 

How does it work?

Fraudsters can purchase lost or stolen credentials and start testing them by submitting multiple orders to the same merchant. You do not want to be that merchant who ends up covering the losses as soon as cardholders discover the fraud and claim a dispute. 

Velocity checks were designed to scan the information submitted with each transaction and alert repeated submissions of the same information in a selected timeframe. Monitoring various types of transaction data, such as IP addresses, card numbers, device signatures, billing or shipping addresses, helps capture suspicious scenarios and prevent new fraud patterns. 

It is possible to track the number of transactions that have come from a single device in a certain timeframe or predict how many orders have been placed with a particular shipping address. Other attributes that are possible to track include email address, phone number, and credit card details. One attribute that matters would be an IP address since many legitimate users could be coming from the same IP. If you combine different attributes, that increases the chance to reduce the risks. It is crucial to monitor different measures of velocity scoring. 

FUGU strives to cover all possible threats and demonstrates great performance in velocity checks implementation when it comes to eCommerce post-payment security specifically. A great example from one of the biggest US-based retailers demonstrates it clearly: FUGU’s advanced security toolset detected repetitive payments from a certain district around Miami moving all payments to a pending phase. After deeper analysis, a breached credit card BIN was detected blocking 80% of the payments and validating the rest 20%. 

This example raises another important issue: 

Can it generate false positives and mark legitimate orders as a fraud? 

Exactly! What about “Kosher” transactions? What if merchants can lose legitimate customers due to overprotection? For example, if the above merchant decided to block all payments originated in Miami it would have resulted in a significant loss of valid business. The combination of FUGU velocity checks and our machine learning pattern detection algorithms allowed them to quickly find the root fraud origin and ensure minimal valid business decline.

So it is a complex fraud management strategy and you shouldn’t solely rely on it as a singular indicator. 

FUGUs response to a threat 

FUGU implements a 360° payment security approach and adds extra value to velocity checks by combining it with automatic post-payment KYC procedure, fully covering the merchant’s risks from possible threats leading to chargebacks. Instead of rejecting transactions, FUGU collects, evaluates, and uses the evidence required, completing the transaction in the most advanced way, helping hundreds of merchants worldwide. 

If you want to secure your payments, reduce risks, and increase conversions, 

GET IN TOUCH with our experts!

To download FUGU App please visit https://apps.shopify.com/fugu-sensing-post-payment-risk

Are chargebacks charges on the backs of online sellers?

Are chargebacks charges on the backs of online sellers?

When commerce first moved online it copied physical stores: a customer seeks a product, puts it in a cart and pays at the register. As in the physical world, the seller is presented with credit card details. Payment and the decision whether to accept it or not was and still is taken at the moment of purchase.

Online transactions are just like the ones in the physical world but lacking a direct ability to verify the cardholders’ identity, they are subject to the heavily regulated rules of the Card Not Present environment. What this means in practice is that cardholders/customers can deny practically any transaction for a variety of reasons, requiring little proof and carrying even less penalty in case of false claims. These operations are managed through the chargeback process, one of the weirdest and least fair creatures born of capitalism.

Be the origins of this system as they may, the resulting situation is patently absurd: Online sellers carry the risk for all players in ecommerce. In most jurisdictions a customer can browse the charges and deny a transaction four to six months after the charge occurred. As the credit card tells it, the cardholder, is safe online because all purchases are insured insofar that in case of fraud they will be reimbursed within two weeks, at the expense of the seller. There is no nice way of putting it: the entire system is rigged so that online sellers unwillingly provide de facto insurance for all transactions.

The chargeback process allows customers to dispute a charge and the sellers can reply with evidence that the transaction actually took place and was properly processed. All of these are murky terms, governed by rules imposed by the selfsame card companies. Someone adjudicates the case and the decisions by the card company are as final as can be. In case the seller wins the dispute they still have to pay the exorbitant fees for processing the chargeback. The entire system has a message for the sellers written on its gates: Yee who enter:  go away!

Take for example a simple case we met with one of our clients:

refund. A customer cancels the order and receives a refund, but the processing takes time and they do not see the refund in the bank or on the statement and they file a dispute. This in itself already costs the seller at least 25$. If the card company does not figure it out in time (they have tried to improve this aspect of the process), the seller still has to gather evidence, package it to fit the criteria and reply – an action that also carries a cost of at least 15$. Not only are the sellers liable for the payment, but through no fault of their own, sellers  also bear the systemic costs this process creates. Other cases that are not as clear as refund are just as costly and tend not to end well for the seller.  The system is so problematic we actually had to convince one client’s CTO that he will not end up paying both refund and chargeback.

Sadly there is no way to avoid that charges that derive from the action itself!

Even in cases where the bank decides to cancel the dispute after recognizing a related refund, the online merchant still carries the dispute charges. On a recent call we made with a mid-tier payment provider outsourced chargeback call center, we were advised to instruct our customer not to issue refunds in order to avoid the possibility of a double charge. Imagine, a payment provider advising a merchant not to issue refunds to customers when he decides not to ship the goods, because of industry inefficiencies. Not to mention it pumps chargeback payment provider revenue as they are paid per dispute opened and responded.

Another case we had encountered is that of unauthorized charge, the grayest of gray areas abused by cardholders. In many cases we have seen chargeback policies become part of emotional feuds. For example more than once couples who were together would by each other gifts. But relationships also turn sour and in this case the cardholder disputes the charges made during the relationship claiming it was unauthorized use. This is one of those cases were a seller seems not to be the one responsible. All available data would result in a legitimate transaction and a change of heart is a thing that can become a problem for a seller only through the twisted world of chargeback. Fortunately, with the data available through FUGU, our client was at able to recover the payment, though not the related cost of the chargeback itself.

Perhaps the most problematic aspect of the chargeback system regards real fraud, dealing with stolen credentials.

The transaction appears normal to the seller, the fraudster is equipped with all the right information, hell – it might be a family member for all the seller knows. Like all transaction this one is approved by the card company holding the most current information on stolen credentials. Maybe the cardholder has not noticed or didn’t know their card was stolen. Upon reviewing the statement maybe three months later they initiate a dispute reporting the card stolen. This is most unfair, the sellers have no way of knowing about the fraud and yet they alone!!! are liable, thereby providing the cardholders with insurance, courtesy of the card companies that force them to do so

In other cases we have seen family members that had bought goods for other family members also have a change of heart and try to dispute charges. FUGU the first service automatically logging all interactions post payment keeps an eye on what happens after the payment and we have been able to win ~60% of chargeback cases. In a majority of them we were able to prove that chargeback policies are being abused by cardholders initiating disputes for the wrong reasons: because they can, because they are angry with relatives, because the seller carries all the cost. In a system full of inefficiencies, all dependent on data withheld by the industry’s giants, everything is at the expense of the sellers. They hold all the data and they do not like to share, imposing unnecessary risk on online sellers. What is becoming clear to all parties is that this system is incredibly unfair to sellers, and the smaller they are the more they suffer. Gathering, storing and analyzing postpayment data, helps sellers bridge the data gap, giving them a fighting chance (~60%) in a system rigged against them.

FUGU and its innovative approach to postpayment is here to help.