Credit card fraud is a wide-ranging term for theft and fraud committed using or involving a payment card, such as a credit card or debit card, as a fraudulent source of funds in a transaction. Credit card fraud is also an adjunct to identity theft.
Card fraud begins either with the theft of the physical card or with the compromise of data associated with the account, including the card account number or other information that would routinely and necessarily be available to a merchant during a legitimate transaction. The compromise can occur by many common routes and can usually be conducted without tipping off the cardholder, the merchant, or the issuer at least until the account is ultimately used for fraud.
When a credit card is lost or stolen, it may be used for illegal purchases until the holder notifies the issuing bank and the bank puts a block on the account. Most banks have free 24-hour telephone numbers to encourage prompt reporting. Still, it is possible for a thief to make unauthorized purchases on a card before the card is canceled. Without other security measures, a thief could potentially purchase thousands of dollars in merchandise or services before the cardholder or the card issuer realizes that the card has been compromised.
As part of your financial obligations to the card networks, you must ensure that disputes (also called chargebacks) and fraud are kept to acceptable levels. If these exceed the thresholds dictated by each network (e.g., Visa or Mastercard), you are placed into one of their monitoring programs. As part of a program, you can be subject to monthly fines and additional fees until your dispute or fraud levels have been reduced.
In this article we will focus on 3 ways to detect possible fraud :
- Compare billing address with visitor location
- Detect Tor, VPN or anonymous proxy usage
- Check for known cyberattack vectors
Compare billing address with visitor location
The billing address is verified by card networks so perpetrators tend to fill in the real cardholder address when making fraudulent orders online. A visitor that is located in a country different from their billing address could be suspected of using a stolen card.
Risk scoring tools are based on statistical models designed to recognize fraudulent transactions based on a number of rules. When a payment is done on your website, the tools will indicate the probability of the transaction being fraudulent. A higher probability of a transaction being fraudulent indicates that you should verify the order.
Risk scoring tools provide a case by case evaluation and will flag transactions based on the rules you choose such as AVS failure test, IP range, use of anonymous emails, billing address and others.