Home » Archive » Currently Reading:

STOP THIEF!

December 5, 2009 Archive

Ori Eisen suggests ten ways to enhance your anti Fraud tactics…

As fraudsters continually educate themselves to circumvent many traditional anti fraud systems there are still possible lines of action that companies can take to detect more fraudulent transactions. Using a combination of tactics is the most effective because it creates a complex net that fraudsters would have to negotiate. Here are ten key approaches to fighting fraud through your organisation:

 

1. Check for billing and shipping address

Check if the billing and shipping addresses are different. In many cases the crook will send the goods to another address than the billing address. Additionally, if a crook uses a ‘drop shipment’ address, you can spot that many orders are diverted to this address and place it on a negative list.

2. Increase device ID data

Instead of focusing on single data elements, such as the IP address, it is essential to construct a more comprehensive profile to establish the true identity of the device being used to complete a transaction. Visibility of the time that a transaction is made, compared to the time zone and the language settings of the device itself, can highlight inconsistencies. For example, if a device is supposed to be in France, but has Russian language settings and runs a transaction in the Pacific Time Zone, there is cause to investigate that case further.

3. Maintain standard checking systems

Address Verification Systems (AVS), Card Verification Values (CVV2) and Verify are all important security mechanisms. They cut out a lot of low level fraud, especially from one off or unprepared fraudsters. These systems put up an important barrier that legitimate consumers do not find difficult to overcome.

4. Know that IPs can be spoofed

Monitoring IP addresses is not an entirely fraud proof approach. More sophisticated fraudsters are able to appear from anywhere in the world by spoofing the IP address of another computer. Where the IP address of the genuine card holder is available, they are able to make a transaction appear entirely legitimate if the IP address is a key parameter of assessing cases.

5. Check for lazy keystrokes

Flags for suspicious activity should be raised if there are instances where names, email addresses, passwords etc. are entered using keys grouped together on the keyboard. For example, if someone uses combinations of the letters ‘asdf’, it may be because they are saving time to rush through vast amounts of data entry. These small give aways can be another tell tale sign of a suspicious customer profile.

6. Be wary of anonymous email addresses

While many legitimate customers will use popular email clients such as Hotmail, Yahoo and Gmail, these are also an easy way for fraudsters to set up many new addresses. As email platforms, they are open to anyone, which means that you cannot trust a transaction simply because it has an easily created email address that matches the card holder’s name.

7. Check for ‘email tumbling’

A quick and easy way to pick out organised fraud is to spot sequential email addresses – signs of ‘email tumbling’. If you have transactions from joebloggs001@, joebloggs002@, joebloggs003@ etc, then these are signs that a fraudster is automatically generating email addresses.

8. Continue to conduct manual investigations

While automatic analysis tools will pick out links between some transactions based on data that may not be obvious to a fraud investigator, there is an important place for human reviews. While it should not constitute more than around five per cent of all fraud analysis, it is important to establish themes that a computer would not be aware of. For example, would a computer pick out the names David Beckham, Wayne Rooney and Steven Gerrard as all being linked if they were disparate in almost every other way? This is where a human eye can pick out cases that require further investigation.

9. Capitalise on discovering bad transactions

If you uncover a fraudulent transaction, it can be the key to discovering a raft of similar cases. Use every parameter of information relating to the original case that you can find, and search for any others that share the same details – even if that is only in one parameter. The similarity may be small – it could be the email, postal address, phone number, or the time zone – but as these correlations build, you will be able to pinpoint more cases that could be bad.

10. Use free mapping tools

Free to use mapping services, such as Google Maps, can be used to add more weight to an investigation. If someone has given a ‘residential’ address, then you can check that it is residential and not commercial. If someone has different shipping and billing addresses, you can ascertain whether the addresses are close together. If they are miles apart, there is reason to be suspicious.

Many of these approaches will raise red flags on suspicious cases. However, focusing in on only one or two will mean that there are still many transactions that can slip through the net. The parameters that you choose to set as a business will depend on a wide range of factors – from the characteristics of your customer base to the capability of your fraud team – but within these ten steps are approaches that will cut some fraud from your business.

Subscribe to the newsletter:

Email Newsletter icon, E-mail Newsletter icon, Email List icon, E-mail List icon Sign up for our Email Newsletter

Our Sponsors

<

Stay Connected

Follow VitALMagazine on Twitter RSS

Features:

Shifting up a gear

November 16, 2011

Shifting up a gear

Over the last three years outsource Service Management supplier The Internet Group has been scaling up its services to add the mid-market to its existing portfolio of SME clients. In the process it has had to tackle SDI and ITIL and fundamentally shift up a gear in the way it does business. Matt Bailey spoke [...]

Translating knowledge into results

November 16, 2011

Translating knowledge into results

A familiar name in the world of ITIL, Pink Elephant has been at the forefront of IT management best practise for over 30 years. Caroline Wyatt, Head of Corporate Development explains the company’s approach and offers an example of how its ‘classroom in the cloud’ approach to training is helping one of its clients. Pink [...]

Service Catalogues – Changing the face of IT

November 16, 2011

Service Catalogues – Changing the face of IT

At a recent seminar, the delegates chose the Service Catalogue as their focus. With this in mind, Cherwell Software’s Tony Probert, sets out to explore the business benefits for an organisation of developing and implementing a Service Catalogue. Having attended a recent seminar hosted by the Service Desk Institute (SDI), it reminded me that people [...]

Evolution of theory

November 16, 2011

Evolution of theory

Christine Headford, product director at RMS Services explains why continual service improvement (CSI) must evolve to include business intelligence (BI) and how HEROes – highly empowered and resourceful operatives can help. ITIL has been around a long time; it is 20 years since the first ITIL manuals started appearing on desks and IT professionals started [...]