Home » Archive » Currently Reading:

STOP THIEF!

December 5, 2009 Archive

Ori Eisen suggests ten ways to enhance your anti Fraud tactics…

As fraudsters continually educate themselves to circumvent many traditional anti fraud systems there are still possible lines of action that companies can take to detect more fraudulent transactions. Using a combination of tactics is the most effective because it creates a complex net that fraudsters would have to negotiate. Here are ten key approaches to fighting fraud through your organisation:

 

1. Check for billing and shipping address

Check if the billing and shipping addresses are different. In many cases the crook will send the goods to another address than the billing address. Additionally, if a crook uses a ‘drop shipment’ address, you can spot that many orders are diverted to this address and place it on a negative list.

2. Increase device ID data

Instead of focusing on single data elements, such as the IP address, it is essential to construct a more comprehensive profile to establish the true identity of the device being used to complete a transaction. Visibility of the time that a transaction is made, compared to the time zone and the language settings of the device itself, can highlight inconsistencies. For example, if a device is supposed to be in France, but has Russian language settings and runs a transaction in the Pacific Time Zone, there is cause to investigate that case further.

3. Maintain standard checking systems

Address Verification Systems (AVS), Card Verification Values (CVV2) and Verify are all important security mechanisms. They cut out a lot of low level fraud, especially from one off or unprepared fraudsters. These systems put up an important barrier that legitimate consumers do not find difficult to overcome.

4. Know that IPs can be spoofed

Monitoring IP addresses is not an entirely fraud proof approach. More sophisticated fraudsters are able to appear from anywhere in the world by spoofing the IP address of another computer. Where the IP address of the genuine card holder is available, they are able to make a transaction appear entirely legitimate if the IP address is a key parameter of assessing cases.

5. Check for lazy keystrokes

Flags for suspicious activity should be raised if there are instances where names, email addresses, passwords etc. are entered using keys grouped together on the keyboard. For example, if someone uses combinations of the letters ‘asdf’, it may be because they are saving time to rush through vast amounts of data entry. These small give aways can be another tell tale sign of a suspicious customer profile.

6. Be wary of anonymous email addresses

While many legitimate customers will use popular email clients such as Hotmail, Yahoo and Gmail, these are also an easy way for fraudsters to set up many new addresses. As email platforms, they are open to anyone, which means that you cannot trust a transaction simply because it has an easily created email address that matches the card holder’s name.

7. Check for ‘email tumbling’

A quick and easy way to pick out organised fraud is to spot sequential email addresses – signs of ‘email tumbling’. If you have transactions from joebloggs001@, joebloggs002@, joebloggs003@ etc, then these are signs that a fraudster is automatically generating email addresses.

8. Continue to conduct manual investigations

While automatic analysis tools will pick out links between some transactions based on data that may not be obvious to a fraud investigator, there is an important place for human reviews. While it should not constitute more than around five per cent of all fraud analysis, it is important to establish themes that a computer would not be aware of. For example, would a computer pick out the names David Beckham, Wayne Rooney and Steven Gerrard as all being linked if they were disparate in almost every other way? This is where a human eye can pick out cases that require further investigation.

9. Capitalise on discovering bad transactions

If you uncover a fraudulent transaction, it can be the key to discovering a raft of similar cases. Use every parameter of information relating to the original case that you can find, and search for any others that share the same details – even if that is only in one parameter. The similarity may be small – it could be the email, postal address, phone number, or the time zone – but as these correlations build, you will be able to pinpoint more cases that could be bad.

10. Use free mapping tools

Free to use mapping services, such as Google Maps, can be used to add more weight to an investigation. If someone has given a ‘residential’ address, then you can check that it is residential and not commercial. If someone has different shipping and billing addresses, you can ascertain whether the addresses are close together. If they are miles apart, there is reason to be suspicious.

Many of these approaches will raise red flags on suspicious cases. However, focusing in on only one or two will mean that there are still many transactions that can slip through the net. The parameters that you choose to set as a business will depend on a wide range of factors – from the characteristics of your customer base to the capability of your fraud team – but within these ten steps are approaches that will cut some fraud from your business.

Subscribe to the newsletter:

Email Newsletter icon, E-mail Newsletter icon, Email List icon, E-mail List icon Sign up for our Email Newsletter

Our Sponsors

Downloads:

Forrester study shows 108% ROI
In 9 months for Cherwell Service Management

Green IT


Protecting Sensitive
Data, Top 10 Guide

ITIL White
Paper

Stay Connected

RSS RSS

Bookmark and Share

Video

Features:

Rediscovering the value of IT

August 25, 2010

Rediscovering the value of IT

IT must become more than a cost centre in the eyes of the greater organisation, and it can only do this by raising the stakes and adding a new level of value to its clients. Dave Ramsden, chief intelligence officer at Atrion Networking Corporation, says it’s time to rediscover the value of IT.   Traditionally, [...]

Doing more with less

August 16, 2010

Doing more with less

As the public sector cuts start to bite across the board, VitAL Magazine editor Matt Bailey speaks to West Lancashire Borough Council chief executive Bill Taylor MBE and finds out what one council in North West England can do with its IT in order to meet the challenge. It is certainly a time of upheaval, [...]

Greening the enterprise

August 16, 2010

Greening the enterprise

Kevin T McDonald, Washington USA-based senior information technology analyst and cloud strategist for ICF International Inc offers his perspective and strategies for greening your business. The planet has entered a new era where everything is on-demand. The public and private sectors are all in, with YouTube videos explaining everything, from how to play jacks to [...]

Entering the cloud

August 16, 2010

Entering the cloud

A timely and detailed guide as to how to embark on a cloud project, what to consider and how far to commit. John Rollason of NetApp heads into the cloud. Cloud computing is a reality, and it’s a force that I believe IT professionals need to come to terms with quickly. The economic motivation for [...]