Credit Card Fraud Detection – ezimerchant

FAQ applies to:

ezimerchant Professional version 4

Overview

Credit card fraud is a growing problem for online merchants. As the merchant, you are liable for fraudulent credit card transactions and possibly chargeback fees as well.

To help combat this, ezimerchant has teamed up with MaxMind to provide industry leading Credit Card Fraud Detection tools to automatically sift through your online orders and flag potentially fraudulent transactions.

Fraud Data Explained

ezimerchant Professional provides two levels of Fraud Check Data.

Basic Fraud Check Data

All registered users get access to the Basic Fraud Check Data at no additional cost. The Basic fraud check data can help you determine if your order is genuine or fraudulent in nature.

The following information is provided for each credit card order placed on your site...

Distance - Estimated distance from the IP address to Billing address in kilometers.

If a person claims to be in a certain location, but our service detects that their computer is located elsewhere, that's a potential risk. We match up the billing address of the card holder with their actual physical location, determined by examining their IP address. Our CCFD Service returns the approximate distance between their location and the credit card billing address, as well as country where they are present. Of course, the person could simply be travelling or using a business card issued to a company branch in a different city or even country, so we consider a country mismatch or a large distance to be a yellow flag.
Free Email Provider - Whether the email address of the purchaser is from a free email provider.

Many credit card fraudsters use a free e-mail provider such as hotmail.com to be anonymous. Of course many legitimate clients use free e-mail as well, so this is just another yellow flag. For business to business transactions, we recommend checking out the domain by typing http://www. and the domain name into your browser and looking to see if the website looks like a legitimate business. For consumer purchases, of course this doesn't apply.
Country Code of IP Address - Country code of the IP address.
IP Country Match - Whether the country of the IP address matches the billing address supplied by the customer.

Many international credit cards don't support address verification. Checking the Bank Identification Number (BIN) provides a way to see if the issuing bank for the credit card is in the same country as where the card holder is resident. Note that legitimate users sometimes do use a credit card from another country. We consider this to be a yellow flag.
BIN Country - Country code of the bank which issued the credit card based on BIN number.
Bin Match - Whether the country of the issuing bank based on BIN number matches the billing address country.
High Risk Country - Whether the IP address OR billing address country is considered a high risk country.
Anonymous Proxy - Whether the IP address is Anonymous Proxy. An anonymous proxy can be used by a fraudster to attempt to hide their true physical location. Anonymous proxy = VERY high risk.

One of the ways credit card fraudsters evade attempts to track them down is to use an Anonymous or Open Proxy. These proxies hide the true location of the client, like a ski mask would hide identity of a bank robber in the real world. We recommend treating Anonymous and Open Proxies as red flags. We have noticed a high number (perhaps 40%) of our fraudulent purchases come from Open Proxies, and it is known that organized credit card fraud rings use Open Proxies.

On the other hand, legitimate orders do come from Open Proxies - usually these are orders where the user's computer has been unknowingly infected by a virus that allows spammers and credit card hackers to hijack their computer. In our experience about 4% of legitimate purchases come from Open Proxies, due to the widespread propagation of computer viruses. Our suggestion is to contact the customer to obtain more information. You can refer them to openrbl.org if they would like verification that their IP address is listed on Open Proxy lists.

In addition to reporting Anonymous and Open Proxies, our CCFD Service returns whether the IP address belongs to a reported spam source. We have received a couple of fraudulent orders from IP Addresses labeled as spam sources, and we block these because it is likely that spammers participate in credit card fraud.
Proxy Score - Likelihood of IP Address being an Open Proxy.
Spam Score - Likelihood of IP Address being an Spam Source.
Fraud Score - Overall Fraud Risk Factor based on all available information.

Premium Fraud Check Data

In addition to the Basic Fraud Check Data provided above you can also receive the additional information below.

IP City - Estimated City of the IP address.
IP Latitude - Estimated Latitude of the IP address.
IP Longitude - Estimated Longitude of the IP address.
ISP of IP address - ISP of the IP address.
Organisation of IP address - Organization of the IP address.
Credit Card Issuing Bank - Name of the bank which issued the credit card based on BIN number. Note: Not all bank BIN numbers are known at this time. This field may not contain data for some orders.

Risk Factor Calculation

The Credit Card Fraud Detection service calculates a Risk Factor (Fraud Score) based on known risk factors and their likelihood to indicate possible fraud.

Risk	Check
Email Domain	Email specified as the transaction contact matches any of the free email services, such as Hotmail.
Geographic Source	Country of IP address associated with the transaction matches country specified in the billing address.
Anonymous Proxy	IP address associated with the transaction is Anonymous Proxy.
High Risk Country	IP address or billing address is in Belarus, Colombia, Egypt, Indonesia, Lebanon, Macedonia, Malaysia, Nigeria, Pakistan, Ukraine, or Yugoslavia.
Distance	Rounded distance estimate between the IP address location and billing location.
BIN Number Match	Country of issuing bank matches country of IP address based on BIN number.
Open Proxy	Likelihood of IP Address being an Open Proxy.
Spam	Likelihood of IP Address being an Spam Source.

The score calculated to estimate the riskiness of accepting a credit card ranges from 0 (low risk) to 10 (high risk) and is calculated as follows:

score = 2.5 * isFreeEmail +
           2.5 * countryDoesntMatch +
           5 * isAnonymousProxy +
           5 * highRiskCountry +
           10 * min(distance,5000) / maxEarthArc +
           2 * binDoesntMatch +
           2.5 * proxyScore +
           spamScore / 3

Note this formula is capped at 10. maxEarth is defined as 20037 kilometers.

Recommendations for reducing fraud

Manual Checks - Fax Authorization with Signature

This is an excellent way of verifying the card holder, the trade-off being that it makes the customer do more work. The customer fills out an authorization form you provide, and then faxes it back to you with a signature and copies of the front and back of the credit card. This is the best way to protect against "friendly" charge-backs, namely when the authorized card holder denies that they authorized the transaction.

A note about PayPal/PayMate

Many merchants who accept credit cards also accept PayPal or PayMate. In general we are as careful accepting PayPal/PayMate payments as we are with credit card payments. You can get chargebacks with PayPal/PayMate, and furthermore, many PayPal accounts have been hijacked, and MaxMind have seen at least one payment from a hijacked account reversed. Fortunately MaxMind had noticed that they used the same IP address as a fraudulent credit card purchase, so MaxMind contacted the PayPal account holder and notified that his account was hijacked. Generally PayPal accounts that have a hotmail or other free e-mail address are risky, since often people will use the same password for both their hotmail and PayPal accounts, so the hijacker will have access to both the PayPal account and their e-mail.

How much does it cost?

Premium Fraud Check Data in ezimerchant (released January 2010)

Premium Fraud Check Data costs $0.06 AUD inc GST per order.

Premium Fraud Check Data in ezimerchant Professional 4

Premium Fraud Check Data costs $5.50 AUD inc GST per month on top of the standard monthly GTS fee. This will be charged to your credit card at the same time as your GTS fee if you enable the service from within ezimerchant Professional.

Credit Card Fraud Detection Service Terms of Use

This Terms of Use Policy is applicable to all users of On Technology Australia's Credit Card Fraud Detection Service ("CCFD Service") and supplements the On Technology Australia End User License Agreement and General Terms of Use agreement.

APPROPRIATE USES OF CCFD SERVICE

The CCFD Service uses data from the GeoIP Databases combined with recognized fraud risks to help merchants identify potentially fraudulent credit card transactions. Using the CCFD Service constitutes an agreement to restrict your use to appropriate uses of the service as outlined in this section.

(a) You may not use the CCFD Service in any way that violates federal, state, local, international law or the rights of others.

(b) You may submit data to the CCFD Service only to validate credit card transactions or to test the service.

(c) Unacceptable uses of the CCFD Service include, but are not limited to, the following:

(i) submitting queries designed to extract information from the GeoIP Databases if such information is not specifically to be used for the validation of a credit card transaction.

(ii) submitting false or fictitious credit card information (except for the limited purpose of testing the CCFD Service).

(iii) using a robot, spider, other automatic device, or manual process to monitor or copy the GeoIP Databases or the GeoIP Data.

(d) If On Technology Australia, in its sole discretion, finds or suspects that you are using the CCFD Service in an unacceptable manner, On Technology Australia may immediately restrict, suspend or terminate your use of the CCFD Service. Activities that may trigger such a response by On Technology Australia include, but are not limited to, consistent discrepancies between credit card data (e.g., billing address, bank identification numbers (bin), names or phone numbers) entered by you and the applicable information of record for the associated cardholders.

AVAILABILITY OF CCFD SERVICE

On Technology Australia provides the CCFD Service on an "as is", "as available" basis and does not warrant the CCFD Service to be error free. Furthermore, since availability of the CCFD Service is dependant upon many factors beyond On Technology Australia's control, On Technology Australia does not guarantee the uninterrupted availability of the CCFD Service. The CCFD Service may be inoperative and/or unavailable due to technical difficulties or for maintenance purposes, at any time and without notice.