Individuals or groups of persons who make purchases over the internet or at store with the intent of cheating the Merchant are guilty of Fraud. Several factors such as faster purchases (sometimes over multiple locations in rapid succession), no paper trail, no visible contact and little risk of being caught (or successfully prosecuted) leave the merchant more vulnerable to fraudsters. According to Visa USA, fraud in traditional channels averages $.07 on every $100 in card transactions. Comparatively, card fraud through online channels is estimated to be between four to ten times higher. Fraud personas can fall into one of four types:
Friendly Fraudsters: Legitimate cardholder’s friend or relative placing orders that has been stolen or borrowed for illicit purposes
Opportunistic Fraudsters: Stumble upon valid payment info and commit fraud
Organized Fraud Rings: Large, highly sophisticated groups often operating outside the US. Characteristic of changing methods and locations to thwart the latest fraud prevention methods.
119
Internal Fraudsters: Employees of companies with secure cardholder data. They may be
involved by giving external fraudsters access to valid payment data as well as the latest methods of foiling prevention techniques.
The inherent risk of fraud is a concern as InComm’s electronic channels represent a significant growth and profit opportunity. A successful fraudulent attempt causes InComm to lose more than just the value of the stolen card. Cost incurred from online fraud place InComm (or its merchants) with the added liability of the transaction costs and charge backs. Excessive charge backs could result in further action being taken by the card associations such as being charged with higher transaction fees, having funds held in reserve, or even facing termination of service. The three prominent methods used to commit fraud against internet merchants are:
Stolen Cards: Stolen and used before owner detection.
Identity Fraud: Fraudsters assume the identity of the card holder.
Card Generators: Fraudulent card numbers generated using software programs.
Being able to recognize high-risk transactions is crucial to identifying internet fraud. Some of the most common characteristics of fraudulent transactions include the following:
Multiple purchases from same IP address on the same day.
Orders from those using free email services, such as hotmail.com or juno.com.
International orders, especially those that originate from high-fraud regions of the world. Currently, Nigeria, Indonesia, and Eastern Europe are producing a disproportional amount of online fraud in the US.
Orders from first time buyers.
120 Larger than normal orders.
While acting as an insurance against catastrophic fraud outbreaks, effective fraud prevention lowers the true cost of sales. Most of the fraud cases at InComm had a transactional footprint s which means the fraudulent transactions would show at InComm logging tables. Going throw several cases of fraud, InComm requested its IT department come up with fraud detection application. Transaction monitoring System (TMS) which went into production end of 2011 was officially InComm fraud detection application. TMS monitors sales activities for all retail locations for which the system is configured. The system monitors both sales volume (dollar amount of transactions) and transaction volume (number of transactions) for a merchant location in real time, as well as a daily sales transaction average.
The Fraud team sets up fraud monitoring rules in TMS that trigger alert notifications when configured thresholds, or trigger points, of sales or transaction volume, or a configured percentage of the daily sales average, for a product are reached for a location. The team has the ability to apply a rule to all stores for a merchant, or the team can choose specific stores to include and others to exclude from the rule. The team also chooses the products or product categories, or both, to which a rule applies. Rules can be modified or deleted, as required. The fraud team also has the ability to turn off, or disable, a fraud monitoring rule for a merchant. A rule can be configured to trigger a warning that alerts the Fraud team to a possible fraudulent situation at a merchant location. The team then can investigate and resolve the issue. A rule also can be configured to trigger a shutdown of transactions for a product or product category at a location. The fraud rules can be set up almost for every InComm product mention in section 3.7.1. All required information for TMS to trigger a rule coming from a table very similar in
121
fields to APS ActivityLog mentioned previously. The table called tms_transaction_log which I talk about that more in next section.
Due to several cases of fraud and business need the Fraud Monitoring rules are as follow:
Sales Volume Monitoring: A sales volume monitoring rule monitors the dollar amount
of transactions for a product or product category and triggers alerts when a configured threshold is reached within a 24-hour period. Sales volume is calculated using the dollar (or other currency) amount of a location's transactions for a product or product category within a specified time period.
Transaction Volume Monitoring: A transaction volume monitoring rule monitors the number of transactions for a product or product category and triggers alerts when a configured threshold is reached within a 24-hour period. Transaction volume is calculated using the transaction count of a location's transactions for a product or product category within a specified time period.
Daily Prepaid Transaction Sales Average Monitoring: In TMS, a Daily Sales Average
Rule is configured to trigger a warning alert when a location meets or exceeds 150% of its historical daily prepaid transaction sales average, which includes the combined sales of all products, within a 24-hour period. This percentage can be configured differently by merchant. Also, alerts can be configured for multiple percentages such as 175% and 200%.
For new locations, which do not have a historical daily sales average, the default amount trigger is $500. This amount can be configured differently by merchant. The fraud rules can be set up almost for every InComm product mention in section 3.7.1. All required information for
122
TMS to trigger a rule coming from a table very similar in fields to APS ActivityLog mentioned previously. The table called tms_transaction_log which I talk about that more in next section.