Support

Transaction Security/Fraud

When you receive an order you will need to determine whether the transaction is fraudulent or not. The introduction of "SecureCard by Mastercard" and the "Visa Verified" authentication systems by Payment Service Providers (PSP) means that transactions that have been authorized by one of these schemes are more trust worthy than other transactions. However not all transactions are authorized using one of these systems. In this situation you will need to make your own assessment of the transaction and whether any additional security checks are required.

So what are the things to look for.

1. Many PSP now provide a security assessment on each transaction. This assessment will usually tell you if any of the following have been matched or failed.
   
   - Signature Strip Security Code
   - Matched postcode comparison
   - Address comparison
   - Card issue country/contact country comparison
   
2. In addition to this information PSP's will also store the card holders name and address which you can check against the order details. If these don't match then you need to be more careful about the transaction. Likewise if the delivery address is different to the billing address in your order then you should also take more care in checking the security of the order.
   
3. Another piece of useful information is the shoppers IP address. This is the numerical identity of the computer used to place the order. From this number you can carryout a “Whois”lookup to find out who owns the IP address. This is quite often the ISP that the customer is using so their address should be in the same country. If however the customer was in the UK but the IP address came back as being owned by a company in India then there is something not quite right.
   
   IP address are controlled by 4 different companies depending on where in the world the user is. To check an IP address please use one of the following links depending on where in the world the customer claims to be. On each of these websites you will find a Whois search function which you can enter the IP address in to and it will provide the details associated with that IP address. This will usually be the ISP the the person is using. This allows you to determine whether the order was placed in the shoppers country or from a different country.
   

Ultimately the decision on the validity of a transaction is yours. If you are concerned about a transaction then try and confirm the transaction with the client before supplying any goods or services. Fraudulent transactions do happen and often only come to light when a card holder reports the transaction to his bank. This can be weeks after the transaction was made. It is your responsibility as a retailer to be satisfied that a transaction is genuine before supplying any goods or services. Once a transaction is found to be fraudulent the banks will recover the funds from the retailer.

General Risks and Checks

Whilst all the anti-fraud measures are designed to identify and prevent fraud, you should not rely solely on one component when deciding whether or not to accept orders. For example, there may be specific characteristics of your business which can alert you to unusual buying activities not necessarily highlighted by WorldPay methods.

Characteristics of an order that may carry additional risk are as follows:

• Delivery address not the same as the billing address

• An export delivery address, particularly to certain countries

• Temporary address such as a hotel or boarding house

• Mobile phone as the contact number

• Fast delivery requested

• Top-of-the range item or multiples ordered

• A repeat order shortly after the first, which is in itself unusual.

Checks that you can make:

• Send an email to the email address supplied to confirm that it exists. If it "bounces", try to contact the shopper on the telephone number provided. If no contact can be made with the shopper via email and/or telephone (an online yellow pages directory search can tell you whether the number and shopper exists), then this could indicate a suspect order.

• Ring the phone number to confirm the order details and check that the number and shopper exist

• Check the IP address supplied on the order confirmation with Free IP Address Lookup at http://www.ip-to-location.com/free.asp and verify that the IP country matches the billing country

• Check that the area code of the phone number matches with the address by using one of the free web-based look-up programs such as http://www.brainstorm.co.uk/public/utils/std-search.html (UK)

• Check the shopper name with Directory Enquiries http://www.bt.com/directory-enquiries/dq_home.jsp (UK) and http://www.infobel.com (outside the UK) to verify the address and telephone number.

Additional, Manual Checks

Often, the most effective tool against transaction fraud is to manually review each transaction. The following list outlines a number of circumstances that may indicate a fraudulent transaction:

• A shopper whose name is not correctly formatted and/or shows nonsense details

• A shopper who provides an incomplete billing address

• A shopper who refuses to confirm their credit/debit card and billing address details to you

• A shopper ordering unusually large amounts of an item without any preference for the size, colour, make or model

• An existing shopper who suddenly orders an unusually large volume of goods

• Request for fast delivery

• Delivery cost no option

• Small order, big order

• A shopper whose billing country does not match the country in which the card was  issued. This particular result is shown on your email confirmation, and in the Customer Management System (CMS).

In addition, take care if a shopper purchases their goods/services from, or requests delivery to one of the following countries:

Since the process of reviewing each transaction manually is both time-consuming and expensive, we recommend that you create your own set of fraud prevention rules (based on the potentially suspicious circumstances outlined above) to flag suspect transactions for further research.