Fraud scrubbing is incomplete
Article by: Alisdair Faulkner, VP ProductsDate: 29 May 2008
Last Update: 30th April 2008
Fraud scrubbing is an expression used to describe various techniques and systems deployed by on-line merchants and e-commerce credit card transaction service companies to attempt to mitigate transaction fraud risk. Typical fraud scrubbing methods involve the checking of multiple parameters relating to the transaction, both technical and financial, and attempting to predict the probability that the transaction is fraudulent.
Financial parameters used in fraud scrubbing include:
- Real-time authorization from the credit provider;
- The credit card Address Verification System (AVS);
- Card verification codes (CVV2, CVC2, CID etc.);
- The scrutinizing of orders of unusual size; and
- The use of in-house evidence of previous fraud (negative files).
Some of the technical methods used in fraud scrubbing at the time of the transaction include:
- Checking IP address blacklists;
- Checking the IP Geolocation and comparing with the billing address;
- Checking whether the IP address is a known proxy (legitimate, open, or anonymous); and
- Checking transaction velocity (number of transactions from the same location, or with the same credit details over a given period of time).
A fraud scrubbing service or system will then combine the data with various weights to give a “fraud score” indicating the potential that the given transaction is fraudulent.
The problem with all these methods (with the exception of negative files) is that each one of them presents the potential for unreliable or incorrect data, leading to both false positives and false negatives. The reliability of the fraud scrubbing is greatly dependent on the relative weights applied to the parameters.
The three main financial authorization methods can all be rendered useless by identity theft, which is a growing problem around the world. The technical checks listed above are also all rendered inadequate to protect against professional fraudsters with the advent of botnet proxies, which can circumvent geolocation, proxy and velocity checking.
True fraud control requires more effective identity verification in relation to the transacting device. Device fingerprinting data shared through a global device intelligence network is a more effective way to help limit the activities of Internet fraudsters.
Fraud Control Device Fingerprinting Solutions | Identity Theft & efraud Account Abuse Solutions for Social Media Communities | Identity Theft & efraud Account Compromise Solutions for Financial Services | Identity Theft & efraud Cheating Solutions for Media and Gaming | Identity Theft & efraud Phishing Account Compromise Solutions for Saas Enterprise | CNP Chargeback Prevention Credit Card Verification Solutions for High Risk Merchant | IPGeolocation Botnet Proxy Reputation | Online Identity Verification Alternative
ThreatMETRIX.com ·
Terms of Service · Privacy Policy · Sitemap · Contact Us
Copyright © 2007-2008 ThreatMETRIX
Copyright © 2007-2008 ThreatMETRIX