Velocity of Use - Fraud Library

The Fraud Practice eCommerce Fraud Consulting Services

The intent of velocity of use is to look for suspicious behavior based on the number of associated transactions a consumer is attempting. It works based on counting the number of uses of a data element within a predetermined timeframe. The theory is the higher the number of uses on a data element (e.g., credit cards) in a predefined time period (e.g., 24 hours), the higher the risk of taking an order. 

Enter your search terms Submit search form

Web www.fraudpractice.com

A top 10 choice ...

The intent of velocity of use is to look for suspicious behavior based on the number of associated transactions a consumer is attempting. It works based on counting the number of uses of a data element within a predetermined timeframe. The theory is the higher the number of uses on a data element (e.g., credit cards) in a predefined time period (e.g., 24 hours), the higher the risk of taking an order. 

For example: 

How many times has credit number “111111111111111” been used in the last 24 hours?

How Good Is It? 

Velocity of use is a building block of any serious fraud-prevention solution. Keeping track of the number of uses by different data elements allows you to spot unusual trends and it allows you spot run-up activity. Most major fraud-screening solutions have this type of functionality built into it.  

• Velocity of use is good for detecting fraud rings, multiple fraud attacks from the same perpetrator and also can catch some forms of identity morphing.

• The more data elements you can track velocity of use on, the more effective the tool is. Good data elements to perform this test on are: credit card number, address, phone number, e-mail address and account number.

• If you establish accounts for your customers, perform velocity of use on the number of accounts associated with a particular individual.

Considerations When Implementing or Buying This Functionality    

• Decide up front on the data elements you want to perform velocity of use checks on. You will also need to know the number of uses you want to flag and the time interval you want look in.

• You will have to perform some normalization on the addresses if you are doing this in-house to ensure you get matches.

• Make sure you are logging usage for all attempts, not just completed or valid orders.

• Plan on maintaining data for at least 12 months. I recommend 18 months.

• Will you want to have a pass/fail velocity of use check or a graduated scale type of solution? The graduated scale adds more risk as the number of uses increases. So a set of 3 orders happening in 5 minutes would have more risk than a set of 3 orders happening over 30 days.

• There is a distinct advantage to using a third-party service that combines data from multiple merchants or banks to track velocity of use, as you get a much fuller picture on activity by a potential fraudster, and have a better chance at picking up on run-up activity.

Estimated Costs – Costs to implement a simple velocity of use tool are low, as long as you already have database resources you can utilize, and the applications you use to process orders are easily integrated into. A lot of ERP, application servers, decision servers and the like on the market have this technology integrated into them.

Alternative Solutions –  

Fraud-Screening services have velocity of use already built in. Be sure to check if you can add your own custom fields. If you are looking at doing this check based on their account numbers you will have to look at purchasing in-house solutions or building this service on your own.

Look at velocity of change as well, as these two forms of velocity complement each other.

Vendors – CyberSource, Clear Commerce, Retail Decisions, HNC/Fair Isaac

How Does it Work?  

The velocity of use technique requires a supporting database and two calls to work. One call increases the count on a data element while the second call does a look up to see what the count is. If you are using a commercial solution or you are getting this functionality from a commercial fraud-screening service, you will only see one call to acquire this information as the solution will hide these calls from you

Based on the look up call you will get a pass or fail type of response and you will have to decide to reject, review or pass the order to another sales channel, such as telephone order.

There are three components to performing a velocity of use check: the data element, the count and the time interval.

Typically the data elements used for velocity of use are the address (address, state, zip code), phone number, credit card number and e-mail address. Name is not recommended as there are to many people with similar names and this could really kill their sales or fill their manual review bins. The address has to be looked at in whole, not in parts, counting the number by state or zip code can raise a lot of false alarms. If you typically don’t do a lot of business in one location in a short timeframe you may want to look at zip code or state. Likewise if you have identified a hot spot by zip code, you should apply a rule to perform further fraud-prevention tests on that order.

The count and timeframe are very tightly joined. There is no hard, set rule on what number of changes and timeframe to look at. In general you need to understand your good customers, know if you get a lot of repeat business, know if is it typical for your customers to make more than one purchase per day, week or year? You also need to think about when it becomes completely unrealistic.  

Examples:

1.       I sell printer ink, paper and refills – I would expect my customers to be repeat customers, and I would assume on non-b2b orders that consumers would not typically make more than one purchase per day, but it would not be unusual for a consumer to do two orders in one day, but three or more orders in one day would be highly suspect.

2.       I sell laptop computers – I would expect my b2c customers to have more one time purchases with at least 12 months time between orders. I would be suspect of any b2c customer making more than one order per day on computers. This does not mean ordering more than one computer in an order, this means placing two separate orders for computers in one day or week.

3.       I sell jewelry – I would expect my b2c customers to only make one purchase a day, and would be very suspect of two or more orders in a day. I would be somewhat suspect of more than one order in a week or month, and would want to take a closer look, and I routinely have b2c customers that make more than one purchase in a year.

4.       I sell rechargeable cell phones – I would be highly suspect of more than one recharge in a day, I would be slightly suspect of more than one recharge in a week, and expect a recharge every other week or once a month. 

The better commercial solutions, usually fraud-screening services, don’t simply pass and fail on velocity of use. They actually increment the level of risk by the number of uses until they reach a point that they reject the order. This is usually only found in solutions that allow weighting of tests. For example: If I am looking at a time interval of 15 minutes and a credit card number with only one use comes up I would get no added risk, but if the same credit card showed up twice in 5 minutes I would give it high risk. The more attempts in the time period, the higher the risk goes. Likewise the more time that passes between attempts, the lower the risk.

Set up a process that mandates that all attempted orders are logged into velocity, not just valid sales.

How Do I Use the Results?  

•  Log all attempted transactions, not just valid orders coming into the system.

• You can set up their velocity of use tests to look for orders to review or reject, but if you are going to reject based on velocity of use, make sure they fail other fraud tests as well. If the only test they fail is velocity of use, we would recommend you call the customer to validate the purchases.

• 90 days is the magic number before charge-backs appear, which means they won’t appear on a hot list until up to 90 days. Some fraudsters will time their attacks so orders are coming in at odd intervals: one order today, next one in three days, the next in one week, the next in four days etc. Make sure some of your velocity of use tests are looking at activity within the 90-day window. You can do this real time or to save processing time in the upfront orders, set up an off-line batch routine that looks at activity by accounts or orders to establish counts over the 90-day window.

• If someone fails this test and you are looking at a time period less than 24 hours, MAKE SURE YOU CANCEL OR PUT ON HOLD the original orders.

Building This In-House 

The velocity of use technique requires a supporting database and two calls to work. One call increases the count on a data element while the second call does a look up to see what the count is. 

Database – Have your Database Administrator set up a database resource for you to use. They will have to set up the database structure and design to store the data elements, and to maintain counts on the data elements.  

Call One: Add Records and Increment – Have your IT team set up calls from all applications and channels that touch those data elements, so e-commerce, MOTOand card-present channels will add new entries into the data set or they will increment the counts on the data elements if they already exist. You have to enter a date time stamp with every new record you put into the data set.  

Call Two: Look Up Activity – Have your IT team set up call from all applications and channels that touch these data elements, typically done as part of your fraud-screening procedures, to check the number of uses this person has. This is typically done by use of stored procedure or in the event you are using only one record per data element and are incrementing the count and date time stamp you would only have to call the supporting data set and look up the data element. This call is doing the look up on each independent data element you have determined to do velocity of use checks on.

Property of The Fraud Practice, all rights reserved, no unauthorized duplication, reproduction or distribution without the express written permission of The Fraud Practice.