FUNDAMENTALS - THE ANATOMY OF A FRAUD STRATEGY

In this section I will discuss some basics of strategy design to get you started. Saying that, lets talk about the basics of strategy design. There are five major phases of a strategy. Each phase has distinct goals and techniques that can be used to accomplish those goals. These five phases are:

• Pre-screen

• Payment

• Post-screen

• Review

• Accounting

Pre-Screen

1. Hot Lists

2. Positive LIsts

3. Velocity of Change

4. Velocity of Use

5. Rules

6. Consumer Authentication

7. Verified by Visa

8. MasterCard SecureCode

Payment

1. Authorization

2. Address Verification Service

3. Advanced Address Verification

4. ACH (Electronic Checking)

5. Debit

6. Card Security Check

Post-Screen

1. Geolocation

2. Fraud Scoring

3. Modeling

4. Reverse Address & Phone Lookups

5. Crdit Checks

Review

1. Call Back Consumer

2. Call Bank

3. Cross Check of Buying History

4. Query Order Activity

Accounting

1. Settlements

2. Credits

3. Charge-back Processing

4. Sharing & Updating Information with Peers and Partners

5. Educations

6. Tuning of Strategy

The pre-screen phase is used to review an order’s information to determine acceptance criteria. This phase is typically automated, and it conducts rules and checks to attempt to completely rule out orders you will not do business with, regardless of any other checks. In the pre-screen phase you are trying to weed out orders with the intent of saving time and money. Why process authorizations or other fraud-prevention checks on an order if you know you won’t take the order regardless of the outcome? Examples of orders being cut out here are those that are international when the company only does business in the USA, or the rejecting of an order because the order contains data on your internal hot list.

In the payment phase you are conducting the processes and checks required to accept an order. This includes getting an authorization, address verification information and card security check data.

The post-screen phase is where you perform your advanced reviews on orders that have passed the pre-screen and payment phases. This includes using business logic as well as advanced fraud-prevention techniques. Typically the first thing you want to check in this phase is the positive list to see if you can automatically pass all other tests.

The review phase includes all of the post-screening checks you do to attempt to catch fraud or to convert orders. This phase is a manual phase, and can be as simple as doing spot checks on orders to having review queues and manual sorting.

The accounting phase starts once an order has been fully accepted and lasts until 12 months after the sale. This includes processing credits, settlements, reauthorizations, charge-backs and tuning of the overall fraud-prevention strategy.

Typically the pre-screen, payment and post-screen phases are automated and occur in real-time. The review and accounting phases will make use of automation tools but are mainly manual processes.

Designing a Strategy Based on Risk Exposure

One approach to designing a strategy is looking at the level of risk your company is exposed to. The higher your risk, the more you will rely on fraud-prevention techniques and the more extensive the checks will have to be.

For some merchants the level of risk they are exposed to is so small that the standard address verification and card security schemes offered by the credit card associations will be more than enough. For example the education, utilities and government sectors can reach out and touch their consumers, de-frauding them is much more unlikely. Not that it doesn’t happen — it’s just not that high of a concern.

The following chart provides a break out of fraud-prevention techniques by the level of risk a merchant is exposed to. View the three levels of risk and determine which category you fall into. In looking at the characteristics, they are not meant to be all-inclusive — you may only meet one or two of the criteria listed. These characteristics are meant to form a guide to determine the level of risk you may be exposed to.

LEVEL OF RISK DESCRIPTION

Low Risk

• Looking for lowest-cost solutions

• Low volume

• High margin

• Clothing, utilities, tuition, insurance

• Fraud rate less than .25% or total loss of dollars less than $5,000

Medium Risk

• Medium to high volume

• Low to medium margin

• High fencibility electronics, toys, games, music, personal services, books, clothing, travel, international business

• Fraud rate greater than .75% or total losses exceeds $50,000 per year

High Risk

• Medium to high volume

• Low to medium margin

• Very high fencibility electronic downloads, high-end electronics, financial vehicles, gift cards, adult, gaming, rechargeable cell phones, travel, international business, credit line or card issuance

• Fraud rate greater than 1% or total fraud losses exceeds $100,000 per year