VELOCITY OF CHANGE

VELOCITY OF CHANGE TECHNICAL OVERVIEW


The intent of velocity of change is to look for suspicious behavior based on the number of changes between data elements on new transactions with previous transactions. It works based on counting the number of changes with associated data elements within a predefined timeframe. The theory is the higher the number of changes on a set of data elements, such as the number of phone numbers or addresses associated with credit cards in a predefined timeframe, the higher the risk of taking an order.


Key considerations when implementing or buying this functionality include:

  • Decide up front on the data elements you want to perform velocity of change checks on. You will also need to know the number of changes you want to flag and the time interval you want to look in.

  • You will have to perform some normalization on the addresses if you are doing this in-house to ensure you get matches.

  • Use the shipping address, and not the billing address, for their velocity of change. See guidelines and samples under How it Works.

  • Make sure you are logging usage for all attempts, not just completed or valid orders.

  • Plan on maintaining data for at least 12 months. I recommend 18 months.

  • Will you want to have a pass/fail velocity of change check or a graduated scale type of solution? The graduated scale adds more risk as the number of changes increase. Typically with velocity of change the pass/fail method is used.

  • There is a distinct advantage to using a third-party service that combines data from multiple merchants or banks to track velocity of change, as you get a much fuller picture on activity by a potential fraudster, and have a better chance at picking up on bust-out activity.

HOW DOES IT WORK?


The velocity of change technique requires a supporting database and two calls to work. One call increases the count on a data element while the second call does a look up to see what the count is. If you are using a commercial solution or you are getting this functionality from a commercial fraud-screening service, you will only see one call to acquire this information as the solution will hide these calls from you.

Based on the look-up call you will get a pass or fail type of response and you will have to decide to reject, review or pass the order to another sales channel, such as a telephone order.

There are four components to performing a velocity of change check, two data elements to compare, the count and the time interval.


Typically the data elements used for velocity of change are the shipping address (address, state, zip code), phone number, credit card number, expiration date and e-mail address. Name is not recommended as there are too many people with similar names and this could really kill a merchant's sales or fill their manual review bins. The address has to be looked at in whole, not in parts, counting the number by state or zip code can raise a lot of false alarms. If you typically don’t do a lot of business in one location in a short timeframe you may want to look at zip code or state. Likewise if you have identified a hot spot by zip code, you should be applying a rule to perform further fraud-prevention tests on that order by looking at changes within that zip code.

The count and time frame are very tightly joined. There is no hard, set rule on what number of changes and timeframe to look at. In general you need to understand your good customers: Do you get a lot of repeat business? Is it typical for your customers to make more than one purchase per day, week or year? You also need to think about when it becomes completely unrealistic.


In order to see change, you have to be comparing two data elements to count the number of times one piece of the information changes. This forms the basis of the technique.

Examples:


1) Credit card number to expiration date – Checking to see how many times the expiration date changes with the credit card number


2) Credit card number to shipping address – Checking to see how many shipping addresses are associated with a credit card number


3) Credit card number to phone number – Checking to see how many phone numbers have been given with a credit card number


4) Credit card number to e-mail — Checking to see how many e-mails are given with a credit card number


5) Phone number to shipping address – Checking to see how many shipping addresses are given with a phone number


6) Phone number to credit card – Checking to see how many credit cards are given with a phone number


7)  Phone number to e-mail – Checking to see how many e-mails are given with a phone number


8) Shipping address to credit card number – Checking to see how many credit card numbers are associated with a shipping address


The better commercial solutions, usually fraud-screening services, perform these velocity of change tests. Set up a process that mandates that all attempted orders are logged into velocity, not just valid sales.

DID YOU KNOW


Velocity of change counts the number of changes between data elements on new transactions with previous ones as a means of identifying suspicious behavior.


Velocity of change is one of the mechanisms to catch identity morphing. As a general fraud-prevention tool there is a high correlation to risky behavior with those transactions that fail this type of test. Most major fraud-screening solutions have this type of functionality built into it.


Velocity of change is good for detecting stolen card numbers, multiple fraud attacks from the same perpetrator, and also for detecting some forms of identity morphing.


The more data elements you can track velocity of change on the more effective the tool is. Good data elements to perform this test on are: credit card numbers, addresses (billing and shipping), phone number, e-mail address and account number.


If you establish accounts for your customers performing velocity of change on the number of accounts associated with a particular individual data element or in the opening of new accounts can help catch fraudsters before they can even place a fraudulent order.

Sponsor-Pipl-219x175.png

THE FRAUD PRACTICE

KEY NOTES


Alternative Solutions - Fraud Screening services have velocity of use already built in. Be sure to check if you can add your own custom fields. If you are looking at doing this check based on their account numbers you will have to look at purchasing in-house solutions or building this service on your own. Look at velocity of change as well, as these two forms of velocity complement each other.


Building this In-House - The velocity of use technique requires a supporting database and two calls to work. One call increases the count on a data element while the second call does a look up to see what the count is.


Estimated Cost - Costs to implement a simple velocity of use tool are low, as long as you already have database resources you can utilize and the applications you use to process orders are easily integrated into it. A lot of ERP, application servers, decision servers and the like on the market have this technology integrated into them.


Sample Vendors - N/A