Didyou know

Fraud Scoring providers use proprietary systems to determine the level of risk associated with a card-not-present order providing either a pass/fail response or a numeric score reflective of the order's risk.

Fraud scoring services can give merchants a much more economical way to use the effectiveness of external checks that could be costly to implement individually; such as delivery address verification,  geolocationcredit checksreverse lookups, shared negative files, cross-merchant velocities and use of neural nets. It also frees the merchant up from training, setting up and maintaining an internal neural network or fraud solution.

An internal fraud scoring system will only have limited effectiveness as the breadth of data that is being looked at is only a single merchant’s data. This will affect any and all velocity checks such as velocity of change and velocity of use. For example, modeling and neural nets that are built and/or used solely in a one-merchant implementation don’t get the benefit of seeing consumer activity outside of their business. For fraud scoring the more data that goes into building the service, the better it will predict and catch fraud.

It is important to know that:

Modeling and neural nets that are maintained in-house suffer from breadth of data, missing key information from attempts on cross-merchant data.

Better fraud-screening services will catch between 40% and 70% of fraud attempts, but the higher the catch rate the higher the insult rate.

It is only a tool: It provides good information, but merchants have to build the logic into their system to handle the responses.

It can be very difficult to set up and understand how to effectively weight rules if building in-house. Can require significant intellectual capital.

It is a great tool to automate manual fraud reviews.

 

subscribe to newsletter

 

 

Fraud Scoringtechnique overview

Fraud Scoring is used by merchants to determine the level of risk associated with taking an order in the card-not-present marketplace. Merchants use the score either to reject, review or accept orders, as well as to find out information on what other types of preventive checks they should perform on the order. Key considerations when implementing or buying this functionality include:

  • How often are the underlying models updated? This is important as the fraud patterns and data points that are used in a model come from actual good and bad purchases. If a model is a year old merchants are trying to predict fraud off of data elements that were fraud that occurred a year ago, whereas a model updated monthly or on every transaction is looking at more recent patterns.
  • How often is the data updated and verified by the vendor?
  • What types of fraud-prevention techniques does the vendor use (e.g., heuristics, neural nets, external scores)?
  • What other components does the service provider include as part of their screening service (e.g., delivery address verification, reverse lookups, geolocation, freight forwarder checks)?
  • Do they offer any guarantee on charge-backs or provide any risk sharing?
  • Do they offer a pass/fail-only solution or one that provides a true score and range?
  • Does the fraud-scoring service support e-commerce, mail order and telephone order? Remember to look at the data elements they use to confirm what the focus of the service is. A service designed to predict e-commerce fraud will have less effectiveness in detecting mail order and telephone order fraud as the data elements are different. For example only the e-commerce consumer will have an IP number and e-mail address.
  • For merchants that do a lot of volume this solution can get very expensive, so make sure you negotiate volume discounts.
  • What case studies can they give to show how effective the solution was for other merchants?
  • Be leery of any fraud-scoring service that guarantees less than .5% fraud without explaining what the effect will be on sales conversion.
  • One direct measure of the depth of a fraud-screening service is the number of descriptors it can relate back to help you understand why it scored the way it did. These are codes that tell you more about why it scored they way it did (e.g. can’t verify address, geolocation inconsistency with country, high velocity of use, currently on a negative list).
  • Does the service provide tools for the fraud-review team to do manual reviews?
  • Can a merchant tune or change the service to meet their unique needs?
  • Can they tell you what to expect as far as insult rates?
  • If the service offers negative files, are these shared negative files or strictly for the merchant putting in the data?

How does it work?

First a merchant must understand that they can either use an external service for fraud scoring or they can build their own fraud-scoring engine. In general you will send an order to a fraud-scoring service, which will provide all of the data elements of the order. Typically the merchant will have performed an authorization prior to making this call, so they can provide information such as address verification results and the card security results to the fraud-scoring service. These services are typically set up to process orders in a real-time environment, but this does not mean a merchant can’t use them in a batch mode. The service typically takes a matter of seconds to evaluate an order to determine the level of risk associated with it. Once a fraud-scoring service is done, it will provide one of several data points back to the merchant. Make sure to check what the service provider will return: 

A pass or fail result

A score

Descriptors

So now that you understand what you will see, what is the fraud-scoring service doing with their order? When you call a fraud-scoring service it runs a series of data integrity checks on the data you provided to look for things that are unusual or are blatantly fraudulent. Examples of this could be nonsensical input such as: Name: IUYIOUYIY, or it could be that “Mickey Mouse” is trying to buy a brand new three caret diamond ring. The service can then look at the data elements (such as name, address, phone, e-mail) to see if there are any matches to internal fraud lists. It would then check for issues with velocity of use and change. The service may then look at things such as geolocation, address and phone verification, and combine these in a model to see how well this order compares to previous good and bad orders. The service then correlates this into a score or a pass/fail response. This is only an example. Each service is unique, and most vendors will not share the exact methods they use, as this is their “secret sauce.”

 

How do you use the results?

Selecting a fraud-screening service depends on a merchant’s sales channels, MOTO, e-commerce or both. If a fraud-screening service requires data elements from you, you should do everything you can to submit any and all of these data elements. E-commerce fraud-screening services will have less effectiveness with MOTO transactions. But if a solution is 70% effective in e-commerce and it is 50% effective with MOTO it will still catch half of the fraud attempts.

If an order fails authorization merchants don’t need to send it out for fraud scoring. This being said a merchant should perform their authorization check prior to a fraud screen.

These services typically don’t provide a case management interface, and they provide no means to establish initial settings. Merchants have to base the original settings off of their own previous history with charge-backs. Merchants can easily get bogged down in the details of the solution. I highly recommend that merchants have a fraud analyst from the vendor of choice or independent source to assist in completing the initial set up, going over best practices of using the fraud-screening service. This can save a merchant a lot of time and money in implementing their solution.

AdditionalResources

  • FUNDAMENTALS FOR SELECTING A FRAUD SOLUTION PROVIDER.

    The Fundamentals For Selecting a Fraud Solution Provider is intended for organizations looking to gain an introductory understanding to the fraud solution marketplace and the fraud solution providers servicing that market. The competitive landscape document makes references to over 150 fraud solution providers.

  • Making Sense of the Fraud Vendor Landscape.

    With so many fraud vendors and solutions to choose from in the market, how do you know what will work best for your company? How do you compare vendors and solutions? This session provides a method to categorize fraud solutions and services into 8 groups so you can better perform apples-to-apples comparisons. The session builds on the “Moving from Tools to Solutions” session by providing a description of what each group focuses on, where they are best applied, along with a list of commonly used vendors in each category.

  • MaxMind MinFraud.

     

keynotes

  • Alternative Solutions - Use of a decision engine, application of rules.
  • Building this In-House - While it is technically something you can build in-house you should remember an in-house service defeats the value proposition for the buyer, and makes it a one way process. If, as a company, you represent both the buyer and seller, like an auction site, than building it in-house is plausible.
  • Estimated Costs - Costs will vary based on the vendor you select. Typically this service is offered on a transaction basis. There are some providers that offer flat subscription pricing, volume discounts and better pricing for entering long-term agreements. There are also some providers that offer basis points pricing, and these typically offer some sort of risk sharing or charge-back guarantee.
  • Sample Vendors - MaxMind