Didyou know

Velocity of change counts the number of changes between data elements on new transactions with previous ones as a means of identifying suspicious behavior.

Velocity of change is one of the mechanisms to catch identity morphing. As a general fraud-prevention tool there is a high correlation to risky behavior with those transactions that fail this type of test. Most major fraud-screening solutions have this type of functionality built into it.

Velocity of change is good for detecting stolen card numbers, multiple fraud attacks from the same perpetrator, and also for detecting some forms of identity morphing.

The more data elements you can track velocity of change on the more effective the tool is. Good data elements to perform this test on are: credit card numbers, addresses (billing and shipping), phone number, e-mail address and account number.

If you establish accounts for your customers performing velocity of change on the number of accounts associated with a particular individual data element or in the opening of new accounts can help catch fraudsters before they can even place a fraudulent order.

 

subscribe to newsletter

 

 

Velocity of Changetechnique overview

The intent of velocity of change is to look for suspicious behavior based on the number of changes between data elements on new transactions with previous transactions. It works based on counting the number of changes with associated data elements within a predefined timeframe. The theory is the higher the number of changes on a set of data elements, such as the number of phone numbers or addresses associated with credit cards in a predefined timeframe, the higher the risk of taking an order. 

Key considerations when implementing or buying this functionality include:

  • Decide up front on the data elements you want to perform velocity of change checks on. You will also need to know the number of changes you want to flag and the time interval you want to look in.
  • You will have to perform some normalization on the addresses if you are doing this in-house to ensure you get matches.
  • Use the shipping address, and not the billing address, for their velocity of change. See guidelines and samples under How it Works.
  • Make sure you are logging usage for all attempts, not just completed or valid orders.
  • Plan on maintaining data for at least 12 months. I recommend 18 months.
  • Will you want to have a pass/fail velocity of change check or a graduated scale type of solution? The graduated scale adds more risk as the number of changes increase. Typically with velocity of change the pass/fail method is used.
  • There is a distinct advantage to using a third-party service that combines data from multiple merchants or banks to track velocity of change, as you get a much fuller picture on activity by a potential fraudster, and have a better chance at picking up on bust-out activity.

How does it work?

The velocity of change technique requires a supporting database and two calls to work. One call increases the count on a data element while the second call does a look up to see what the count is. If you are using a commercial solution or you are getting this functionality from a commercial fraud-screening service, you will only see one call to acquire this information as the solution will hide these calls from you.

Based on the look-up call you will get a pass or fail type of response and you will have to decide to reject, review or pass the order to another sales channel, such as a telephone order.

There are four components to performing a velocity of change check, two data elements to compare, the count and the time interval.

Typically the data elements used for velocity of change are the shipping address (address, state, zip code), phone number, credit card number, expiration date and e-mail address. Name is not recommended as there are too many people with similar names and this could really kill a merchant's sales or fill their manual review bins. The address has to be looked at in whole, not in parts, counting the number by state or zip code can raise a lot of false alarms. If you typically don’t do a lot of business in one location in a short timeframe you may want to look at zip code or state. Likewise if you have identified a hot spot by zip code, you should be applying a rule to perform further fraud-prevention tests on that order by looking at changes within that zip code.

The count and time frame are very tightly joined. There is no hard, set rule on what number of changes and timeframe to look at. In general you need to understand your good customers: Do you get a lot of repeat business? Is it typical for your customers to make more than one purchase per day, week or year? You also need to think about when it becomes completely unrealistic.

In order to see change, you have to be comparing two data elements to count the number of times one piece of the information changes. This forms the basis of the technique. 

Examples:

1) Credit card number to expiration date – Checking to see how many times the expiration date changes with the credit card number

2) Credit card number to shipping address – Checking to see how many shipping addresses are associated with a credit card number

3) Credit card number to phone number – Checking to see how many phone numbers have been given with a credit card number

4) Credit card number to e-mail — Checking to see how many e-mails are given with a credit card number

5) Phone number to shipping address – Checking to see how many shipping addresses are given with a phone number

6) Phone number to credit card – Checking to see how many credit cards are given with a phone number

7)  Phone number to e-mail – Checking to see how many e-mails are given with a phone number

8) Shipping address to credit card number – Checking to see how many credit card numbers are associated with a shipping address 

The better commercial solutions, usually fraud-screening services, perform these velocity of change tests. Set up a process that mandates that all attempted orders are logged into velocity, not just valid sales.

 

How do you use the results?

Log all attempted transactions, not just valid orders coming into the system.

You can set up your velocity of change tests to look for orders to review or reject.

90 days is the magic number before charge-backs appear, which means they won’t appear on a hot list until up to 90 days. Some fraudsters will time their attacks so orders are coming in at odd intervals: one order today, next one in three days, the next in one week, the next in four days etc. Make sure some of your velocity of change tests are looking at activity within the 90-day window. You can do this real time, or to save processing time in the upfront orders set up an offline batch routine that looks at activity by accounts or orders to establish counts over the 24-hour window by under the 90-day window. For orders that are over 90 days old, and have not been charged back, you don’t need to perform active checks.

If someone fails this test and you are looking at a time period less than 24 hours, MAKE SURE YOU CANCEL OR PUT ON HOLD any other orders from this identity.

The following are meant as starting points only, you have to look at their customer base to determine what time intervals and number of changes really are best for you.

1) Credit card number to expiration date – More than 2 changes in 24 hours, they could make one typo, but to see three changes indicates guessing.

2) Credit card number to shipping address – If your products are normally sent as gifts you should set this high, if you use it at all. This is really better for businesses that don’t normally have consumers buying gifts.

3) Credit card number to phone number – More than 2 changes in 24 hours shows guessing and high usage and is considered risky.

4) Credit card number to e-mail – Most consumers online use the same e-mail address for making purchases. If you start to see multiple e-mail addresses, more than two, you should do further review.

5) Phone number to shipping address – Again, if you do a lot of gifts you should not use this test as you will get a lot of changes with this indicator. Usually a good indicator of bogus phone numbers.

6) Phone number to credit card – Most online consumers use one to three credit cards for online purchases. If you see more than four associated with a phone number you need to review or reject the order.

7) Phone number to e-mail – Again more than two changes and you need to do some other checks.

8) Shipping address to credit card number – Typical online consumers use between one and three credit cards for purchasing online, so look for more than four changes.

Additionalresources

  • OVERVIEW OF ECOMMERCE FRAUD PREVENTION TECHNIQUES.

    A core curriculum course providing an introduction to 30 plus fraud prevention techniques; what they are, high level discussion on how to employ them and big picture considerations for using them.

  • ECOMMERCE BUYER FRAUD SIGNALS.

    Outlines many different signals that high risk buyers may show looking at factors such as their account activity, profile data, behavior and other signals that can be seen when using different anti-fraud tools.

  • Ecommerce Fraud Moving from Tools to Solutions.

    This session covers what constitutes a fraud solution and categorizes the many types of third party fraud tools. The course outlines the common terminology of fraud solutions and describes the capabilities needed to implement a fraud solution. 

keynotes

  • Alternative Solutions - Fraud Screening services have velocity of change already built in. Be sure to check if you can add your own custom fields. If you are looking at doing this check based on their account numbers you will have to look at purchasing in-house solutions or building this service on your own. Look at velocity of use as well, as these two forms of velocity complement each other.
  • Building this In-House - The velocity of change technique requires a supporting database and two calls to work. One call increases the count on a data element test while the second call does a look-up to see what the count is. 
  • Estimated Costs - Costs to implement a simple velocity of change tool are low, as long as you already have database resources you can utilize and the applications you use to process orders are easily integrated into. A lot of ERP, application servers, decision servers and the like on the market have this technology integrated into them already or through third-party modules.
  • Sample Vendors -