Velocity of use counts the number of transaction attempts associated with common data elements, such as a credit card number or address, as a means of looking for suspicious behavior.
Velocity of use is a building block of any serious fraud-prevention solution. Keeping track of the number of uses by different data elements allows you to spot unusual trends and it allows you spot run-up activity. Most major fraud-screening solutions have this type of functionality built into it.
Velocity of use is good for detecting fraud rings, multiple fraud attacks from the same perpetrator and also can catch some forms of identity morphing. The more data elements you can track velocity of use on, the more effective the tool is. Good data elements to perform this test on are: credit card number, address, phone number, e-mail address and account number. If you establish accounts for your customers, perform velocity of use on the number of accounts associated with a particular individual.
THE FRAUD PRACTICE
KEY NOTES
Alternative Solutions - Fraud Screening services have velocity of use already built in. Be sure to check if you can add your own custom fields. If you are looking at doing this check based on their account numbers you will have to look at purchasing in-house solutions or building this service on your own. Look at velocity of change as well, as these two forms of velocity complement each other.
Building this In-House - The velocity of use technique requires a supporting database and two calls to work. One call increases the count on a data element while the second call does a look up to see what the count is.
Estimated Cost - Costs to implement a simple velocity of use tool are low, as long as you already have database resources you can utilize and the applications you use to process orders are easily integrated into it. A lot of ERP, application servers, decision servers and the like on the market have this technology integrated into them.
Sample Venders - N/A
VELOCITY OF USE TECHNIQUE OVERVIEW
The intent of velocity of use is to look for suspicious behavior based on the number of associated transactions a consumer is attempting. It works based on counting the number of uses of a data element within a predetermined timeframe. The theory is the higher the number of uses on a data element (e.g., credit cards) in a predefined time period (e.g., 24 hours), the higher the risk of taking an order.
Key considerations when implementing or buying this functionality include:
Decide up front on the data elements you want to perform velocity of use checks on. You will also need to know the number of uses you want to flag and the time intervals you want look in.
You will have to perform some normalization on the addresses if you are doing this in-house to ensure you get matches.
Make sure you are logging usage for all attempts, not just completed or valid orders.
Plan on maintaining data for at least 12 months. I recommend 18 months.
Will you want to have a pass/fail velocity of use check or a graduated scale type of solution? The graduated scale adds more risk as the number of uses increases. So a set of 3 orders happening in 5 minutes would have more risk than a set of 3 orders happening over 30 days.
There is a distinct advantage to using a third-party service that combines data from multiple merchants or banks to track velocity of use, as you get a much fuller picture on activity by a potential fraudster and have a better chance at picking up on run-up activity.
HOW DOES IT WORK?
The velocity of use technique requires a supporting database and two calls to work. One call increases the count on a data element while the second call does a look up to see what the count is. If you are using a commercial solution or you are getting this functionality from a commercial fraud-screening service, you will only see one call to acquire this information as the solution will hide these calls from you.
Based on the look up call you will get a pass or fail type of response and you will have to decide to reject, review or pass the order to another sales channel, such as a telephone order.
There are three components to performing a velocity of use check: the data element, the count and the time interval.
Typically the data elements used for velocity of use are the address (street address, state, zip code), phone number, credit card number and e-mail address. Name is not recommended as there are to many people with similar names and this could really kill their sales or fill their manual review bins. The address has to be looked at in whole, not in parts, counting the number by state or zip code can raise a lot of false alarms. If you typically don’t do a lot of business in one location in a short timeframe you may want to look at zip code or state. Likewise if you have identified a hot spot by zip code, you should apply a rule to perform further fraud-prevention tests on that order.
The count and timeframe are very tightly joined. There is no hard, set rule on what number of changes and timeframe to look at. In general you need to understand your good customers, know if you get a lot of repeat business, know if is it typical for your customers to make more than one purchase per day, week or year. You also need to think about when it becomes completely unrealistic.
Examples:
1) I sell printer ink, paper and refills – I would expect my customers to be repeat customers, and I would assume on non-b2b orders that consumers would not typically make more than one purchase per day, but it would not be unusual for a consumer to do two orders in one day, but three or more orders in one day would be highly suspect.
2) I sell laptop computers – I would expect my b2c customers to have more one time purchases with at least 12 months time between orders. I would be suspect of any b2c customer making more than one order per day on computers. This does not mean ordering more than one computer in an order, this means placing two separate orders for computers in one day or week.
3) I sell jewelry – I would expect my b2c customers to only make one purchase a day, and would be very suspect of two or more orders in a day. I would be somewhat suspect of more than one order in a week or month, and would want to take a closer look, and I routinely have b2c customers that make more than one purchase in a year.
4) I sell rechargeable cell phones – I would be highly suspect of more than one recharge in a day, I would be slightly suspect of more than one recharge in a week, and expect a recharge every other week or once a month.
The better commercial solutions, usually fraud-screening services, don’t simply pass and fail on velocity of use. They actually increment the level of risk by the number of uses until they reach a point that they reject the order. This is usually only found in solutions that allow weighting of tests. For example: If I am looking at a time interval of 15 minutes and a credit card number with only one use comes up I would get no added risk, but if the same credit card showed up twice in 5 minutes I would give it high risk. The more attempts in the time period, the higher the risk goes. Likewise the more time that passes between attempts, the lower the risk.
Set up a process that mandates that all attempted orders are logged into velocity, not just valid sales.
HOW DO YOU USE THE RESULTS?
Log all attempted transactions, not just valid orders coming into the system.
Merchants can set up their velocity of use tests to look for orders to review or reject, but if you are going to reject based on velocity of use, make sure they fail other fraud tests as well. If the only test they fail is velocity of use, we would recommend you call the customer to validate the purchases.
90 days is the magic number before charge-backs appear, which means they won’t appear on a hot list until up to 90 days. Some fraudsters will time their attacks so orders are coming in at odd intervals: one order today, next one in three days, the next in one week, the next in four days etc. Make sure some of your velocity of use tests are looking at activity within the 90-day window. You can do this in real time, or to save processing time in the upfront orders set up an off-line batch routine that looks at activity by accounts or orders to establish counts over the 90-day window.
If someone fails this test and you are looking at a time period less than 24 hours, MAKE SURE YOU CANCEL OR PUT ON HOLD the original orders.