Popular about fraud - answers to real-life questions of electronic merchants
The term fraud now means any fraud in IT. Carding call any illegal operations with a bank card. We specialize in card fraud prevention in e-commerce. The problem is that starting their online business, entrepreneurs, as a rule, first of all think about the cost of accepting payments and know little about the risks associated with fraud. The most popular questions from merchants (merchants, online stores, merchants) are listed below.
What is fraud?
Card fraud - this is what can slow down the development of online business. If a scammer takes advantage of a product or service, both the goods and money are lost. Why is it easier to buy goods on the site by entering the card number and other digits printed on it when paying? But at the same time, the card will be alien - the entered data can be photographed or spied on, obtained through technological frauds with ATMs or through poorly protected sites of other online stores. It is also not a secret that a large number of databases with details of stolen cards are walking around the network.
Why is it dangerous to miss fraud?
Because the real cardholder will necessarily write an application to the bank to return the amount written off without his knowledge, i.e. initiates the chargeback procedure. In the case of an unauthorized bank card transaction through an online store, the issuing bank that issued the card, on behalf of the cardholder, will protest the transaction and the Merchant will be obliged to refund the entire purchase price. In case of disputable situations involving the protest of suspicious transactions, the acquiring bank may incur additional costs in the amount of several hundred dollars for each case of arbitration from the international payment systems (MPS), which the bank will gladly yield to the CTP. Especially painful losses will occur in low-margin business . For example, with a sales margin of 2-3%, TSP will need to implement several dozen product units only to cover the resulting loss for one fraudulent transaction. At the same time, a high average check aggravates the problem even more - hence the “preferences” of fraudsters by categories of goods and services purchased are formed. One of the hottest industries is travel and retail.
')
And that is not all. In the event that the number of fraudulent transactions reaches 1% of the total number of all transactions, the VISA and MasterCard IPSs are entitled to charge the acquiring bank, and therefore the PTP, penalties. After a fraud threshold is reached, the TSP enters the global audit program, after which the acquiring bank must request the TSP to take measures to reduce the fraud level and strictly control the number of fraudulent operations during the following months. If repeated violations are detected, a warning is issued against the TSP, and then penalties ranging in size from $ 5,000, which can be increased to a very impressive $ 200,000 in particularly severe cases. At the same time, a separate monitoring of transactions in the context of cards issued by foreign and domestic issuers is carried out; exceeding the threshold value only for foreign cards can also be the basis for including TSP in the audit program. In particularly neglected cases, a PTS may be disqualified, which will make it impossible to accept cards for payment through any bank in the future. It is worth noting that serious financial consequences may also come for the acquiring bank itself if the situation is bad for all customers as a whole.
Fraud is a global organized business. Violators are grouped together, and each of these groups operates in its own field. Violators join together through social networks and specialized forums to help each other and share their experiences using the most successful attack patterns to achieve maximum performance. Therefore, if a one-time fraud went through the online store, in the shortest possible time several more groups will try to conduct fraudulent transactions - this phenomenon is called a “snowball”. And since the motivation is very strong - money, then the speed with which fraudsters will attack the store will increase in proportion to their number.
What is an antifraud?
A reliable anti-fraud is a service that does not allow fraudsters to cash out and buy goods on someone else’s bank card through an online store.
In addition to the simplest protection settings that any merchant can set up, such as protection against CVV selection and card numbers; analysis of card parameters by bank, owner, type of product, country of issue and geography of use; customer identification by purchase history; retrospective analysis of purchases; detection of suspicious transactions on the prints of the equipment used; domain check and IP addresses, etc., we are able to customize the rules and filters that are unique to each online store.
Our patents on security and payment authentication:
Antifraud reduces conversion?
Yes, antifraud generally reduces conversion. Our task is to minimize the number of false positives and to ensure the highest possible level of conversion at the selected risk level. The conversion is badly affected by any rough settings (as a rule, typical vendor solutions on the bank side) and the standard implementation of 3-D Secure dynamic authorization technology for 100% of processed transactions. The lack of solutions verified by Visa and MasterCard SecureCode is that as of the current time, not all banks are able to correctly and conveniently cardholder to process incoming requests, which in some cases makes it impossible to confirm the intention to perform the operation, and therefore reduces the conversion. In many cases, it will be much more effective to selectively use 3DS authorization for cards of individual issuers and / or suspicious in terms of other parameters of customers. Payture patents use the CheckCode proprietary dynamic authorization technology (verification code), free from some of the shortcomings of typical Visa and MasterCard solutions, which we will discuss separately in future publications. Antifraud allows you to simplify the process of buying for ordinary customers, as well as online monitoring and reporting of suspicious transactions.
How much does antifraud cost?
Standard business model in our market: take Internet acquiring, antifraud is included. But in fact, we have long since identified the antifraud as a separate service, which we provide both with acquiring and independently of it. This allows TSPs from different countries of the world to use our competences to detect and prevent fraud in international markets, to manage risks in the local market of Russia for non-resident TSPs who are attached to many years of experience of cooperation with global cash acceptance operators with limited expertise in our country .
The cost of the anti-fraud service depends on the number of transactions over a period of time and the need to resort to additional (paid) sources of information on any type of business: from 0.75 rubles to 6 rubles per transaction. We also have various options for package offers, which allow TSPs to more economically spend money with a good understanding of their risks and turnovers in volume and value terms.
Aren't scammers basically a problem with banks?
So say not only representatives of the TSP, but also 90% of the polled Russians from the All-Russian sample of the NAFI center (National Agency for Financial Research). To a much greater extent, Internet fraudsters are an entrepreneur’s problem. In accordance with Article No. 9 of the Federal Law “On the National Payment System”, the operator is obliged to reimburse the client for “the amount of the transaction made without the client’s consent”, and then, according to the rules of the ICS, the bank charges this amount from the merchant's payment system. Yes, the security departments of banks closely cooperate with various government agencies. Large-scale thefts are most often brought to court, but cases of fraudulent bank card payments through online stores are practically not investigated in Russia today. Although the total amount of damage from carding (fraudsters - residents of the CIS) is 680 million dollars for 2013-2014. and 3-6 thousand cards of Russian banks are compromised weekly.
The data market of bank cards over the past 10 years has finally been structured and has come to the organization of mass automated distribution channels in the form of electronic trading platforms. According to Group-IB (the company is investigating cybercrime and high-tech fraud), in 2014, only one such store had 6.78 million cards.
And if you want to accept cards for payment, you should know that a card fraud is one of the most difficultly punishable and actively developing types of fraud.
Why is card fraud popular?
Because a bank card is a convenient and fastest growing payment tool on the Internet. The number of cards issued in the Russian Federation in 2014 amounted to 220 million. In large cities, every second adult resident has two or more bank cards. Two thirds of Russians use a bank card to pay for goods / services and withdraw cash almost daily.
If you compare with the turnover of e-commerce, which is growing annually by an average of 10-15%, then the number of fraud attempts increases by at least 25% per year. According to our data, in 2014, about 10% of all transactions in online stores were attempts to make a fraud payment on a card.
How do I know if I have a fraudulent transaction?
Without operational fraud monitoring - no way. You learn about it only after some time, the IPU provides cardholders with a period of up to six months from the date of the actual service. This is the time when cardholders can write an application to protest a transaction according to the rules of the IPU. For example, if we are talking about the sale of a ticket with a departure three months from the date of the order, the closing date for the possibility of protesting a transaction will be up to nine months .
Online stores are trying to imitate as much as possible the format of sales offline - they offer several sizes for delivery and the assistance of a consultant, do online fitting and good detailed photos, draw up a colorful discount "shop window" and a zone of impulse purchases. And the process of payment on the site remains the bottleneck where merchants lose their money and customer loyalty. Is it possible to imagine that in a regular store you are limited to three purchases per day or some amount, do not accept a payment card of a foreign bank, reject a payment for some reason that you don’t understand?
It is to ensure that honest law-abiding buyers do not suffer because of fraudsters, and businessmen do not lose their clients, we constantly analyze large volumes of information, develop and improve our anti-fraud service, which has received its own name - Fraudar. These are ready-made solutions and an individual approach with fine tuning at no additional cost.
What is fraud?
Card fraud - this is what can slow down the development of online business. If a scammer takes advantage of a product or service, both the goods and money are lost. Why is it easier to buy goods on the site by entering the card number and other digits printed on it when paying? But at the same time, the card will be alien - the entered data can be photographed or spied on, obtained through technological frauds with ATMs or through poorly protected sites of other online stores. It is also not a secret that a large number of databases with details of stolen cards are walking around the network.
Why is it dangerous to miss fraud?
Because the real cardholder will necessarily write an application to the bank to return the amount written off without his knowledge, i.e. initiates the chargeback procedure. In the case of an unauthorized bank card transaction through an online store, the issuing bank that issued the card, on behalf of the cardholder, will protest the transaction and the Merchant will be obliged to refund the entire purchase price. In case of disputable situations involving the protest of suspicious transactions, the acquiring bank may incur additional costs in the amount of several hundred dollars for each case of arbitration from the international payment systems (MPS), which the bank will gladly yield to the CTP. Especially painful losses will occur in low-margin business . For example, with a sales margin of 2-3%, TSP will need to implement several dozen product units only to cover the resulting loss for one fraudulent transaction. At the same time, a high average check aggravates the problem even more - hence the “preferences” of fraudsters by categories of goods and services purchased are formed. One of the hottest industries is travel and retail.
')
And that is not all. In the event that the number of fraudulent transactions reaches 1% of the total number of all transactions, the VISA and MasterCard IPSs are entitled to charge the acquiring bank, and therefore the PTP, penalties. After a fraud threshold is reached, the TSP enters the global audit program, after which the acquiring bank must request the TSP to take measures to reduce the fraud level and strictly control the number of fraudulent operations during the following months. If repeated violations are detected, a warning is issued against the TSP, and then penalties ranging in size from $ 5,000, which can be increased to a very impressive $ 200,000 in particularly severe cases. At the same time, a separate monitoring of transactions in the context of cards issued by foreign and domestic issuers is carried out; exceeding the threshold value only for foreign cards can also be the basis for including TSP in the audit program. In particularly neglected cases, a PTS may be disqualified, which will make it impossible to accept cards for payment through any bank in the future. It is worth noting that serious financial consequences may also come for the acquiring bank itself if the situation is bad for all customers as a whole.
Fraud is a global organized business. Violators are grouped together, and each of these groups operates in its own field. Violators join together through social networks and specialized forums to help each other and share their experiences using the most successful attack patterns to achieve maximum performance. Therefore, if a one-time fraud went through the online store, in the shortest possible time several more groups will try to conduct fraudulent transactions - this phenomenon is called a “snowball”. And since the motivation is very strong - money, then the speed with which fraudsters will attack the store will increase in proportion to their number.
What is an antifraud?
A reliable anti-fraud is a service that does not allow fraudsters to cash out and buy goods on someone else’s bank card through an online store.
In addition to the simplest protection settings that any merchant can set up, such as protection against CVV selection and card numbers; analysis of card parameters by bank, owner, type of product, country of issue and geography of use; customer identification by purchase history; retrospective analysis of purchases; detection of suspicious transactions on the prints of the equipment used; domain check and IP addresses, etc., we are able to customize the rules and filters that are unique to each online store.
Our patents on security and payment authentication:
Antifraud reduces conversion?
Yes, antifraud generally reduces conversion. Our task is to minimize the number of false positives and to ensure the highest possible level of conversion at the selected risk level. The conversion is badly affected by any rough settings (as a rule, typical vendor solutions on the bank side) and the standard implementation of 3-D Secure dynamic authorization technology for 100% of processed transactions. The lack of solutions verified by Visa and MasterCard SecureCode is that as of the current time, not all banks are able to correctly and conveniently cardholder to process incoming requests, which in some cases makes it impossible to confirm the intention to perform the operation, and therefore reduces the conversion. In many cases, it will be much more effective to selectively use 3DS authorization for cards of individual issuers and / or suspicious in terms of other parameters of customers. Payture patents use the CheckCode proprietary dynamic authorization technology (verification code), free from some of the shortcomings of typical Visa and MasterCard solutions, which we will discuss separately in future publications. Antifraud allows you to simplify the process of buying for ordinary customers, as well as online monitoring and reporting of suspicious transactions.
How much does antifraud cost?
Standard business model in our market: take Internet acquiring, antifraud is included. But in fact, we have long since identified the antifraud as a separate service, which we provide both with acquiring and independently of it. This allows TSPs from different countries of the world to use our competences to detect and prevent fraud in international markets, to manage risks in the local market of Russia for non-resident TSPs who are attached to many years of experience of cooperation with global cash acceptance operators with limited expertise in our country .
The cost of the anti-fraud service depends on the number of transactions over a period of time and the need to resort to additional (paid) sources of information on any type of business: from 0.75 rubles to 6 rubles per transaction. We also have various options for package offers, which allow TSPs to more economically spend money with a good understanding of their risks and turnovers in volume and value terms.
Aren't scammers basically a problem with banks?
So say not only representatives of the TSP, but also 90% of the polled Russians from the All-Russian sample of the NAFI center (National Agency for Financial Research). To a much greater extent, Internet fraudsters are an entrepreneur’s problem. In accordance with Article No. 9 of the Federal Law “On the National Payment System”, the operator is obliged to reimburse the client for “the amount of the transaction made without the client’s consent”, and then, according to the rules of the ICS, the bank charges this amount from the merchant's payment system. Yes, the security departments of banks closely cooperate with various government agencies. Large-scale thefts are most often brought to court, but cases of fraudulent bank card payments through online stores are practically not investigated in Russia today. Although the total amount of damage from carding (fraudsters - residents of the CIS) is 680 million dollars for 2013-2014. and 3-6 thousand cards of Russian banks are compromised weekly.
The data market of bank cards over the past 10 years has finally been structured and has come to the organization of mass automated distribution channels in the form of electronic trading platforms. According to Group-IB (the company is investigating cybercrime and high-tech fraud), in 2014, only one such store had 6.78 million cards.
And if you want to accept cards for payment, you should know that a card fraud is one of the most difficultly punishable and actively developing types of fraud.
Why is card fraud popular?
Because a bank card is a convenient and fastest growing payment tool on the Internet. The number of cards issued in the Russian Federation in 2014 amounted to 220 million. In large cities, every second adult resident has two or more bank cards. Two thirds of Russians use a bank card to pay for goods / services and withdraw cash almost daily.
If you compare with the turnover of e-commerce, which is growing annually by an average of 10-15%, then the number of fraud attempts increases by at least 25% per year. According to our data, in 2014, about 10% of all transactions in online stores were attempts to make a fraud payment on a card.
How do I know if I have a fraudulent transaction?
Without operational fraud monitoring - no way. You learn about it only after some time, the IPU provides cardholders with a period of up to six months from the date of the actual service. This is the time when cardholders can write an application to protest a transaction according to the rules of the IPU. For example, if we are talking about the sale of a ticket with a departure three months from the date of the order, the closing date for the possibility of protesting a transaction will be up to nine months .
Online stores are trying to imitate as much as possible the format of sales offline - they offer several sizes for delivery and the assistance of a consultant, do online fitting and good detailed photos, draw up a colorful discount "shop window" and a zone of impulse purchases. And the process of payment on the site remains the bottleneck where merchants lose their money and customer loyalty. Is it possible to imagine that in a regular store you are limited to three purchases per day or some amount, do not accept a payment card of a foreign bank, reject a payment for some reason that you don’t understand?
It is to ensure that honest law-abiding buyers do not suffer because of fraudsters, and businessmen do not lose their clients, we constantly analyze large volumes of information, develop and improve our anti-fraud service, which has received its own name - Fraudar. These are ready-made solutions and an individual approach with fine tuning at no additional cost.
Source: https://habr.com/ru/post/250437/
All Articles