February 12, 2015 at 18:55Popular about fraud - answers to questions from the real life of electronic merchants
The term fraud now means any fraud in IT. Carding is any illegal operation with a bank card. We specialize in preventing card fraud in e-commerce. The problem is that when starting their online business, entrepreneurs, as a rule, first of all think about the cost of receiving payments and know little about the risks associated with fraud. The most popular questions from TSP (trade and service enterprises, online stores, merchants) are given below.
What is fraud?
Card fraud is something that can slow down the development of online business. If a scammer used a product or service, both the product and the money are lost. What is easier, buy the product on the site by entering the card number and other numbers that are printed on it when paying. But at the same time, the card will be alien - the entered data can be photographed or peeped, obtained using technological fraud with ATMs or through weakly protected sites of other online stores. It is also not a secret that a large number of databases with the details of stolen cards are walking on the network.
Why is it dangerous to skip the fraud?
Because the real cardholder will necessarily write an application to the bank to return the amount debited without his knowledge, i.e. initiates the chargeback procedure. In the case of an unauthorized transaction with a bank card through an online store, the issuing bank that issued the card, on behalf of the card holder, will protest the transaction and the TSP will be required to reimburse the entire purchase price. In the event of a dispute arising from the appeal of suspicious transactions, the acquiring bank may incur additional costs in the amount of several hundred dollars for each case of arbitration by the international payment systems (MPS), which the bank will gladly give up to TSP. Particularly painful losses will occur in low margin businesses. For example, with a sales margin of 2-3%, a TSP will need to sell dozens of commodity units only to cover the resulting loss for one fraudulent transaction. At the same time, a high average check further aggravates the problem - from here the “preferences” of fraudsters are formed by the categories of goods and services purchased. One of the hottest industries is travel and retail.
And that's not all. In the case when the number of fraudulent transactions reaches 1% of the total number of all transactions, VISA and MasterCard MPS have the right to impose penalties on the acquiring bank and, therefore, TSP. After reaching the fraud threshold value, the merchant gets into the global audit program, after which the acquiring bank must request an action plan from the merchant to reduce the fraud level and strictly control the number of fraudulent transactions over the next months. If repeated violations are detected, a warning is issued to the TSP, and then fines of up to $ 5,000 can be increased to very impressive $ 200,000 in severe cases. At the same time, separate monitoring of transactions is carried out in the context of cards issued by foreign and domestic issuers, exceeding the threshold value only with foreign cards can also be the basis for the inclusion of TSP in the audit program. In especially advanced cases, a TSP may be disqualified, which will lead to the impossibility of accepting cards for payment through any bank in the future. It is worth noting that serious financial consequences may occur for the acquiring bank itself in case of a bad situation for all customers as a whole.
Fraud is a global organized business. Violators come together in groups, and each of these groups works in its own field. Violators come together through social networks and specialized forums to help each other and share their experience of using the most successful attack schemes in order to achieve maximum performance. Therefore, if a one-time fraud has taken place in the online store, as soon as possible several more groups will try to conduct fraudulent transactions - this phenomenon is called a “snowball”. And since the motivation is very strong - money, the speed with which scammers will attack the store will proportionally increase their number.
What is antifraud?
Reliable antifraud is a service that does not allow fraudsters to cash out money and buy goods using someone else's credit card through an online store.
In addition to the simplest security settings that any merchant can set, such as protection against CVV selection and card numbers; analysis of the card parameters by bank, owner, product type, country of issue and geography of use; customer identification by purchase history; retrospective analysis of purchases; detection of suspicious transactions by fingerprints of the equipment used; checking the domain and IP address, etc., we can configure rules and filters that are unique to each online store.
Our patents on security and authentication of payment:
Antifraud reduces conversion?
Yes, antifraud generally reduces conversion. Our task is to minimize the number of false positives and ensure the highest possible level of conversion at the chosen level of risk. Conversion is badly affected by any rough settings (as a rule, typical vendor solutions on the bank side) and the standard implementation of 3-D Secure dynamic authorization technology for 100% of processed transactions. The disadvantage of Verified by Visa and MasterCard SecureCode solutions is that, as of the current moment of time, not all banks are able to process incoming requests correctly and conveniently for the card holder, which in some cases leads to the inability to confirm the intention to complete the operation, and therefore reduces the conversion. In many cases, it will be much more efficient to selectively apply 3DS authorization with respect to the cards of individual issuers and / or buyers, suspicious in the aggregate of other parameters. Payture patents provide for the use of CheckCode's own dynamic authorization technology (verification code), which is free from some of the drawbacks of typical Visa and MasterCard solutions, which we will discuss in future publications. Antifraud allows you to simplify the buying process for ordinary customers, as well as monitor and alert suspicious transactions online. which we will discuss separately in future publications. Antifraud allows you to simplify the buying process for ordinary customers, as well as monitor and alert suspicious transactions online. which we will discuss separately in future publications. Antifraud allows you to simplify the buying process for ordinary customers, as well as monitor and alert suspicious transactions online.
How much is antifraud?
The standard business model in our market: take Internet acquiring, antifraud is included. But in fact, we have long identified antifraud as a separate service that we provide both with acquiring and independently of it. This allows TSPs from around the world to use our competencies in identifying and preventing fraud in international markets, to manage risks in the local market of Russia to those TSP-non-residents who are tied by many years of experience of cooperation to global money transfer operators with limited expertise in our country .
The cost of the antifraud service depends on the number of transactions over a period of time and the need to turn to additional (paid) sources of information on any type of business: from 0.75 rubles to 6 rubles per transaction. Also, we have provided various options for package offers that allow TSPs to spend money more economically with a good understanding of their risks and turnovers in kind and in value terms.
But aren't scammers basically a problem for banks?
This is the opinion of not only representatives of the TSP, but also 90% of Russians surveyed for the All-Russian sample of the NAFI center(National Agency for Financial Research). To a much greater extent, online scammers are an entrepreneur's problem. In accordance with Article No. 9 of the Federal Law “On the National Payment System”, the operator is obliged to reimburse the client “the amount of the transaction performed without the consent of the client”, and then, according to the rules of the Ministry of Railways, the bank charges this amount to the TSP. Yes, bank security departments work closely with various government agencies. Large thefts are most often brought to court, but cases of fraudulent payments by bank cards through online stores are currently practically not investigated in Russia. Although the total amount of damage from carding (fraudsters are residents of the CIS) is $ 680 million for 2013-2014. and weekly 3-6 thousand cards of Russian banks are compromised.
The bank card data market for the last 10 years has been completely structured and has come to the organization of massive automated sales channels in the form of electronic trading platforms. According to Group-IB (the company is investigating cybercrime and high-tech fraud), in 2014 there were 6.78 million cards in only one such store.
And if you want to accept cards for payment, you should know that a card fraud is one of the most difficult to punish and actively developing types of fraud.
Why is card fraud popular?
Because a bank card is a convenient and fastest growing payment tool on the Internet. The number of cards issued in the Russian Federation in 2014 amounted to 220 million. In large cities, every second adult resident has two or more bank cards. Two-thirds of Russians use a credit card to pay for goods / services and withdraw cash almost daily.
If you compare with the turnover of e-commerce, which is growing annually by an average of 10-15%, the number of fraud attempts increases by at least 25% per year. According to our data, in 2014, about 10% of all operations in online stores were attempts to make fraud payment by card.
How do I know if I have a fraudulent transaction?
Without operational fraud monitoring - nothing. You will learn about this only after some time, the Ministry of Railways provides cardholders with a period of up to six months from the date of the actual provision of the service. This is the time when cardholders, according to the rules of the IPU, can write an application to protest the transaction. For example, if we are talking about selling a ticket with a departure three months from the date of order, then the closing date for protesting the transaction will be up to nine months .
Online stores try to imitate as much as possible the offline sales format - they offer several sizes for delivery and consultant assistance, make online fitting and good detailed photographs, draw up a colorful discount “showcase” and impulse shopping zone. And the process of payment on the site itself remains that bottleneck where merchants lose their money and customer loyalty. Is it possible to imagine that in a regular store you are limited to three purchases per day or by any amount, do not accept a foreign bank card for payment, reject a payment for an incomprehensible reason for you?
In order to ensure that honest law-abiding buyers do not suffer due to fraudsters and merchants do not lose their customers, we constantly analyze large amounts of information, develop and improve our antifraud service, which got its own name - Fraudar. These are turnkey solutions and an individual approach with fine tuning without additional costs.
What is fraud?
Card fraud is something that can slow down the development of online business. If a scammer used a product or service, both the product and the money are lost. What is easier, buy the product on the site by entering the card number and other numbers that are printed on it when paying. But at the same time, the card will be alien - the entered data can be photographed or peeped, obtained using technological fraud with ATMs or through weakly protected sites of other online stores. It is also not a secret that a large number of databases with the details of stolen cards are walking on the network.
Why is it dangerous to skip the fraud?
Because the real cardholder will necessarily write an application to the bank to return the amount debited without his knowledge, i.e. initiates the chargeback procedure. In the case of an unauthorized transaction with a bank card through an online store, the issuing bank that issued the card, on behalf of the card holder, will protest the transaction and the TSP will be required to reimburse the entire purchase price. In the event of a dispute arising from the appeal of suspicious transactions, the acquiring bank may incur additional costs in the amount of several hundred dollars for each case of arbitration by the international payment systems (MPS), which the bank will gladly give up to TSP. Particularly painful losses will occur in low margin businesses. For example, with a sales margin of 2-3%, a TSP will need to sell dozens of commodity units only to cover the resulting loss for one fraudulent transaction. At the same time, a high average check further aggravates the problem - from here the “preferences” of fraudsters are formed by the categories of goods and services purchased. One of the hottest industries is travel and retail.
And that's not all. In the case when the number of fraudulent transactions reaches 1% of the total number of all transactions, VISA and MasterCard MPS have the right to impose penalties on the acquiring bank and, therefore, TSP. After reaching the fraud threshold value, the merchant gets into the global audit program, after which the acquiring bank must request an action plan from the merchant to reduce the fraud level and strictly control the number of fraudulent transactions over the next months. If repeated violations are detected, a warning is issued to the TSP, and then fines of up to $ 5,000 can be increased to very impressive $ 200,000 in severe cases. At the same time, separate monitoring of transactions is carried out in the context of cards issued by foreign and domestic issuers, exceeding the threshold value only with foreign cards can also be the basis for the inclusion of TSP in the audit program. In especially advanced cases, a TSP may be disqualified, which will lead to the impossibility of accepting cards for payment through any bank in the future. It is worth noting that serious financial consequences may occur for the acquiring bank itself in case of a bad situation for all customers as a whole.
Fraud is a global organized business. Violators come together in groups, and each of these groups works in its own field. Violators come together through social networks and specialized forums to help each other and share their experience of using the most successful attack schemes in order to achieve maximum performance. Therefore, if a one-time fraud has taken place in the online store, as soon as possible several more groups will try to conduct fraudulent transactions - this phenomenon is called a “snowball”. And since the motivation is very strong - money, the speed with which scammers will attack the store will proportionally increase their number.
What is antifraud?
Reliable antifraud is a service that does not allow fraudsters to cash out money and buy goods using someone else's credit card through an online store.
In addition to the simplest security settings that any merchant can set, such as protection against CVV selection and card numbers; analysis of the card parameters by bank, owner, product type, country of issue and geography of use; customer identification by purchase history; retrospective analysis of purchases; detection of suspicious transactions by fingerprints of the equipment used; checking the domain and IP address, etc., we can configure rules and filters that are unique to each online store.
Our patents on security and authentication of payment:
Antifraud reduces conversion?
Yes, antifraud generally reduces conversion. Our task is to minimize the number of false positives and ensure the highest possible level of conversion at the chosen level of risk. Conversion is badly affected by any rough settings (as a rule, typical vendor solutions on the bank side) and the standard implementation of 3-D Secure dynamic authorization technology for 100% of processed transactions. The disadvantage of Verified by Visa and MasterCard SecureCode solutions is that, as of the current moment of time, not all banks are able to process incoming requests correctly and conveniently for the card holder, which in some cases leads to the inability to confirm the intention to complete the operation, and therefore reduces the conversion. In many cases, it will be much more efficient to selectively apply 3DS authorization with respect to the cards of individual issuers and / or buyers, suspicious in the aggregate of other parameters. Payture patents provide for the use of CheckCode's own dynamic authorization technology (verification code), which is free from some of the drawbacks of typical Visa and MasterCard solutions, which we will discuss in future publications. Antifraud allows you to simplify the buying process for ordinary customers, as well as monitor and alert suspicious transactions online. which we will discuss separately in future publications. Antifraud allows you to simplify the buying process for ordinary customers, as well as monitor and alert suspicious transactions online. which we will discuss separately in future publications. Antifraud allows you to simplify the buying process for ordinary customers, as well as monitor and alert suspicious transactions online.
How much is antifraud?
The standard business model in our market: take Internet acquiring, antifraud is included. But in fact, we have long identified antifraud as a separate service that we provide both with acquiring and independently of it. This allows TSPs from around the world to use our competencies in identifying and preventing fraud in international markets, to manage risks in the local market of Russia to those TSP-non-residents who are tied by many years of experience of cooperation to global money transfer operators with limited expertise in our country .
The cost of the antifraud service depends on the number of transactions over a period of time and the need to turn to additional (paid) sources of information on any type of business: from 0.75 rubles to 6 rubles per transaction. Also, we have provided various options for package offers that allow TSPs to spend money more economically with a good understanding of their risks and turnovers in kind and in value terms.
But aren't scammers basically a problem for banks?
This is the opinion of not only representatives of the TSP, but also 90% of Russians surveyed for the All-Russian sample of the NAFI center(National Agency for Financial Research). To a much greater extent, online scammers are an entrepreneur's problem. In accordance with Article No. 9 of the Federal Law “On the National Payment System”, the operator is obliged to reimburse the client “the amount of the transaction performed without the consent of the client”, and then, according to the rules of the Ministry of Railways, the bank charges this amount to the TSP. Yes, bank security departments work closely with various government agencies. Large thefts are most often brought to court, but cases of fraudulent payments by bank cards through online stores are currently practically not investigated in Russia. Although the total amount of damage from carding (fraudsters are residents of the CIS) is $ 680 million for 2013-2014. and weekly 3-6 thousand cards of Russian banks are compromised.
The bank card data market for the last 10 years has been completely structured and has come to the organization of massive automated sales channels in the form of electronic trading platforms. According to Group-IB (the company is investigating cybercrime and high-tech fraud), in 2014 there were 6.78 million cards in only one such store.
And if you want to accept cards for payment, you should know that a card fraud is one of the most difficult to punish and actively developing types of fraud.
Why is card fraud popular?
Because a bank card is a convenient and fastest growing payment tool on the Internet. The number of cards issued in the Russian Federation in 2014 amounted to 220 million. In large cities, every second adult resident has two or more bank cards. Two-thirds of Russians use a credit card to pay for goods / services and withdraw cash almost daily.
If you compare with the turnover of e-commerce, which is growing annually by an average of 10-15%, the number of fraud attempts increases by at least 25% per year. According to our data, in 2014, about 10% of all operations in online stores were attempts to make fraud payment by card.
How do I know if I have a fraudulent transaction?
Without operational fraud monitoring - nothing. You will learn about this only after some time, the Ministry of Railways provides cardholders with a period of up to six months from the date of the actual provision of the service. This is the time when cardholders, according to the rules of the IPU, can write an application to protest the transaction. For example, if we are talking about selling a ticket with a departure three months from the date of order, then the closing date for protesting the transaction will be up to nine months .
Online stores try to imitate as much as possible the offline sales format - they offer several sizes for delivery and consultant assistance, make online fitting and good detailed photographs, draw up a colorful discount “showcase” and impulse shopping zone. And the process of payment on the site itself remains that bottleneck where merchants lose their money and customer loyalty. Is it possible to imagine that in a regular store you are limited to three purchases per day or by any amount, do not accept a foreign bank card for payment, reject a payment for an incomprehensible reason for you?
In order to ensure that honest law-abiding buyers do not suffer due to fraudsters and merchants do not lose their customers, we constantly analyze large amounts of information, develop and improve our antifraud service, which got its own name - Fraudar. These are turnkey solutions and an individual approach with fine tuning without additional costs.