
9 secrets of online payments. Part 7: Fraud Monitoring System

An online store, a bank, and the card holder itself can suffer from a card fraud. In the event of a card data leak, the attackers try to remove the maximum amount of money and leave no traces so that online stores deal with banks, who still needs to recover the lost amount. It is impossible to keep track of the owners of the cards - the online store cannot know who is on the other side of the screen: an attacker or a respectable client. There is always a risk, but to bring its value closer to zero, there are many tools for verifying payments and verifying payers. One of them, the monitoring system of fraudulent transactions, or the “antifraud system,” will be discussed later.
Part 1. Setting up 3D Secure
Part 2. Regular payments
Part 3. Page for choosing a payment method
Part 4. Payment form
Part 5. Mobile payments
Part 6. One-click payment
Part 7. Fraud monitoring system
Part 8. Refunds and how to avoid them
Part 9. Payment service settings for the type of business
What is antifraud and how does it work
The general scheme of work of almost any fraud monitoring mechanism is as follows: at the time of making a payment using a bank card, several indicators are collected (they are different for each antifraud system) - starting from the computer's IP address and ending with the payment statistics for this card. The number of filters can exceed a hundred (for example, PayOnline electronic payment system has more than 120). The system has a set of rules, that is, security filter limits. Each of the filters checks the user - his personal and card data. The purpose of the system is to make sure that the user is the real owner of the card making a purchase on the site. In case of detection of suspicious activity, that is, exceeding any parameter value, the filter automatically blocks the possibility of making a payment on this card.
The user will make a payment on the site. Payment information is sent to fraud monitoring system. At this moment, antifraud has two information packages: information about this unit payment and the profile of the average payer of this online store. The algorithms of the fraud monitoring system allow to evaluate a number of factors, among which the main ones are:
- The country from which the payment is made.
- The country of the bank that issued the card.
- Amount of payment.
- The number of payments from the card.
- Bank card payment history.
- Profile of the average store payer.
A transaction undergoes an initial analysis based on these and other factors. Based on the analysis, a “label” is assigned to it, which characterizes the transaction processing method. There are three types of tags. Green notes transactions with a low probability of a fraudulent transaction. The “yellow” mark indicates transactions in which the chance of a fraudulent transaction is above average, and additional attention will be required to make a payment. “Red” indicates transactions that are most likely to be fraudulent, and when they are conducted, documentary evidence of the authenticity of the card holder will be required.
The "fate" of each label is individual. In graphical form, we presented the life cycle of transactions of all three types in Figure 1. Next, with a few simple examples, we will consider typical transactions of all “colors” and tell what checks the fraud-monitoring system determines for transactions depending on the level of risk of fraud.

Figure 1. The "life cycle" of transactions with different levels of risk of a fraudulent transaction
With "green" transactions, everything is as simple as possible: for example, the payer pays from Russia using a card issued by a Russian bank. The amount of payment does not exceed the average check of the store.
The monitoring system assigns the transaction a green label. Next, the transaction is sent for authorization using 3-D Secure. And if the card is not subscribed to the one-time password service or the issuing bank does not yet support this service, a request for authorization of this transaction will be sent to the processing center of the paying bank in the usual way - directly.
The average level of risk of fraud determines a different way of checking payment for legitimacy. A yellow label is assigned to transactions with medium and above average risk levels of fraudulent transactions. For example, in a Russian online store, a purchase is paid with a credit card issued in Russia, but the size of the average check is noticeably larger than the average “in the hospital”.
The system marks this transaction with a “yellow” label, and for its authorization additional actions of the payer may be required. If the card is subscribed to 3-D Secure, then the transaction (as in the case with the "green" label) will be authorized using a one-time password. However, if the payer cannot use this method of payment authorization, then his bank card will be automatically sent to online validation or manual verification.
The fraud monitoring system automatically assigns a “red” mark to transactions with a high level of risk of fraudulent transactions. For example, payment in a Russian online store is carried out by a card issued in the USA, and the payer is in Spain.
If payments using this credit card have not been made through PayOnline before, the fraud monitoring system will mark the transaction with a “red mark” and transfer it from the automatic authorization mode to manual. Such a payment will be sent for manual moderation to specialists of the risk department. Authentication of a bank card holder will require documentary evidence - a scanned image of a bank card and an identity card. After providing the correct scans of documents, the operation is transferred from "red" to "green" color and sent for authorization to the processing center of the bank. Doubtful transactions that do not undergo manual moderation are rejected to avoid the risk of fraudulent transactions.
Thus, the analysis of transactions is automatically carried out by the fraud-monitoring system at once at three levels: a single bank card; e-commerce business profile; The total transaction flow processed by IPSP. Together with constantly improving algorithms for automatic collection, processing and analysis of data on completed payments, a multi-level transaction analysis allows the fraud monitoring system to be changed in a timely manner, increasing the security level of making payments on customer sites and reducing risks for all types of fraud typical of Internet commerce.
What guards the fraud monitoring system?
What can cause suspicion in the antifraud system? Here are some parameters that are likely to force a fraud monitoring system.
- Payment by one card occurs from various devices identified by different IP addresses.
- The reverse situation is that operations are carried out using the same number of cards from the same device (IP address).
- Several unsuccessful payment attempts are made from one card (probably, the user is not able to go through the verification procedure).
- One client registers under several accounts using different email addresses and pays from one card
- The name of the payer indicated on the payment form is different from the name of the card holder.
- Different countries of registration of the online store, the card issuing bank and the buyer.
This list of “controversial situations” can give you a general idea of the logic of the system. Risk specialists and business analysts are trying to take into account all the nuances by adding new filters that protect the business of Internet companies from intruders. It is worth noting that, depending on the payment service provider, the logic of the fraud monitoring system and its parameters change.
Manual tuning: why and who needs it
The settings of the fraud monitoring system vary depending on the types of business. You must consider a whole list of parameters:
- average payer profile,
- average check size
- segment risk level,
- features of goods and services sold (digital or physical).
Sometimes a business has a very narrow specificity, and without individual settings, some payments simply will not be able to pass the standard antifraud settings, although they will not be fraudulent.
For example, restrictions on the geography of payments are critical for the online tourism industry: a client may need to purchase a plane ticket while traveling abroad, and the system will block such a payment, since it is not made from the country where the payer card is issued.
In this case, fine-tuning the filters is applied: you can set the conditions according to which the payment will be skipped, even if the condition is not met, the geography of the payment. Such changes are introduced into the system only after analysis of possible risks, under the supervision of specialists and after approval of the changes with the representative of the online store.
Personally interfering with the operation of the system can lead to large losses - when approving fraudulent transactions, the online store will be required to return the money to the owner’s card, even if the goods have already been shipped to an imaginary buyer. Moreover, the store may be fined depending on the amount of fraud, and if such situations recur, special sanctions from international payment systems (MPS) are required.
Pros and cons of the antifraud system
The advantages of a fraud monitoring system are obvious - automatic rejection of dubious transactions, protection of the online store from subsequent proceedings with banks, payment systems and real cardholders. And, of course, minimizing reputational and financial risks. The store’s reputation will not be affected, and users will trust such a resource, which means that their loyalty will grow.
But, like any service, the fraud monitoring system has its own “production costs”. Rejecting payments can lead to loss of customers, which means profits. Without proper configuration, filters may not miss transactions that are significant for the online store, which customers will definitely not like.
When choosing a payment service provider, you should pay attention to the stated conversion to successful payments: services that guarantee "100% successful payments" are likely to either overestimate their functionality or expose customers to the risk of becoming a victim of intruders. For example, the level of conversion to successful payments after a “manual” setup (or for standard online stores with a standard customer audience) of the PayOnline electronic payment system varies between 93-96% - and this is a very good indicator for the market.
Another unpleasant, but important point that you will have to face when developing a fraud monitoring system on the side of the online store will be the protection of user data, both personal and payment. It will be necessary to pass certification of compliance with the requirements of the PCI DSS standard, and also take into account restrictions on the storage and processing of data, regulated by law. This refers more likely to those who nevertheless undertake independent development of antifraud, therefore we will not go into details in detail in this article.
Who provides antifraud services and why only a few should invest in their own developments
Monitoring fraudulent transactions - the need for modern e-commerce realities. For a bank, the cost of supporting and developing an anti-fraud system is more than an acceptable amount that will pay off many times during use.
For a payment service provider, fraud monitoring is one of the key services that it provides to client companies.
For small and medium-sized businesses, the development of their own antifraud is an unbearable and not paying off project. The requirements for such mechanisms are growing every year, they learn to more finely process the information received, taking into account statistics and behavioral factors. For the system to work efficiently and meet modern requirements, a staff of qualified specialists and significant technical capacities are required. In the vast majority of cases, e-commerce players "can not afford" such fixed costs - and the monitoring of fraudulent transactions is delegated to payment service providers specializing in the analysis and processing of payment transactions. So, for example, the monitoring of fraudulent payment transactions in PayOnline is carried out by the Fraud Management System (FMS) developed by our specialists. It allows you to fine-tune security for 140 filters. If you are interested in accepting payments on the site or in a mobile application protected by an anti-fraud system, feel free tocontact , consult and connect.
In the next part of “9 Secrets of Online Payments” we will discuss another very important topic for any seller - chargeback: What should I do if the service is provided or the goods are shipped, and the client or bank requires me to return the money back to the payer's card? How can returns be avoided? What are the requirements for an online store site? Coming soon on our blog.