Overview of Fraud Management Tools
Some of the most desirable traits of a fraud management offering include:
- The ability to identify repeat transactions from the same point-of-sale device
- The ability to pinpoint the location of a transaction’s origin
- The use of a sophisticated and proven statistical scoring model
- The ability to detect fraud globally
- The ability to link orders that share little or no common elements
- The use of continuous transaction monitoring
- The availability of a custom rules engine
- The availability to customize workflow management
- The ability to interface with third-party verification sources accomplishes all of the above. The use of such third-party resources will provide the merchant with additional resources to utilize in fraud review.
Kount Agent Web Console (AWC)
The Kount Agent Web Console (AWC) uses multiple, proven fraud-fighting technologies designed to maximize a merchant's revenue while minimizing fraud exposure. This solution is designed to apply to virtually any level of the market from small business through strategic markets. The fraud detection capability is much more technologically advanced than traditional fraud prevention offerings such as “Verified by Visa” and “MasterCard SecureCode.” When used correctly, this solution will be the only fraud prevention solution the merchant will need to minimize their fraud exposure while maximizing their revenue.
Fraudsters are intelligent, well-funded and more importantly, resilient in their efforts to make money from fraudulent practices. They spend a great deal of time researching the vulnerabilities of various merchants. They look for gaps in fraud detection capabilities, order response information used to validate or reject orders, call center response questions, changing/seasonal fraud strategies as well as weekend/after hours support. Their sole purpose is to discover any possible weakness in a merchant’s order process and exploit it to the fullest extent possible.
But that’s not the worst part of it! Sophisticated fraudsters are patient as well. They recycle identities and may hold compromised cards “in reserve” so they can slowly cash in on the rewards over time rather than attempt a full-scale assault on a merchant site that may raise red flags. The solution uses a combination of detectors including:
- Real-time order analysis and comparison across all merchants participating in the program.
- Geolocation technologies to fingerprint the device used to make the purchase and the physical geographic location of the device at the time of the purchase.
- The ability to create “personas” of both good and bad transaction details over time so that fraud “rings” can be identified and linked together in real-time. In short, the solution was designed to detect all forms of CNP fraud operating across the globe in real-time. It is the single, most advanced, merchant-facing fraud detection suite today.
- Custom Rules Engine / Management.
Here are the high points of AWC:
Each merchant will begin with a default rule set which closely relates to their industry. The rules, while generic in nature, will provide a foundation on which to build merchant specific rules as it relates to each merchant's internal order management policies, procedures and philosophies.
Rulesets represent a grouping of rules at any given time which have been deployed on the merchants account. Rulesets are created by either the Risk Manager or the Admin contact of the merchant.
A Ruleset (or sometimes referred to as snapshot) is an overarching fraud strategy profile that can contain an infinite number of custom business rules. One snapshot can be active at a time; however, the merchant can schedule different snapshots (with their corresponding rules) to be deployed during certain times of the day, certain times of the week (weekends for example with little to no review staff are on duty) or during various times of the year (the holidays for example where an increase in daily transaction activity may occur).
Rulesets are easily editable and when saved and activated, will become in full force within minutes. There can only be one active rule set at any given time, however, a merchant may have a library of multiple rulesets they can select from for seasonality or other reasons. Rulesets cannot be deleted; however, they can be deactivated with a simple selection and update process. Creation of the rules allows for a merchant to select from over 200 different variables to create rules. Rules can be a simple rule with a single variable, or can be a compound rule with multiple variables depending upon the merchants needs. For a compound rule to trigger, each condition or variable of the rule must be met.
A persona can be defined as the combination of a variety of data elements received from the original order. Variables from the physical device in combination with such things as email address, billing address, card number and device fingerprint allow for Kount to create a persona as an identifiable entity. Once the persona has been created, Kount will examine and cross reference the created persona against all orders from all merchants. During this referencing, Kount will determine any and all matches to the persona being evaluated and review prior orders from the same persona for risk factors in the historical orders. Upon completion of this review, Kount will present an evaluation in the form of a score (1-99) and other data elements associated with the respective persona. In addition to the score, this will also include the quantity of unique credit cards, email addresses, devices and associated geographies of the persona. The persona will be assigned, in addition to the score, a country designation (determined by the cross-referencing of the historical orders of the persona) which represents the country with the highest level of risk associated with the persona within the last 14 days.
The ability to see changes in the “riskiness” of an order based on the real time arrival of new data elements is invaluable to the CNP merchant. In practical terms, Kount looks at fraud as a “living, breathing animal.” The ability to constantly compare new data elements, BIN information and chargeback details against prior orders can increase the overall detection power of the system. The system performs real-time checks on over 200 unique order variables to produce a “score” from 1-99. The more points that are assessed, the more fraudulent the order looks to the system.
How does it work?
The use of a scoring methodology to compare order elements, device fingerprints, proxy locations, etc. in real-time coupled with the ability to continuously monitor these transactions for connections to future fraudulent activity is a major differentiator. Scoring can be applied to any type of CNP sales channel including web, call center and internet voice recognition.
EXAMPLE: Let’s consider a merchant who is selling laptop computers. They may decide, via the use of this solution, that an order placed at 8:00 a.m. EST is legitimate. So, orders placed at 8:00 a.m. are accepted and processed as usual. However, during the picking and packing process, the Kount system may reassess the order using new order elements coming in from multiple merchant sources. New information indicates that the order is fraudulent. The picking and packing process is halted and order is rejected. Information that was not available at the time the order was placed has now prevented the merchant from shipping the product to the fraudulent purchaser. Kount AWC will provide constant score updates on prior orders every 30 minutes for a two week period to ensure maximum fraud detection effectiveness.
Multi-Layer Device Fingerprinting
The ability to identify repeat transactions from the same point-of-sale device enables a merchant to see and profile POS devices used to make purchases anytime and anywhere using over 200 different attributes to create a unique device signature. This ability is referred to as “Multi-Layer Device Fingerprinting.” Each device fingerprint is stored and compared against all other device information collected in real time. The system focuses on real time access to new device data unlike most systems that rely on historical data from “stale” devices.
How does it work?
This detector operates under the assumption that all devices capable of executing a payment transaction have a unique fingerprint, just like the human hand. Any merchant who sells a good or a service via a website can utilize this technology to attach a unique ID to each device used to make a purchase. It’s an incredibly powerful detector of many types of fraudulent activity, especially when combined with proxy piercing technology (see below). Fraudsters must literally change the majority of the device variables associated with the “source” computer to alter the device fingerprint itself. This fact is further proof that no single tool can effectively block all forms of fraud. Device fingerprinting is not applicable to any sales channel outside of web commerce as it requires direct interaction with the consumer’s web browser at the time of checkout.
Dynamic Order Linking
The ability to link orders that share little or no visible common elements is referred to as Dynamic Order Linking. Kount analyzes hundreds of order attributes in real-time while comparing them against millions of historical transactions up to the second. This process allows merchants to see common characteristics and to link transactions to create a “persona.”
This persona concept includes all known data element associations including the unique device fingerprint, all known geographic locations associated with the order elements (IP mapping/proxy piercing), and velocity/use patterns associated with the order. All analysis is performed in real time against prior and current transaction histories from all merchants participating in the fraud program.
How does it work?
An order comes in via “Merchant X” that has no prior association to any other order originating from “Merchant X.” “Merchant Y” has an order placed in a similar time-frame that shares one or more data attributes with the order from “Merchant X.” Those data points are correlated and associated in real- time to build a “persona” around the common data elements that appear across any number of orders passed through any merchant participating in the program. Looking at it another way, the system analyzes the entire database of orders to look for common data points across all merchants/transactions in the system. The system links these transactions together, illustrating the correlation between orders and how they are linked. The virtual workflow engine allows the system and any of the merchant’s staff to see which orders share common characteristics and fraudulent tendencies so that they can be dealt with individually or as a group/persona. The benefit of this type of approach is the merchant’s increased visibility into changing fraud patterns/trends that would otherwise not be visible within the merchant’s own database of order history.
Continuous Transaction Monitoring
Continuous Transaction Monitoring refers to the system’s ability to:
- constantly re-evaluate all transactions against any new transactions for up to two weeks
- re-score the original transactions as necessary every 30 minutes. An order that looks good when placed may morph into a “bad” transaction after a systematic review of new data elements presented after the initial order was placed. This valuable feature gives merchants who ship products a second chance to catch fraud on those orders before they are fulfilled.
Re-scoring of orders is an important feature of the Kount technology. We will re-score all orders continually for 14 days or to whatever limit the merchant has designated. This will allow for the merchant to stay abreast of any changes as it relates to risk which may occur on an order either in the review process or already processed and fulfilled.
Re-scoring, in the simplest of terms, is the method in which every 30 minutes, Kount will re-evaluate a score based upon new information received into our transaction database. Fraudsters commonly will continually make fraud attempts at multiple merchants and with dynamic order linking functionality, orders are continually monitored for increased risk and if risk is determined, a transaction score can be updated accordingly.
The advantage of re-scoring will afford the merchant to take proactive steps in order to continue to reduce chargebacks and in many cases, reduce inventory shrinkage by either cancelling a pending order or re-directing/stopping an outbound shipment.
Each merchant will establish a Re-score Threshold and in doing so, they will inform the system to update records accordingly when this threshold has been surpassed. Typically, the re-score threshold will be the same or greater than any auto decline threshold based upon the score. If there is no auto decline based upon score, the merchant may still establish a re-score threshold.
Orders Already Processed
As orders are re-scored, the case history of the order is updated with a refreshed score if appropriate. Orders which have already been processed and approved may appear in the Suspect Orders queue with a new status of “C” for Change. The score on the Suspect Orders queue will also be highlighted as a visual cue of the re-score.
Items appearing in the Workflow with this designation will indicate that the order was previously approved (either automatically based upon rules) and now the merchant can re-examine the order to determine if they wish to take any action, such as processing an immediate refund to avoid a chargeback, delay or reroute a shipment or manage any details of the order as it relates to VIP List controls.
Previously Processed Orders
For orders which have not been processed from the Workflow queue can also be re-scored and it will be critical that any personnel reviewing orders are examining the current score along with any other attributes when rendering a decision.
Risk Evaluation Field Definitions
- GEOX: The country with the highest level of e-commerce risk associated with this persona in the last 14 days.
- NETW: The riskiest network type associated with this persona in the last 14 days. (Normal, Proxy, Satellite, Anonymous, Library, Prison, High School).
- VELO: The quantity of unique orders seen from this persona in the last 14 days.
- VMAX: The quantity of unique orders seen from this persona in the most recent 6 hour period.
- SCOR: The result of the evaluation of the order which will range from 1 – 99 with 99 being considered very high risk.