David A. Montague - Fraud Prevention Techniques: Credit Card Fraud

Fraud Prevention Techniques for

CREDIT CARD FRAUD

The Professionals Guide to
Preventing Credit Card Fraud in E-commerce,
Mail Order and Telephone Order Sales

By David Montague

CREDIT CARD FRAUD

The Professionals Guide to
Preventing Credit Card Fraud in E-commerce,
Mail Order and Telephone Order Sales

Dav id Montague

Trafford Publ i shi n g
Vi c tori a, BC, Canada

Copyright 2004 David A. Montague. All rights reserved.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the written prior permission of the author.

This book is available at quantity discounts for bulk purchases.

For information, call 1-866-752-6820 available 9-5pst

Further information about Preventing Credit Card Fraud and David Montague can be found at www.fraudpractice.com

Note for Librarians: a cataloguing record for this book that includes Dewey Classification and US Library of Congress numbers is available from the National Library of Canada. The complete cataloguing record can be obtained from the National Librarys online database at: www.nlc-bnc.ca/amicus/index-e.html

ISBN 1-4120-1460-3

ISBN 9-7814-1221-816-0 (ebook)

This book was published on-demand in cooperation with Traftord Publishing.

On-demand publishing is a unique process and service of making a book available for retail sale to the public taking advantage of on-demand manufacturing and Internet marketing. On-demand publishing includes promotions, retail sales, manufacturing, order fulfilment, accounting and collecting royalties on behalf of the author.

Suite 6E, 2333 Government St., Victoria, B.C. V8T 4P4, CANADA

Phone 250-383-6864 Toll-free 1-888-232-4444 (Canada & US)

Fax 250-383-6804 E-mail

WEB SITE WWW.TRAFFORD.COM TRAFFORD PUBLISHING IS A DIVISION OF TRAFFORD HOLDINGS LTD.

Trafford Catalogue #03-1838 www.trafford.com/robots/03-1838.html

10 9 8 7 6 5 4 3 2

Contents

This book is the culmination of over 11 years of learning, consulting and teaching. During that time my peers, customers, friends and prospects have helped me develop into who I am. I owe thanks to all of them for their support, and could not have written this book without them.

I want to express my thanks to Joe Richards, who gave me my first real opportunity in consulting, and who had the foresight to see my talent and ability when my business background was still very junior. Joe recently passed away, but his memory, kindness and spirit live on.

I would also like to thank Mike Brecheisen for his unwavering support and friendship. Mike and I have worked together for years and he has been instrumental in my career development. More importantly, the friendship we have formed along the way has taught me how to have fun at work.

Likewise, I have to thank Bill Mckeirnan, the CEO of CyberSource Corporation, for the freedom and confidence he showed in me to pursue and develop solutions for preventing credit card fraud. Bill has always given me the latitude I needed to set new goals and pursue better solutions. His confidence and drive have been invaluable.

Finally I have to thank my familymost importantly my wife Carriefor her support and patience as I spent so much or our quality time writing this book. Carrie has been a personal, as well as a professional, inspiration to me in writing this book.

Fraud is nothing new to the merchant. Since the beginning of time, man has always looked for the opportunity to defraud othersto gain goods or services without making payment. For the credit card industry, fraud is a part of doing business, and is something that is always a challenge. The merchants that are the best at preventing fraud are the ones that can adapt to change quickly.

This book is written to provide information about how to prevent credit card fraud in the card-not-present space (mail order, telephone order, e-commerce). This book is meant to be an introduction to combating fraud, providing the basic concepts around credit card payment, the ways fraud is perpetrated, along with write ups that define and provide best practices on the use of 32 fraud-prevention techniques.

Card-Present vs. Card-Not-Present

Credit card purchases are described as either being card-present or card-not-present. The difference between the two is the presence of the physical card. If a merchant processes a transaction in which the consumer physically gives them the card to process the order, the transaction is considered card-present. If the merchant doesnt take physical possession of the card to process the order, such as in the case of a telephone order, it is considered a card-not-present transaction.

So who pays when a fraudster steals goods and services? It may surprise you to find out the merchant is left with the bill in most of the cases. For purchases at a physical store in which the consumer comes in and buys goods and services with a credit card, we call this purchase a card-present transaction. In this transaction a consumer hands a merchant the physical card.

When the goods and services are sold to a consumer and the physical card is not given to the merchant, for instance they phone in an order (Telephone Order) or make a purchase through a catalogue (Mail Order), they are conducting what is called a card-not-present transaction. Mail order and telephone orders are typically lumped together in a category we call MOTO. The sale of goods and services online, called e-commerce, is also a member of this group.

This book focuses on the prevention of fraud for the card-not-present transaction. The payment process, fraud schemes, and fraud techniques will all focus on these types of transactions. In some cases comparative views of card-present to card-not-present is made, but for the most part I only talk to the card-not-present transaction. It is important to understand the fraud-prevention techniques used in the card-present world do not translate to the card-not-present world. There are a number of books and references available for preventing fraud in the card-present space, but very few resources for the card-not-present space. The specific fraud-prevention techniques discussed in this book are designed specifically for the card-not-present space, and will provide far better results for merchants.

In terms of orders processed, far more orders are processed in the card-present space than the card-not-present space. While the card-not-present space represents less than 1/3 of the total credit card purchases annually, the e-commerce space is showing significant year-over-year growth. Today e-commerce orders represent a very small percentage of the total card-not-present transactions occurring annually, but as you explore and expand into this channel it is important that you have the processes and tools to prevent fraud losses.

In terms of fraud, the incidence of fraud in the card-not-present channel is far greater than the card-present channel. Orders given in the card-not-present channel are far riskier for a merchant because the fraudster is anonymous to you.

Your Background with Fraud

If you are new to the fraud space, you are probably feeling a little overwhelmed. But dont despairwith the right tools you can quickly make a difference for your company. Everyone assumes the other guy has a great fraud-prevention process in place, but in reality everyone could use some help.

This book was written with the concept of a Fraud Practitioner in mind. A fraud practitioner is a person who is actively engaged in defining, managing and monitoring fraud-prevention practices for a business. These individuals may or may not have a background in preventing fraud, security or criminology, but they do have responsibility for stopping fraud.