I used to worked at Fraud Detection of Credit Card companies and make a hundred calls per day to credit cardholder.Depending on their status, I can easily figured it out which cardholder would be easily co-operate and a person who will stop at no point to ask about me,my staff number,where do I work,whose your supervisor and even hardly pushing me to the limit ” I want to speak with your manager!!”. I guess calling my manager to speak to the customer isn’t a good idea; I shall booked more appointment in my manager room and make him start a talk about “How to keep your job and still doing the same job”. Most of management level working background are brave (or shall I say have some guts) to question why I call to check his credit card particulars and demand some identification of me as an authorized person to make such call. But 70% of the cardholder will feel scared,shocked or become blurry for a while and proceed to co-operate with me. But I know it’s not their fault as it’s common thing to have some alertness for something like this and it’s actually normal; you’re still not an insane. Thus, I can conclude that the important thing that most of the people don’t realized is banking services still didn’t implement a safe and secure ways to introduce themselves over the phone and make smooth the entire process of whatsoever they want it using mobile communication.Did’nt you realized that?

There’s a few tips we avoid some unfortunate things to happen..

1. If you were received a call from your mobile phone, makes sure the call is from a fixed line or any phone number except a mobile phone number.Banks saves a lot of money by installing a line from phone companies using a packages offered and one more thing to remember, bank employee still have their own office, a desk, a PC and so on… they are not ” a mobile staff who needs to make a call to cardholder because their office was collapsed after a earthquake “. They are obligates to use their company phone line.

2. If they are from Fraud Support, they have much time ( or a bit more than the Marketing or Sales team) for you to have a quick chit chat.Just ask them a few questions about how they are really sure about your card has been compromised or suspected were being used by somebody else. Ask them about how can you meet them to discuss about it. Usually the Investigation team is always willing to meet you personally. Each case which will be opened must be carefully considered by both parties and there will be some paper to be signed. So, you can always ask the person who call you about what is their identity and how can you contact them.

3. Never ever reveal your CVV number ( the number behind your card placed at the right side and have a single 3 digit number) to anyone. The banking personnel shall ask you a general question about your card such as embossing name (the name printed on your card),your mother’s maiden name,your card number or your card expired date. The CVV number is anti fraud security feature that shows you are in possession of the credit card your own now. In UK, some credit companies provided the cardholder to have their own PIN number-which is most advisable to have since you’ll have it in your mind and not something which is printed like the CVV number.

4.The banking personnel seems to have formal ways to address themselves the “brotherhood of the bees and honey” (find it yourself..heheh) and unlike the impostor which straightaway asking you to get your credit card information. Sometimes they sounds desperate and have no ethical ways at all.Use your instinct. Don’t be panic.Fight like a man.Fear no enemies.It’s just over the phone and not something like “more than meet the eyes”. Okay, I may have  gone too far from the topic of discussion now.

5. If you find yourself talking to someone who you feel something is wrong, you can always call the customer care center or any hotline of the banking services to ask them has anyone from the Fraud Support has called you regarding your credit card.If something is suspicious, they can issued a temporary block to your card and ready for any possible attempt of fraud to your card.For safety issue, you can always seek advice from them and it will be most likely that you have to make a card replacement in order to have a fresh start of using your card again with new cardnumber,CVV number and expired date.

Ridhzuan Harun

Online identity theft might get more publicity these days, but did you know that a quarter of the £400 million lost to credit card fraud in the UK every year is down to good old-fashioned counterfeit cards?

Every credit card provider tries to spot fraud as it happens. But HSBC hopes that the new system it’s introducing to the UK this year will spot fraud faster and more accurately.

This new anti-fraud system could save you from losing money to speculative fraudsters. But it could also mean lots more targeted junk mail too.

How the banks track your credit card

When you make a purchase, you put your credit card in the shop’s card terminal and type in your PIN. The terminal then sends the details back to the credit card issuer to check that you’ve paid your bills and that you’re still under your agreed credit limit.

But the system is also trying to guess whether it’s really you at the till.

HSBC has spent two years working with software modeling expert SAS to build a real-time fraud detection system. This uses a ‘signature’ calculated from your previous behaviour and a complex model of what fraud looks like to calculate the odds that it’s really you – and it does this in 30 to 50 milliseconds.

There’s a fine line between catching fraudsters and annoying customers by questioning too many purchases, so the fewer ‘false positives’ the better. HSBC isn’t saying how much more accurate the new system is, but it’s certainly more efficient.

The new system processes 87 per cent more information (about your shopping and travelling habits as well as what kinds of fraud are happening that day) using 12 per cent less CPU time. But the real change is that the new system will look at more than just your credit card history to work out if you’re really you.

The pattern of shopping

“You are what you buy,” says SAS’s director of fraud solutions T J Horan – and you spend with more than one card. If you have an HSBC credit card, you probably have an HSBC debit card and if your wallet is stolen thieves will be using them, along with your cheque book and all your other cards.

By the end of next summer HSBC will check credit and debit cards in the same system, making it easier to spot suspicious behaviour.

In the future it will run other transactions through the system too. Thieves often try to change the address for your statements so you won’t notice what they’re spending or the money that they’re taking out of your bank account so they don’t hit your credit card limit. They might even take out a mortgage in your name.

HSBC plans to check mortgage applications, cheques, online payments, transactions on mobile phones, address changes and even the behaviour of its own staff against the system to look for fraud. It could even spot businesses that are about to fail.

What it can’t yet do is check against your other credit cards even though the thieves will be using everything they find in your wallet.

Derek Wylde, the head of group fraud HSBC, hopes we’ll see a consortium of UK banks and credit card providers sharing data about fraud.

But he also plans to use the model the bank builds up of you for marketing. “Using transaction data can be incredibly valuable when pinpointing where to sell products to our customers,” he says. But targeted junk mail may still feel like junk mail.

By Mary Branscombe

http://www.techradar.com

Introduction

Credit card fraud is the biggest risk for the e-merchants. While all businesses accepting credit cards face this, the Internet merchant is even more exposed. Brick-and-mortar businesses can verify a signature to prove the authenticity of the payment, but there is no such protection for businesses on the Internet. Due to this increased risk, the credit card banks hold Internet merchants 100% liable for the losses and expenses incurred as a result of credit card fraud. The defrauded merchants not only suffer because of the loss of product or services, but they are expected to pay a charge to defray the expenses the bank incurred from dealing with the fraud.

The amount of money lost to online credit card fraud is staggering. One market report estimated that more than $230 million in losses were suffered by Internet businesses in 1999 as a result. In a Forbes magazine report, the estimate for 2000 was over $600 million. (See http://www.forbes.com/2000/06/21/mu6.html for more information.). Another report states that in the UK, 9 out of 10 e-businesses were hit by online credit card fraud. Judging from these figures, estimates are that about $18 billion will be lost in 2002.

Internet businesses hardest hit by credit card fraud include computer suppliers (hardware and software), electronics, and music/game Web sites. This is primarily due to the products’ popularity , the ease of resale, and the speed with which a criminal can dispose of them and turn a profit. With the increase in e-commerce business, it’s certain that the amount of money lost to fraud will increase exponentially.

The main reason credit card fraud is so high for Internet businesses is due to the anonymity of the entire transaction. A “fraudster” makes purchases without presenting an actual credit card, signing a receipt, or being seen. Additionally, if physical goods are involved, the criminal will most often use a temporary address to receive shipment. These factors make it very difficult for a small- or medium-sized e-enterprise to track down even a fairly novice online culprit.

Proactive Solutions

While it is difficult to prevent credit card fraud, large e-commerce companies have begun to build systems that proactively check parameters entered on an order form while it’s being processed. Many footprints of glaring information can identify a transaction as a fraudulent one. For example, a survey of more than 200 companies performed by the Saint Hamilton Group shows 163-plus companies reported seeing vulgar words entered as either a first name, a last name, or part of an address in an online order form. The same survey also reports that companies linked directly to their bank processors in realtime via the Web were most susceptible to online credit card fraud. Therefore, I decided to develop a solution that would cut down on such incidences and created a component called SC Profanity Check.

SC Profanity Check

SC Profanity Check is meant to check data form fields for profanity. If profanity is found, it notifies the end user that the system has detected a potential fraud. Note that such an approach often tells the culprit they’ve been detected, thus scaring the hacker into either aborting the transaction or submitting their real information. You can download the component here.

Review the following HTML code:

<html>
<body>

<br>
<FORM action=demo1.asp method=post name=”">
<center><table BORDER=0 CELLSPACING=0 CELLPADDING=0 COLS=1 WIDTH=”50%” >
<tr>
<td>
<table BORDER=0 CELLSPACING=5 CELLPADDING=5 COLS=1 WIDTH=”100%”
BGCOLOR=”#000066″ >
<tr>
<td><b><font face=”Arial,Helvetica”><font color=”#FFFFFF”><font
size=-1>SC Profanity Check</font></font></font></b></td>
</tr>
</table>

<br>
<table BORDER=0 CELLSPACING=5 CELLPADDING=5 COLS=2 WIDTH=”100%” >
<tr>
<td><font face=”Arial,Helvetica”><font size=-1>Text Field</font></font></td>

<td><input type=”text” name=”textfield” size=”30″></td>
</tr>

</table>

<br>
<div align=right><input type=”submit” name=”enter” value=”Check For
Profanity”></div>
<br>
</td>
</tr>

</table></center>
</html>

Now look at how a few lines of code can help prevent credit card fraud.

<HTML>
<HEAD>
<TITLE>SC Profanity Check Demo</TITLE>
</HEAD>

<BODY>

<%

testword = Request.Form (“textfield”)
Set test = Server.CreateObject (“scprofanitycheck.profanity”)
if test.IsProfanity (testword) = “True” then
Response.Write “SC Profanity Check identified at least one profanity entered.”
else
if test.IsProfanity(testword) = “False” then
Response.Write “No profanity”
end if
end if

%>

</BODY>
</HTML>

About the Author
Michael Chiam is the CEO of Saint Hamilton Group, a leading credit card fraud detection and risk-management company. He has been programming in C/C++ since 1993. His areas of expertise include Visual C++, C++, C, Java, Visual Basic, ASP, XML, SQL Server and other expert systems. He’s an expert in credit card fraud detection and credit card processing systems. In his spare time, Michael Chiam is also a venture capitalist and angel investor. He can be reached at michaelchiam@sainthamilton.com.

http://www.thisismoney.co.uk

IF you attempt to buy a high-value electrical item over the internet after 11pm, don’t be surprised if the transaction is rejected.

Retailers are using sophisticated profiling techniques to identify when fraudsters are likely to strike and are taking action to fight back.

According to fraud prevention company Retail Decisions, fraudsters are twice as likely to attempt to make a counterfeit purchase between the hours of 11pm and midnight than they are at between 9am and 10am.

The company claims retailers are rejecting 8% of card-not-present transactions, such as those made over the web or phone, because they are made during a certain period during the day or they are a seen to be potentially fraudulent. However, in reality only between 1-2% of total purchases are likely to be fraudulent.

The card-not-present market has become the new target for fraudsters after the introduction of chip and Pin cards made fraud at the till more difficult. According to Apacs, the baking industry trade body, card-not-present fraud jumped by a quarter last year to £150m and is expected to grow in 2005.

Retail Decisions says the average card fraudster’s day begins at around 11am by using stolen or cloned cards to purchase low-value electrical items that are easy to sell on. ‘They want goods that are in high demand, are easily portable and that are easily convertible into cash,’ says Retail Decisions managing director Carl Clump.

The Nokia 6230 pre-pay phone, Canon lxus 700 digital camera and Canon MVX251 are particularly popular with card frauds.

By early afternoon, fraudsters will start to target high-volume, low-value High Street retailers’ websites, such as those offering CDs, books or cosmetics, before leaving home to carry out cheque fraud just before shops close between.

Fraudsters will spend the rest of the day hawking stolen goods around pubs and bars until closing time when they return to their computers to attempt to purchase big-ticket electrical items, visit online gambling sites and top up their mobile phone accounts.

In between leaving the pub and returning home, they will visit one of their favourite haunts, the late-night petrol station, to use stolen cards to fill up with fuel and get cashback.

Rather than matching the popular stereotype of some seedy, underworld type, fraudsters are more likely to dress well, have expensive tastes and behave in a sophisticated manner.

Clump says: ‘We have a pretty good idea of how a fraudster behaves compiled with the help of over 100 retailers and this data enables us to make an accurate decision about whether a transaction is liklely to be fraudulent.’

Retail Decisions analyses a potential transaction using a number of variants, such as the value, time of day and location of the purchase and how many times the card has been used in a set period of time, combined with artifical intelligence software.

For example, fraudulent electrical sales are on average three and a half times the value of a genuine purchase, while mobile phone top-ups are 44% higher.

‘A fraudster will use a stolen card to death in a short space of time before it is cancelled, so if there are a series of high value transactions in a short period of time that card is likely to have been stolen,’ says Clump.

It will also look at the contact details the buyer has entered, such as telephone numbers, email and home address, in addition to checking whether the card has been lost or stolen.

Fraudsters are likely to use a mobile phone rather than a landline and will have a free email address, such as one provided by Hotmail, Google or Yahoo.

Credit card fraud has become pervasive on the Internet. According to MasterCard International, account takeover fraud has increased by 369% since 1995. It has become one of the fastest growing types of fraud, and one of the more difficult to combat. More than $700 million in online sales were lost to fraud in 2001, representing 1.14 percent of total annual online sales of $61.8 billion, according to GartnerG2.

Even if the credit card company has given the authorization as to the validity of the card, there are several ways fraudulent cards can be used on your site. The card may have been lost or stolen, but the card owner is yet to report its loss. Or the number on the card (and not the card itself) may have been lifted without the knowledge of the owner. There is also a scam called identity theft, where the card has been issued under false pretenses using someone else’s identity and data.

As an online merchant, you need to have a system to check the authenticity of orders placed to safeguard your business. While the effort may require additional time and money, it can save you the cost and stress caused by charge-backs for fraudulent orders. You lost your physical products; you lose the sale price; you lose another business opportunity; and you will be fined an additional $15-$50 charge-back fee.

If you have a high percentage of charge-backs, your card services company can even blacklist you and cancel your merchant account. You will also spend time looking up the order and provide the requested information to your card services company. All of these hassles are things you can surely do without.

How can you protect your business from credit card frauds? Here are a few steps that can be taken to ensure that the transaction is being requested by the real cardholder.

* Suspect shipping address. According to ClearCommerce Corporation, a provider of payment processing and fraud protection software for e-commerce, orders from Ukraine, Indonesia, Yugoslavia, Lithuania, Egypt, Romania, Bulgaria, Turkey, Russia and Pakistan have a very high incidence of fraud, and often have unverifiable addresses.
* Untraceable email address. In many fraudulent orders, the customer’s email address is often at one of the free email services, like hotmail.com and yahoo.com, which are relatively untraceable.
* Expensive items. Be wary of expensive orders, especially for expensive brand-name items.
* Multiple items. It can be a bad sign, for example, if someone orders three X-Box or three DVD players at once, especially where the items have a high resale value.
* Express shipping. Most fraudulent orders specify overnight or 1-day shipping without hesitation.
* Shipping address differs from billing address. Receiving point and billing address are different in fraud orders. If you are selling valuable items, it can be a good policy only to ship to the billing address of the card’s holder.
* Suspicious billing address. The address looks too simple or invalid. If the billing address is 123 Main St, New York, the order is probably fraud. You can use or online location tool to see if the address can be verified.
* Leave at door or post office box. If the courier service cannot guarantee delivery of goods, the risk of fraud is very high.

The advancement of geo-targeting in the Internet allows us to pinpoint the geographical region for an order. The information can be used to reduce the fraud by verifying it with the billing address and delivery address. This method can identify the scenario where someone from country X has stolen the credit card data from country Y. The IP address lookup service will reveal the real country instead of relying on the country filled in the order form.

IP2Location™ provides technology to translate IP address to country origin. The lookup table is available in several formats such as database and COM. It is the perfect solution to automate the fraud detection using client side programming languages like C++ & Visual Basic; or service side programming languages like ASP, PHP, JSP and CFML.

For example, company XYZ received a credit-card order from IP address 161.139.12.3. The order details are as following:

Name: John Ma
Address: 123 Main St
City: New York
ZIP Code: 1111
Country: United States
Tel: (503) 111-1111
Credit Card No: 1234 5678 9012 3456
Expired Date: December 2010

Credit card merchant processor will authorize this order if the billing address matches the order details. Unluckily, the credit card data has been stolen earlier by Mr. ABC from another country through the Internet. Later, he made a purchase of digital products from company XYZ using the information. His order approved by the merchant because all the details matched John’s record in the bank’s database. IP2Location™ technology can filter the difference between order’s country and record’s country upfront to protect your business. You can classify this kind of order for manual inspection before delivering the goods. You will be surprise how much this method will help in identifying fraud orders.

For the implementation, we use a fully functional IP2Location™ ActiveX component available at http://www.ip2location.com/ip2location-country.zip to query country by visitor’s IP address. The unregistered version has a 5-second delay in each query.

First, install the ActiveX component in IIS web server. It could be as simple as running a command in DOS prompt.

C:\> regsvr32 ip2location.dll

We create a script to compare the lookup country and data given in the order authorization flow. It serves as a filter to reduce fraud. All rejected orders will be manual verify by merchants.

verify.asp

<% ‘ Country info filled in the form (US is only an example) BillingCountry = “US” ‘ Create server-side object Set ipObj = Server.CreateObject(“IP2Location.Country”) ‘ Initialize IP2Location object If ipObj.Initialize(“demo”) <> “OK” Then
response.write “IP2Location Initialization Failed.
End If
‘ Get visitor’s IP address
IPaddr = Request.ServerVariables(“REMOTE_ADDR”)
‘ Detect visitor’s country of origin by IP address
CountryName = ipObj.LookUpShortName(IPaddr)
‘ Free IP2Location object
Set ipObj = nothing
If CountryName = BillingCountry Then
‘ IP address originates from country in billing address
‘ Low Fraud Risk
Else
‘ IP address different from country in billing address
‘ High Fraud Risk
End If
%>

This article is courtesy of:
Hexa Software Development Team
sales@ip2location.com
http://www.devarticles.com

Here’s some tips for you that might helps to minimize fraud and any potential fraud attempt and hopefully will make you sleep well at night.

1. Never give your credit card information easily over telephone conversation.

This is among the most mistakes done by consumer as it somehow occurs that we always being easily trust by anyone who claimed himself as somebody from a financial institution As it always look so obvious that there’s no certain ways to check whether is it this person are really from American Express Bank or a fraudsters who has done a good job as being an impostor, we must somehow not taking something for granted and try to ask a few question that might help you to have a good feeling about the caller. Ask for the customer services at your card issuer and try to look if there’s anyway you could identify a genuine person from that places.

2. Make yourself available to get be contacted by card issuers.

No. i’m not saying that you can’t have a good privacy but try to figure it anything that could possibly reach you when you’re not available.It’s always a good choice to give extra sources of phone number in your contact information. It might be your parents,siblings,wife,children or your best mate.For your information, the card issuer might have something important to call you especially from Fraud Detection Team regarding your credit card transaction such as confirmation of your retail purchases,online payment or sudden changes of your spending pattern. Usually your card will be temporarily blocked for security purposes if you are not available.Yes, somehow people might get embarrass of using the credit card when suddenly your card transaction denied numerous time in front of other customers waiting behind you but this problem won’t happen if you can set a good contactable relation between you and the card issuer with highest confidence of you on the level of security of the officer in charge.

3. Track down all your past card transaction and do not diversified all the card transaction types.

What i mean here is you must know one of the factor that any fraud detection unit will look for when the receive any fraud cases is how the cardholders spend their credit card over the past 6 month. To ensure that you that you card will be precisely detected from any possible fraud attempt, you can help yourself by not using one card in to buy everything on retail,internet,pay bills or even fuel up a gas at the pump station. You can start using one card for retail,one more card only for internet payment and maybe one more card for you to pay bills or any other transaction types.It’s easier to know if someone is using your card to purchase something expensive,let say, a mobile phone using the card that you only use to pay bills. When this thing happens, you’ll get a call from the card issuer’s fraud detection team and they can block the card from being used again by the fraudsters and possibly minimize the fraud losses.