Here is a short list of five easy things that you can do to help significantly reduce fraud. None of the tactics suggested below are golden eggs but when used in combination together they can help build a very strong picture of risk.
1. Enable dynamic 3DS 2.0 requests on first time card transactions
3DS 2.0 is a type of card verification that requires the card owner to input a one time password (OTP) into the payment flow. It is different to 3DS 1.0 as this older standard often requires information like a date of birth which can easily be found online rather than a password to the phone number or banking app of the holder.
The downside of this approach is that adoption in the market is not 100%. Many smaller banks, savings and loans etc in the US cannot perform a 3DS 2.0 challenge and it might be new to the customer. So in a low adoption market it should be used with some caution.
Unlike 3DS 1.0 which is triggered by the bank 3DS 2.0 allows the merchant, to request a 3DS check. So if you have a new customer buying a high risk product for the first time or using a new card for the first time it might be sensible to force a 3DS 2.0 request rather than hoping the bank will.
This will reduce your risk and if it’s just for the first transaction or first use of a new card it will reduce your risk significantly.
This content is only available to Full Members
Sign up as a Full Member or Login To Unlock The Content!
2. Check the customer’s phone number has been flagged as high risk
Collecting a phone number can help significantly when dealing with fraud. There are several data providers and fraud tools which share data of whether a given phone number has been used for a transaction leading to fraud.
You simply submit the number and they can provide a risk score, line type and depending on the country of origin you can even see if the phone number is roaming and in which country.
This approach is only allowed for fraud checks but can be effective to confirm if you have a non-local card e.g. US being used to purchase something in Europe while on holiday.
3. Verify the customer’s home address using a eVerification provider
The market for eVerification data is extremely well developed. There are many providers which can be used to verify that the address you’re sending a product to is indeed the cardholders address.
While this might not make sense for low value purchases for a high value item this might be useful or even required if you need to perform KYC checks.
4. Check and see if the customer’s device or email has been flagged as suspicious by another merchant
Similar to the phone number it is possible to check if a device or email has been flagged by another merchant. You submit the details and then the response will tell you if there is an issue.
5. Check if the user is connected via a VPN
From my experience a VPN doesn’t guarantee fraud but most fraud happens over a VPN. For this reason if a customer is using a VPN you should make sure that you perform one or more of the checks above and consider the transaction to be higher risk.
It’s very easy to see if a customer is visiting over a VPN by checking their IP against and fraud IP address service.