Harnessing the Power to Stop Fraud

March 6, 2008

Consumer authentication solutions in emerging markets – what you need to know and how to do it, by Tricia Lines Hill

Online gaming companies are increasingly accepting payments from emerging markets in South America, the Asia-Pacific region and Eastern Europe, as they continue to grow their business under the weight of gaming regulations. CyberSource’s ninth annual Online Fraud Report estimates that Internet merchants in the US and Canada alone will lose about $3.6 billion in revenue in 2007 due to online fraud, an increase of about 16% from $3.1 billion in 2006. Although in line with sales growth, with the dollar-loss fraud rate holding steady at 1.4% in 2006 and 2007 (according to CyberSource), the bottom line is a higher cost of overall fraud, due to growth in online sales.

Consider then, the cost of fraud in emerging markets where some of the highest incidence of online fraud occurs, and more typically as a result of counterfeit, skimmed and phished card numbers, not habitual chargeback offenders. So what is the solution? Authenticating or identifying the customer upfront – in advance of a payment transaction – to reduce the exposure to outright card fraud is probably the best bet. We must keep in mind that fraud detection systems and tools are used to identify the probability of risk associated with an online transaction, “they do not guarantee that a fraud will not occur and certainly will never prevent a chargeback from being initiated by the consumer,” said Andrea Wilson, CEO of First Atlantic Commerce (FAC).
But while consumer behaviour cannot be prevented by fraud detection tools, the right mix of fraud management technology can reduce the exposure to fraudulent transactions.

Address Verification and Card Verification (CVV2) Numbers

Address verification (AVS) is still widely used for USA billing address confirmations and continues to be a hugely popular initial online screening service. CVV2 or Card Verification Value has picked up momentum with many Issuers declining authorisations if the CVV2 code doesn’t exactly match. AVS-only as a standalone service is available with or without a payment authorization, and FAC supports $0 auth requests for AVS zip matching. Consider combining $1 pre-authorisation requests with CVV2 and AVS data in a prescreening request to provide some very basic information about the cardholder including whether the card is valid (if $1 declines there IS a problem with the card); whether the plastic is in the cardholder’s possession at the time of the transaction (CVV2 is only located on the signature panel so the logic is that the customer should have the plastic in their possession if CVV2 data matches) and whether the consumer’s billing address matches what the issuer has on file.


Geolocation is also an excellent addition to all merchants’ fraud and risk evaluation solutions. Used to identify the geographic origin of a transaction based on the IP address of the customer’s ISP, it can assist merchants in ascertaining the actual geographic location of their customers and thus likelihood of suspect fraud. It can also be cross-checked with the Address Verification data that’s returned from $0 AVS screening as part of the same transaction request. For instance, if a merchant identifies a consumer IP address as originating in Turkey, yet the credit card billing address data matches a zip address in California, this transaction is definitely suspect and should be flagged for further investigation.

IP geolocation is a very important tool for gaming merchants as MasterCard International now requires merchants to identify and store the physical location of their consumers as part of April 2007 operational compliance changes. Additionally, licensing agencies and regulatory organizations who enforce territory compliance can use IP geolocation to ensure merchants are not violating compliance with the Unlawful Internet Gambling Enforcement Act of 2006 (UIGEA) if this so applies to their specific license regulations.

“Typically, most online geolocation software providers are unable to bundle traditional payment authentication services with IP geolocation data requests in order to provide this level of cross referencing. This is what makes FAC’s solutions unique in the market. We’ve added innovation with flexibility and have created a suite of solutions that improve transactional risk profiling,” noted Wilson.

3-D secure™ for Verified By Visa and Mastercard Securecode™

3-D Secure™ is currently the single most important fraud-prevention service offered today by the Card Associations for online merchants. Available in the consumer’s local domestic currency and language of the bank Issuer, it enables gaming companies to implement Verified by Visa and MasterCard SecureCode™ in all regions and more particularly emerging markets such as Asia, South America and Eastern Europe.

With the 2007 MasterCard changes in chargeback liability shift rules for ‘attempted’ SecureCode transactions, both Visa and MasterCard now support chargeback liability shift in Asia/Pacific, LACR, CEMEA and Europe for qualifying ‘attempted’ 3D Secure™ transactions (for RC 23 and 83). What’s important to understand is that liability shift is based on the merchant’s attempt to verify the consumer or the Issuing Bank – not on whether the cardholder is actually enrolled in Verified By Visa or MasterCard SecureCode™. If the consumer is enrolled and the password is correct, this becomes a fully authenticated transaction and chargeback liability shift is guaranteed. If the consumer or the Issuer is NOT enrolled and the transaction is authorised, the merchant also has a chargeback liability shift representment right if the cardholder disputes it based on RC 23 or 83.

FAC is certified to support local currency 3-D Secure™ in LACR, Europe, and CEMEA regions. This allows merchants to know in advance of full payment authorisation whether they will have a chargeback representment right based on the 3-D Secure™ response code, and when the full payment transaction is subsequently processed through a 3-D Secure™ acquirer. 3-D Secure™ as a standalone service is available through FAC, or it can be combined with CVV2 validation and IP geolocation services as a bundled consumer pre-authentication suite.

Leading The Game

FAC can customize your pre-authentication solutions after reviewing business and operational objectives. We realize no two businesses are ever the same and a shrink-wrap solution simply does not fit all business models. Flexibility is paramount and FAC can transform your transactional risk challenges into business opportunities by providing you with the tools you need to cut fraudulent activity, reduce chargebacks and increase your profits.

Read more about
Online Payment Gateways.


Hello world!

March 6, 2008

Welcome to WordPress.com. This is your first post. Edit or delete it and start blogging!