Fraud Scoring Systems- Are They Outdated Part One

The short answer falls somewhere between yes and their ability to make accurate predictions are prehistoric. Fraud scoring systems that companies employ to judge whether an order should be accepted, or rejected, or should be manually reviewed before accepting or rejecting are in need of major overhauls, in my opinion.

Nearly every report or whitepaper I have read, or webinar I have listened to, over the last decade detail the same or similar rules being used to make judgment on the ordering information and fraud fighting techniques. Some of the standard verifications used by these systems and the companies try to protect are; is the billing address the same as the shipping address, is the card bin number from a high fraud country, is the amount of the order average to the overall companies order average, does the area code of the party ordering match the area the order is placed from, is the area code a valid area code, is the email address considered risky i.e.; a free web based email address, is the IP address a proxy server or some other IP address that is considered high risk.

Examine why I consider many of the rules are outdated and ineffective in the current fraud fighting systems companies employ.  

Area code matching; we are a mobile society and with a mobile phone people can live in Los Angeles, CA and their mobile phone can have a New York Area code.

IP validation; many people use proxy servers or their work computers to order which in many cases gives false/positive results to fraud scoring systems.

Use of free web based email addresses; in 1999 and 2000 many starting companies refused to take orders from these email addresses. Today the vast majority of people around the world have one or more of these email addresses.

Bin number verification; financial institutions are constantly changing or adding bin numbers to their products and unless the fraud scoring system is able to obtain every current bin number added or subtracted from the world financial system the results are multiple false/positives. This can result in good orders being automatically rejected as well as orders that should be rejected being accepted.

There may be a need to validate only a few verifications approving the order or there may be several hundred verifications needed. If a fraud scoring system has several hundred rules employed to validate an order there is a greater chance many of these rules also having flaws that may block valid orders and fulfill orders that are placed by thieves and should be rejected.

I have examined a number of companies that have added new rules to try and thwart the thieves and reduce losses for the company. Because these basic scoring systems have been used by most companies for several years, the thieves know how to “beat” most systems by providing ordering information many systems place in the accept category. This is one of the reasons why billions of dollars each year are being lost.

Current fraud scoring systems are developed to help companies reduce their losses which does little to protect individuals. Efforts are need to start understanding an individual shopper’s behavior and purchasing patterns as well as to start protecting that one shopper experience and the payment method that single shopper uses.

In the next part of this series I will examine what takes place when card information is used and systems fail to recognize the obvious.

Al Cameron

612-367-7679