For all who could relate to the guy in the recent blog webhost’s dairy, fraud detection software is an answer, that helps. The answer is the same for others, who have an e-commerce site, or handle e-transactions/payments.
Fraud screening checks are usually performed based on IP geographic location, proxy detection, and IP reputation information. There are tools/plugins, that integrate to popular shopping carts, and automation tools.
Most small and medium sized e-merchants face fraud with “Address Verification Service”/”Card Verification Code” and built-in features of their payment gateway, which is no match for the innovative(call it cutting edge?) methods adopted by fraudsters. The results are usually charge-backs and related disputes(headache).
Basic methods of verification often has pitfalls, especially in an era where fraudsters use the credentials for a purchase/order, and later inform the original card-holder of the purchase!
The scenario is worse in certain situations, like the story of the web-host tells. This is exactly the reason for adopting various dynamic methodologies for averting frauds.
Let us consider the case of an online transaction from a card, that has it’s file address set to some place in LA, the billing address provided to you being some place in New York, and the order comes in from an IP in Texas or a web-proxy; The e-mail provided to you being one from a free e-mail provider! Now, how can you trust such a transaction?
While analyzing the above transaction, we validated a request based on few parameters. These are parameters that helped in ascertaining the credibility of an order. Let’s look at each of these.
IP geographical location
Matching online user’s present location, from which the order was placed, against the billing address, helps to effectively detect potential fraudsters. Such an analysis can be done manually by looking up the IP’s geographical location, and later canceling the transaction. You will however introduce a manual processing, that could delay the whole process of purchase, which isn’t something desirable.
Proxy detection
Users using Anonymize-ing proxy for online transactions, conceal the original location from which the order was placed. Tracking the geo-location fails to find the original location of the online user, as the request would appear as if it came from the location where the proxy server resides. Tracking the origin to a web-proxy, leads you in a situation where you are clueless of the original source of the request. You could consider the whole scenario to be un-safe, and cancel all transactions originating from users using proxy servers. You may also look for other means to validate the request, by giving this factor the due weight-age.
IP reputation information
This is the next level of protection, provided by tools such as minFraud. The product comes from MaxMind, who are one of the leading players in this segment. The tools works on the idea of distributed information gathering and binding that information to corresponding IP addresses. It leaves you with the data required to analyze the authenticity of the transaction.
MaxMind keeps track of frauds, and keep the data-set updated in real-time, to avoid future fraudulent transaction. The whole idea works well, since they get data from numerous merchants and transactions. In short, you need not wait for a fraudulent transaction to happen to you, to decide the source IP as fraud, but transaction of some merchant somewhere, will help you make that all important decision.
Frauds and scams have been there even before the advent of Internet. They took a more complex shape, when they transformed on-line. As you would know, there is no fixed solution to the problem, and opting for dynamic solutions seems the only solution!
The dairy entry
Ever since that incident(it’s narrated here), I check the new sign-ups more keenly. I ensure that I check the domain-name for proper registration, and follow-up with customers, asking if they need help with the DNS settings or want assistance with a domain registration. It helps the business, as the customer feels that personal bonding, which I can offer.
Checking their mail traffic, file upload logs and bandwidth usage etc. for a few weeks helps!
About the Author :
Sankar works as a Senior Software Engineer in Bobcares. He joined Bobcares back in April 2006. He loves grooming/mentoring people. During his free time, he listens to music, and enjoys singing..