The term fraud now means any fraud in IT. Carding refers to any illegal operations with a bank card. We specialize in preventing card fraud in e-commerce. The problem is that when starting a business online, entrepreneurs tend to think first about the cost of accepting payments and know little about the risks associated with fraud. The most popular questions from TSPS (retail and service companies, online stores, merchants) are listed below.
What is a fraud?
Card fraud is something that can slow down the development of an online business. If the product or service was used by a fraudster, both the product and money are lost. What is easier is to buy a product on the site by entering the card number and other numbers that are printed on it when paying. But at the same time, the card will be someone else's – the entered data can be photographed or spied on, obtained through technological fraud with ATMs or through poorly protected sites of other online stores. It is also no secret that a large number of databases with the details of stolen cards are walking around the network.
Why is it dangerous to skip a scam?
Because the real cardholder will definitely write an application to the bank for a refund of the amount debited without their knowledge, i.e. initiates the chargeback procedure. If an unauthorized transaction on a bank card passes through the online store, the issuing bank that issued the card will protest the transaction on behalf of the cardholder and the TSP will be required to reimburse the entire purchase price. If there are disputes related to the appeal of suspicious transactions, the acquiring bank may incur additional costs in the amount of several hundred dollars for each case of arbitration by international payment systems( IPSS), which the bank will gladly concede to the TSP. Particularly painful losses will occur for low-margin businesses. For example, if the sales margin is 2-3%, the TSP will need to sell several dozen product units just to cover the resulting loss for one fraudulent transaction. At the same time, a high average receipt further exacerbates the problem — hence the "preferences" of scammers for the categories of goods and services purchased. Some of the hottest industries are travel and retail.
And that's not all. In the event that the number of fraudulent transactions reaches 1% of the total number of all transactions, the VISA and MasterCard MBS have the right to issue penalties to the acquiring bank, and therefore to the TSP. Once the fraud threshold is reached, the TSP is included in the global audit program, after which the acquiring bank must request an action plan from the TSP to reduce the level of fraud and strictly control the number of fraudulent transactions over the next months. If repeated violations are detected, a warning is issued to the TSP, and then penalties starting from $ 5,000, which can be increased to a very impressive $ 200,000 in particularly severe cases. At the same time, operations are monitored separately for cards issued by foreign and domestic issuers.Exceeding the threshold value only for foreign cards may also be a reason for including the TSP in the audit program. In particularly advanced cases, the cardholder may be disqualified, which will make it impossible to accept cards for payment through any bank in the future. It is worth noting that serious financial consequences can occur for the acquiring bank itself if the situation is bad for all clients in general.
Fraud is a global organized business. Violators are grouped into groups, and each of these groups works in its own area. Violators unite through social networks and specialized forums to help each other and share their experience using the most successful attack schemes in order to achieve maximum performance. Therefore, if a one-time fraud has taken place in an online store, several more groups will try to conduct fraudulent transactions in the shortest possible time — this phenomenon is called a "snowball". And since the motivation is very strong-money, the speed with which scammers will attack the store will increase proportionally to their number.
What is antifraud?
Reliable antifraud is a service that prevents fraudsters from cashing out money and buying goods using someone else's bank card through an online store.
In addition to the simplest security settings that any merchant can set, such as protection against CVV selection and card numbers; analysis of card parameters by bank, owner, product type, country of issue and geography of use; buyer identification by purchase history; retrospective analysis of purchases; detection of suspicious transactions by fingerprints of the equipment used; domain and IP verification addresses, etc., we can set up rules and filters that are unique for each online store.
Our Payment security and authentication patents:
Does antifraud reduce your conversion rate?
Yes, antifraud generally reduces conversions. Our goal is to minimize the number of false positives and ensure the highest possible conversion rate with the selected risk level. Conversion is badly affected by any rough settings (usually typical vendor solutions on the bank's side) and the standard implementation of 3-D Secure dynamic authorization technology for 100% of processed transactions. The disadvantage of Verified by Visa and MasterCard SecureCode solutions is that, as of the current moment, not all banks are able to process incoming requests correctly and conveniently for the cardholder, which in some cases leads to the inability to confirm the intention to perform the operation, and therefore reduces the conversion rate. In many cases, it will be much more effective to selectively apply 3DS authorization to cards issued by individual issuers and / or customers who are suspicious of the totality of other parameters. Payture's patents provide for the use of its own dynamic authorization technology CheckCode (verification code), which is free from some of the disadvantages of standard Visa and MasterCard solutions, which we will discuss separately in future publications. Antifraud allows you to simplify the purchase process for ordinary customers, as well as track and notify about suspicious transactions online.
How much does antifraud cost?
Standard business model in our market: take Internet acquiring, antifraud enabled. But in fact, we have long separated antifraud into a separate service, which we provide both together with acquiring and independently of it. This allows TSPS from all over the world to use our expertise in detecting and preventing fraud in international markets, and to manage risks in the local Russian market for those non-resident TSPS who are tied to long-term cooperation experience with global money acceptance operators who have limited expertise in their activities in our country.
The cost of the antifraud service depends on the number of transactions per time period and the need to access additional (paid) sources of information for any type of business: from 0.75 rubles to 6 rubles per transaction. We also provide various options for package offers that allow TSPS to spend more economically with a good understanding of their risks and turnover in physical and monetary terms.
Aren't scammers mostly a problem for banks?
This is the opinion of not only representatives of the TSP, but also 90% of Russians surveyed in the all-Russian sample of the NAFI center (National Agency for Financial Research). To a much greater extent, Internet scammers are an entrepreneur's problem. In accordance with Article No. 9 of the Federal Law “About the national Payment system " the operator is obliged to reimburse the client “for the amount of a transaction made without the client's consent”, and then, according to the rules of the Ministry of Internal Affairs, the bank charges this amount to the TSP. Yes, banks ' security departments work closely with various government agencies. Large-scale embezzlement is most often brought to court, but cases of fraudulent bank card payments through online stores are practically not investigated in Russia at the moment. Although the total amount of damage from carding (scammers-residents of the CIS) is $ 680 million for 2013-2014. and 3-6 thousand cards of Russian banks are compromised every week.
Over the past 10 years, the market for bank card data has finally been structured and has come to the organization of mass automated sales channels in the form of electronic trading platforms. According to Group-IB (a company that investigates cybercrime and high-tech fraud), in 2014 there were 6.78 million cards in just one such store.
And if you want to accept cards for payment, you should know that card fraud is one of the most difficult to punish and actively developing types of fraud.
Why is card fraud popular?
Because a bank card is a convenient and fast-growing payment tool on the Internet. The number of cards issued in Russia in 2014 was 220 million. In large cities, every second adult resident has two or more bank cards. Two-thirds of Russians use a bank card to pay for goods/services and withdraw cash almost daily.
If you compare it with the turnover of e-commerce, which grows by an average of 10-15% annually, then the number of fraud attempts increases by at least 25% per year. According to our data, in 2014, about 10% of all transactions in online stores were attempts to make a fraudulent card payment.
How do I find out if I have completed a fraudulent transaction?
Without operational fraud monitoring, there is no way. You will find out about this only after some time, the Ministry of Internal Affairs provides cardholders with a period of up to six months from the actual date of service provision. This is the time when cardholders can submit an application to challenge the transaction according to the IPU rules. For example, if we are talking about selling a flight ticket with a departure in three months from the order date, then the deadline for closing the possibility of protesting the transaction will be up to nine months.
Online stores try to imitate the format of offline sales as much as possible — they offer several sizes for delivery and the help of a consultant, make an online fitting and good detailed photos, make out a colorful discount “showcase” and a zone of impulse purchases. And the payment process itself on the site remains the bottleneck where merchants lose their money and customer loyalty. Is it possible to imagine that in a regular store you are limited to three purchases a day or any amount, do not accept a foreign bank card for payment, or reject the payment for a reason that is not clear to you?
It is precisely in order that honest law — abiding buyers do not suffer through the fault of fraudsters, and merchants do not lose their customers, that we constantly analyze large amounts of information, develop and improve our anti-fraud service, which has received its own name-Fraudar. These are ready-made solutions and an individual approach with fine tuning at no additional cost.
What is a fraud?
Card fraud is something that can slow down the development of an online business. If the product or service was used by a fraudster, both the product and money are lost. What is easier is to buy a product on the site by entering the card number and other numbers that are printed on it when paying. But at the same time, the card will be someone else's – the entered data can be photographed or spied on, obtained through technological fraud with ATMs or through poorly protected sites of other online stores. It is also no secret that a large number of databases with the details of stolen cards are walking around the network.
Why is it dangerous to skip a scam?
Because the real cardholder will definitely write an application to the bank for a refund of the amount debited without their knowledge, i.e. initiates the chargeback procedure. If an unauthorized transaction on a bank card passes through the online store, the issuing bank that issued the card will protest the transaction on behalf of the cardholder and the TSP will be required to reimburse the entire purchase price. If there are disputes related to the appeal of suspicious transactions, the acquiring bank may incur additional costs in the amount of several hundred dollars for each case of arbitration by international payment systems( IPSS), which the bank will gladly concede to the TSP. Particularly painful losses will occur for low-margin businesses. For example, if the sales margin is 2-3%, the TSP will need to sell several dozen product units just to cover the resulting loss for one fraudulent transaction. At the same time, a high average receipt further exacerbates the problem — hence the "preferences" of scammers for the categories of goods and services purchased. Some of the hottest industries are travel and retail.
And that's not all. In the event that the number of fraudulent transactions reaches 1% of the total number of all transactions, the VISA and MasterCard MBS have the right to issue penalties to the acquiring bank, and therefore to the TSP. Once the fraud threshold is reached, the TSP is included in the global audit program, after which the acquiring bank must request an action plan from the TSP to reduce the level of fraud and strictly control the number of fraudulent transactions over the next months. If repeated violations are detected, a warning is issued to the TSP, and then penalties starting from $ 5,000, which can be increased to a very impressive $ 200,000 in particularly severe cases. At the same time, operations are monitored separately for cards issued by foreign and domestic issuers.Exceeding the threshold value only for foreign cards may also be a reason for including the TSP in the audit program. In particularly advanced cases, the cardholder may be disqualified, which will make it impossible to accept cards for payment through any bank in the future. It is worth noting that serious financial consequences can occur for the acquiring bank itself if the situation is bad for all clients in general.
Fraud is a global organized business. Violators are grouped into groups, and each of these groups works in its own area. Violators unite through social networks and specialized forums to help each other and share their experience using the most successful attack schemes in order to achieve maximum performance. Therefore, if a one-time fraud has taken place in an online store, several more groups will try to conduct fraudulent transactions in the shortest possible time — this phenomenon is called a "snowball". And since the motivation is very strong-money, the speed with which scammers will attack the store will increase proportionally to their number.
What is antifraud?
Reliable antifraud is a service that prevents fraudsters from cashing out money and buying goods using someone else's bank card through an online store.
In addition to the simplest security settings that any merchant can set, such as protection against CVV selection and card numbers; analysis of card parameters by bank, owner, product type, country of issue and geography of use; buyer identification by purchase history; retrospective analysis of purchases; detection of suspicious transactions by fingerprints of the equipment used; domain and IP verification addresses, etc., we can set up rules and filters that are unique for each online store.
Our Payment security and authentication patents:
Does antifraud reduce your conversion rate?
Yes, antifraud generally reduces conversions. Our goal is to minimize the number of false positives and ensure the highest possible conversion rate with the selected risk level. Conversion is badly affected by any rough settings (usually typical vendor solutions on the bank's side) and the standard implementation of 3-D Secure dynamic authorization technology for 100% of processed transactions. The disadvantage of Verified by Visa and MasterCard SecureCode solutions is that, as of the current moment, not all banks are able to process incoming requests correctly and conveniently for the cardholder, which in some cases leads to the inability to confirm the intention to perform the operation, and therefore reduces the conversion rate. In many cases, it will be much more effective to selectively apply 3DS authorization to cards issued by individual issuers and / or customers who are suspicious of the totality of other parameters. Payture's patents provide for the use of its own dynamic authorization technology CheckCode (verification code), which is free from some of the disadvantages of standard Visa and MasterCard solutions, which we will discuss separately in future publications. Antifraud allows you to simplify the purchase process for ordinary customers, as well as track and notify about suspicious transactions online.
How much does antifraud cost?
Standard business model in our market: take Internet acquiring, antifraud enabled. But in fact, we have long separated antifraud into a separate service, which we provide both together with acquiring and independently of it. This allows TSPS from all over the world to use our expertise in detecting and preventing fraud in international markets, and to manage risks in the local Russian market for those non-resident TSPS who are tied to long-term cooperation experience with global money acceptance operators who have limited expertise in their activities in our country.
The cost of the antifraud service depends on the number of transactions per time period and the need to access additional (paid) sources of information for any type of business: from 0.75 rubles to 6 rubles per transaction. We also provide various options for package offers that allow TSPS to spend more economically with a good understanding of their risks and turnover in physical and monetary terms.
Aren't scammers mostly a problem for banks?
This is the opinion of not only representatives of the TSP, but also 90% of Russians surveyed in the all-Russian sample of the NAFI center (National Agency for Financial Research). To a much greater extent, Internet scammers are an entrepreneur's problem. In accordance with Article No. 9 of the Federal Law “About the national Payment system " the operator is obliged to reimburse the client “for the amount of a transaction made without the client's consent”, and then, according to the rules of the Ministry of Internal Affairs, the bank charges this amount to the TSP. Yes, banks ' security departments work closely with various government agencies. Large-scale embezzlement is most often brought to court, but cases of fraudulent bank card payments through online stores are practically not investigated in Russia at the moment. Although the total amount of damage from carding (scammers-residents of the CIS) is $ 680 million for 2013-2014. and 3-6 thousand cards of Russian banks are compromised every week.
Over the past 10 years, the market for bank card data has finally been structured and has come to the organization of mass automated sales channels in the form of electronic trading platforms. According to Group-IB (a company that investigates cybercrime and high-tech fraud), in 2014 there were 6.78 million cards in just one such store.
And if you want to accept cards for payment, you should know that card fraud is one of the most difficult to punish and actively developing types of fraud.
Why is card fraud popular?
Because a bank card is a convenient and fast-growing payment tool on the Internet. The number of cards issued in Russia in 2014 was 220 million. In large cities, every second adult resident has two or more bank cards. Two-thirds of Russians use a bank card to pay for goods/services and withdraw cash almost daily.
If you compare it with the turnover of e-commerce, which grows by an average of 10-15% annually, then the number of fraud attempts increases by at least 25% per year. According to our data, in 2014, about 10% of all transactions in online stores were attempts to make a fraudulent card payment.
How do I find out if I have completed a fraudulent transaction?
Without operational fraud monitoring, there is no way. You will find out about this only after some time, the Ministry of Internal Affairs provides cardholders with a period of up to six months from the actual date of service provision. This is the time when cardholders can submit an application to challenge the transaction according to the IPU rules. For example, if we are talking about selling a flight ticket with a departure in three months from the order date, then the deadline for closing the possibility of protesting the transaction will be up to nine months.
Online stores try to imitate the format of offline sales as much as possible — they offer several sizes for delivery and the help of a consultant, make an online fitting and good detailed photos, make out a colorful discount “showcase” and a zone of impulse purchases. And the payment process itself on the site remains the bottleneck where merchants lose their money and customer loyalty. Is it possible to imagine that in a regular store you are limited to three purchases a day or any amount, do not accept a foreign bank card for payment, or reject the payment for a reason that is not clear to you?
It is precisely in order that honest law — abiding buyers do not suffer through the fault of fraudsters, and merchants do not lose their customers, that we constantly analyze large amounts of information, develop and improve our anti-fraud service, which has received its own name-Fraudar. These are ready-made solutions and an individual approach with fine tuning at no additional cost.
