Reviewing the Fraud Score of an Order

Owned by Hunter Schaeffer
Last updated: Jun 08, 2017 by Perry Tew
4 min read

Overview

The fraud scoring system provides a set of details associated with an order that are indicators of potential fraud.

Fraud Review Locations

Order flagged for fraud review will appear in two possible locations:

  1. Account Receivables (denoted as A/R throughout this document)
  2. Fraud Review 


If the fraud scoring rule is configured with "Flag for Review" in the Fraud Prevention configuration page, the order will be captured and placed into the A/R for your follow up.

Note

Please note that this is the default setting for the Fraud Score rule, unless you delete and reconfigure the rule.

If the fraud score rule is configured with the "Process payment then Review" in the Fraud Prevention configuration page, the order will appear in the "Fraud Review" page (unless the payment fails, in which case the order will appear in the Accounts Receivables page for review and payment processing.)

Reviewing the Fraud Score details

Clicking on the "Click to show full details hyperlink next to the Fraud Score will appear like this:

There are 5 sub-sections to the Fraud Score details:

  1. Geographical IP Address Location Checks
  2. Proxy Detection Checks
  3. E-Mail Checks
  4. Issuing Bank BIN Check
  5. Address and Phone Number Check

And explanation of each section detailed below.

Geographical IP Address Location Checks

This section provides a comparison of the Billing Address provided by the customer to a "geo-location" lookup of the IP address recorded for the customers browser.

Proxy Detection Checks

This section provides indicators for the customer's internet connection passing through proxy servers, which may be used to mask or hide their true IP address. 

Things to look out for are "True" for the Anonymous Proxy Transparent Proxy or a score above 0.00 for Proxy Score and Spam Score.

Email Checks

In this section, You'll want to focus on the second field "Carder Email" reporting "True", as this means that the email address has been used on previously reported fraudulent orders (this is determined via a 3rd party database lookup.)

The free email field no longer has significant meaning since so many people now use services such as Gmail, Hotmail, etc., however, if you see a "False" score for that it, that would mean they are using an email from a registered account, such as from their cable or internet provider, which should mean it's less likely to be fraudulent.

Issuing Bank BIN Number Check

The first section of the Bank Identification Number identifies the location of the bank that issued the card, while the latter portion identifies the specific name of the bank. BINs are traditionally used by online Merchants as a way to detect fraud by matching the geographic area where the cardholder is located to the geographic area identified in the Bank Identification Number. The term Issuer Identification Number (IIN) and Interbank Card Association Number (ICA) also refer to this same collection of numbers. A personal identification number, or PI identifies a cardholder.

See also:
http://www.investopedia.com/terms/b/bank-identification-number.asp

Address and Phone Number Checks

Much like the free email check, the Phone (Number) In Billing Location check is mostly obsolete because  people often carry their phone numbers with then as they move to different locations. 

However, the second check for the shipping address is another strong indicator of fraud. The Address check performs a 3rd party database look up of addresses reported on previous fraudulent orders.

Summary

What you should understand about Fraud Scoring is that it's a bit of an art more so that an exact science. You'll need to make certain judgement calls based on your understanding of your customer base and what a typical order make look alike. For example, you may have a customer base that work in the military and may get orders flagged due to the IP address appearing in the Middle East as opposed to the United States billing address. Similarly, a customer base in Latin America may find that many orders are shipped to Miami. In those cases you'll need to apply operational knowledge to accurately interpret the fraud score associated with the order.

The Biggest Red Flags

The biggest red Flags are the "Carder Email" and "Ship Forwarder" as these the indicators that the email and ship addresses have been reported on previously deemed fraudulent orders. However,the remaining indicators taken as a whole also provide insights to the potential of fraudulent activity.

You should reject orders that you deem as fraudulent. The customer is not notified if you reject the order, that will be up to you if you want to send them a notification. 

If you decide the score is a "false positive" and wish to process the order for payment, navigate to the Accounts Receivable department and process the payment


NOTE: You may wish to contact the customer and request the CVV number again so that you can enter it in when manually processing the payment, as an additional level of payment validation, as UltraCart is unable to store the CVV number in the order database, per PCI regulations.


Related Documentation

Fraud Prevention

Fraud Review