Antifraud systems working.

[Forum Library]

In all online shops which accept credit card was added "Credit Card Fraud Detection service" (further CCFDs). It's task is to percent of possibility of fraud. It counts as named fraud score (FS) based on main factors of legity. For example if FS higher than 2,5 it's adviced to manager to hold order or claim a call.

Factors of fraud:

1. E-mail Domain - they look provider of your e-mail (if it's free email provider like hotmail.com)

2. Geographic Source-IP A country which IP belongs to and a country you're entering in the shop must be the same.

3. Anonymous Proxy - if IP of customer in black list.

4 High Risk Country - for example Russia, Ukrain, Moldova, Belorussia, Columbia, Egypt, Indonesia, Livan, Macedonia

5. Distance-Расстояние - distance between IP location and shipping address.

6. Bin Number Match - country of bank emited the card and country of IP (check by BIN).

9-Carder E-mail - if entered e-mail is in database of famous carders.

10-Open Proxy - check IP on public proxy

11-Spam - checking IP in spam blacklist

And that's the formula for counting FS:

FS =
2.5 * isFreeEmail +
2.5 * countryDoesntMatch +
5 * highRiskCountry +
10 * min(distance,5000) / maxEarthArc +
2 * binDoesntMatch +
5 * carderEmail +
2.5 * proxyScore +
spamScore/3
maxEarth = 20037.

P.S.: for example it was surprise for me that also they count distance from IP location and billing address.

 

[Gorod]

Nigeria extreme high risk country to

 

[dimkabilan]

sorry, i forgot that it's english speaking section.

eng:

i think you need to get ip from the same zip code with shipping address and
5. Distance-Расстояние - distance between IP location and shipping address.

gonna be ok!

rus:
сразу же тоже этот пункт заметил.
5. Distance-Расстояние - distance between IP location and shipping address.

я никогда раньше сильно внимания не обращал.
а какое расстояние нормально? всегда в пределах одного штата получается но не всегда в пределах одного zip.
думаю zip должен быть одинаковым в shipping & ip

 

[Forum Library]

Please write here in English - we have the same article in Russian - you can discuss it in Russian there.

 

[Carding 4 Carders]

How to shop can check fraud order​

N = address home & zip not same – (us cc)
G = cc no support inter check avs – (inter cc)
Z = address home not same, But zipcode is same – (us cc)
M = address home & zipcode same if use inter cc (inter cc)
Y = address home & zipcode same if cc us (us cc)
D = address home & zipcode same if inter cc (same value as M) – (inter cc)

 

[Carding]

What is antifraud: tasks and methods​

To combat fraud and theft of confidential information, banking systems use antifraud. These systems are aimed at detecting and preventing fraudulent attacks, and this is implemented by dozens of different methods.
Let's talk about the goals and methods of antifraud that are relevant at the moment.

Let's understand the terminology
Antifraud system is a set of measures that allow you to evaluate banking or Internet transactions for the degree of the likelihood of fraud. To do this, the system tries on certain criteria for each operation - and if it does not correspond to them, then it checks it more thoroughly and signals it.
Built-in filters help to recognize unusual behavior and assess the risks of the operation, and then apply measures to allow or deny it. In disputable situations, the final solution to the issue is passed on to the bank's employees, who are called fraud analysts (fraud is fraud in order to take possession of other people's funds or property by fraud).
Banks and regulators have been actively cooperating with each other in recent years, creating new recommendations for identifying fraudulent schemes. Financial organizations exchange information with each other, and self-learning anti-fraud systems analyze Big Data and learn to make decisions based on this analysis. According to a study by the National Bureau of Credit Histories, already in 2017, shortly after the massive introduction of anti-fraud systems in banks, the number of loans with suspicious signs decreased by 15%. Similar solutions are increasingly being implemented by representatives of small and medium-sized businesses, especially due to the availability of low-cost cloud solutions on the market.

How the anti-fraud process works
Each transaction first goes through the first "line of defense": it is checked for compliance with the established restrictions, such as the limit on the volume of purchases on the card, the maximum one-time purchase amount, the number of users of one card, the number of cards for one client, etc. If all these checks have passed successfully, then the next, more serious ones come into play.

Based on their results, the antifraud assigns one of the conditional "labels" to the operation:

• Red. Danger of fraud, cardholder authentication is required. Such a label is automatically assigned to translations with non-standard characteristics - for example, a user from France pays for a purchase in a Russian online store with a card issued in the UK.
• Yellow. For example, if the amount of payment is significantly higher than the average for a particular store. There is a possibility of fraud, additional verification is required.
• Green. Payment is carried out within one country, the payment amount is average. Minimal chance of fraud.

For all checks, the user must be recognized according to one or another algorithm. The standard protection settings are also taken into account - protection from the selection of confidential data and payment information. The map is analyzed by country of issue, geography of use, owner. The history of previous payments is being studied.

Relationship between antifraud and user authentication
Antifraud system of any type used in remote banking determines how legitimate a customer-initiated transaction is. The higher the potential risk of fraud in a particular case, the more efforts the system makes to recognize the criminal scheme, either manually or automatically.
The first and most important thing to do in this situation is to authenticate the operation, that is, to find out whether the user who has the right to do it is doing it. For example, the client can be asked to confirm the operation using a push notification or SMS. This is called multi-factor authentication. Its successful completion affects the further processing of the operation in a manual or automatic way. It is noteworthy that during SMS authentication it is correct to send such a text, where the code will be only at the very end. That is, a person can see it only by unlocking the device.
Thus, antifraud can be called an adaptive multifactor authentication system. Adaptive - because she can:

• calculate the riskiness of each transaction (not only a money transfer, but also, for example, entering a personal banking account);
• apply additional authentication methods based on the received information about the client and the transaction;
• make a final decision on the legitimacy of the process or delegate these powers to the employees of the financial institution.

Of course, this kind of scheme can be applied not only for payment systems, but also for single authentication in any other cases.

Tasks and methods
Antifraud includes four main tasks: monitoring, detection, decision making, intelligent learning. The process uses a large number of different filters - validators, geographic filters, authorization limits, parameter matching filters, stop lists. The more complex and risky the area, the more different filters are used for protection.

Key technologies and capabilities used to address these challenges:

• Calculation of statistical parameters. The very tool that can identify abnormalities and recognize a suspicious transaction.
• Text analytics. Divides information into categories, instantly searches through it, and extracts entities.
• Gap testing. Identifies redundant or missing components in serial data.
• Network analytics. It detects patterns and analyzes them so that in the future the anti-fraud can handle similar situations faster.
• Machine learning. It is based on historical data and forms specific patterns. This process is supervised by a specialist.
• Selfeducation. Allows you to detect fraud in situations that the system has not encountered before.
• Confirmation of the entry date. Analyzes the date and time of the transaction for suspicion.

While all anti-fraud systems serve the same purpose (fraud prevention), the methods used to achieve it can vary significantly. For this reason, a classification of such systems has been developed, with which it is possible to compare different products. At the same time, many anti-fraud complexes do not compete with each other, but successfully complement.
For example, there are core systems: full-fledged and powerful machines capable of deploying a given logic in an entire segment (card transactions, remote banking). There are narrower ones, responsible specifically for device parameters, technical risks, speech or biometric data recognition, etc.

One way or another, the classification conventionally divides antifraud systems into three types of solutions:

1. A set of measures for detecting anomalies in operations, identifying signs of fraud.
2. A set of measures for performing highly specialized tasks (such as recognition of appearance or speech).
3. A set of measures to identify signs of third-party fraud. Such solutions, for example, can recognize phishing, see the presence of malware on the device, and identify remote control attempts.

Any antifraud in controversial situations leaves the last word to the analyst. He considers the incident and assigns it a characteristic ranging from "definitely legal" to "definitely fraudulent."
According to the Banki.ru portal, such a type of fraud with bank cards as FF (friendly fraud) is very common. This scheme is arranged as follows: the user buys something on the Internet, after which he requests a chargeback (refund) from the bank, as if the service was not provided to him. Of course, in some cases, the store can prove that the claims are unfounded, but sometimes, due to the insufficiently good organization of the company, the store cannot do this. As a result, the company incurs unforeseen expenses. Additionally, online shopping can suffer from:

• intruders entering the internal systems of the site;
• unscrupulous buyers who indicate inaccurate payment information;
• the arbitrariness of its own personnel using the database for personal purposes.

Unfortunately, so far the anti-fraud is not fully able to withstand the human factor. But it reduces the likelihood of collision with the main types of fraudulent schemes by hundreds of times. The rest is left to the employees, who receive signals about any controversial transactions.
If the system is completely turned off, a lot of fraudulent transactions will begin to take place, which will lead to losses and loss of reputation.

How the antifraud system works in real conditions
We propose to consider the principle of anti-fraudulent activities using the example of specific solutions used all over the world. They are aimed at protecting the interests of not only users or financial companies, but also the state - they reduce the likelihood of money laundering. It is difficult to bypass antifraud - it is not always within the power of even experienced hackers (provided a well-developed system).

The functional components of anti-fraud monitoring are:

• Data storage. Systems store a huge amount of important data - this is complete information about each client and his operations, general information about the data structure in the institution, the history of notifications about previously noticed suspicious transactions, various rules.
• Scripts. Each scenario is a model of a particular situation to which the system must react in a certain way. Initially, each anti-fraud already contains a database of ready-made scripts, but employees can add their own. They are based on individual events or their entire chains, as well as options for the client's behavior (for example, the mobile number linked to the card was changed, and immediately a large amount was withdrawn from the ATM - suspicious).
• Proceedings. If, for some reason, a transaction appeared to the system to be unreliable, this does not mean that it will be immediately blocked. Disputes are referred to employees for investigation (as a rule, the bank has a special department for this purpose). During the investigation, information about the client and his transactions, about the specific case in question, is studied in detail. The system can also provide guesses about possibly related events (for example, several merchants of prohibited goods use the accounts of the same bank). The employee has the authority to mark the operation as false, the anti-fraud will remember this and will take it into account in the future.
• Analytics using the built-in engine. This operation is hidden from the user, but for work it is extremely important. The engine processes data arrays, revealing on their basis even such fraudulent schemes, the scenarios of which have not been recorded anywhere at the moment. At the same time, natural language analysis and numerical methods are used. And yet, the final result should still be analyzed by the bank's employees - so far there is nowhere without the human factor.

In addition, the bank is required to administer the system - a purely technical part concerning support, maintenance, updating and setting up antifraud.
Antifraud is relevant wherever financial transactions take place or trade relations take place online, from gas stations and MFOs to computer games and bookmakers. During the 2020 pandemic, antifraud complexes proved to be excellent in working with MFOs (the load on which has grown significantly). The devastating impact on the economy provoked a wave of loans from citizens, and not everyone tried to take these loans honestly. Credit institutions managed to identify and suppress the vast majority of such attacks.

What antifraud tasks does the product solve?
ANTIFRAUD allows you to control internal and external fraudulent schemes and process each loan application within 40 seconds. Main functions:

• Checking information about the applicant against blacklists.
• Identifying data inconsistencies in loan applications by cross-checking and comparing with other applications.
• Supplementing the client's personal data with information from external sources.
• Fuzzy data comparison algorithms.

When a rule is triggered, the entire database is analyzed. Alarms are clearly visualized, the system instantly adapts to changes in conditions. With the help of control of internal and external schemes, the likelihood of obtaining loans for fake details, for invalid documents or for goods for the purpose of cashing is reduced to zero. In addition, applications with photocopies of documents or made in collusion / under pressure are rejected. Confirmed fraud profiles are added to the blacklist, after which the updated data is transmitted to the automated banking system.
Living in the age of information technology, we are constantly faced with fraudulent schemes of one kind or another - as soon as one attacker manages to deceive the system, he spreads a loophole among the rest. Fortunately, modern security services can learn and are becoming more productive every day. We offer to order a presentation and see for yourself how the anti-fraud works effectively.