BLOG I FOUND ON E-MERCHANT FORUM
I used to work fraud detection for a shall-not-be-named card service department, so I can walk you through my process that I used at the time...
We used software that I can remember the name of that basically tied a bunch of different databases together.
These databases were directly fraud related (collections and customer service had access to the same databases, but filtered through a specific portal that probably made more sense for their job).
The first thing that we did in this program was go into a queue. These queues were sorted by priority of how likely you were to find fraud in them, and accounts would go into queues at different times depending on the risk factors. So, risk factors:
1)Testing charges. These are usually online charges through known online vendors that a scammer can use to test a card number as valid. These have been mentioned before in the thread, but there were certain vendors that would fade in and out of popularity (I'm not naming names) that would allow very small (usually 1 dollar) charges on a card and produce some sort of digital product that allowed them to verify “yes this card works” or “no, this card is already being monitored”. They also told us that sometimes there were random guessing programs just trying to stumble across cards (as cards follow certain numbering rules, making it slightly more probable, and there being so many unused cards like college students get at football games and never touch). I'm not sure that I believe that last part, but that's what they told us. So Amazon MP3 followed by newegg... probably going to get called.
2)Another type of testing charge (usually in cases of physical card theft) is the gas charge. Gas is something you can buy almost anywhere without being on camera or talking face-to-face with a clerk. A crook will steal a card, test it at a pump, and then go on a spending spree. So gas followed by best buy.... probably going to get called.
3)Out of Country charges. This is an indication that a card has been compromised by a foreign entity (Russia and Turky were two concerns at the time) and fake plastic has been made and is being used until it's found. Many, many customers are legitimately using their cards in foreign countries and get cut off for what they see as no reason. You card company has a reason: mostly that they're legally obligated to refund you for any transactions that are made on your card and pissing off a handful of people versus catching stuff before it becomes tens of thousands of dollars is an economical choice. This is also the case if we almost always see charges coming from Delaware and all of sudden California. Cards leave a datatrail of where they're used, so almost always used in X suddenly used miles away in Y... probably going to get called.
4)SIC Code doesn't match. SIC codes (I think that's what they're called) are different types of merchants. Let's say that a person always uses their card for fast food, gas, and sometimes clothes shopping. All of a sudden we have $2000 dollars coming through from electronics. Probably going to get called.
5)Time in queues. If something starts off as low risk, but keeps coming back again and again it's going to get moved up in the queues until someone finally looks at it.
There are also queues that get specially created. When TJ Max lost a hard drive with credit card info on it, then all of the effected accounts were moved to a TJ Max queue, which we would put priority on working. There were byzantine ones that we were told never to touch, but probably had some highly classified purpose.
We could work whatever queues we wanted to. Basically we would start our systems up in the morning, and there would have been a message from management saying “We've been getting a lot of fraud-found cases in X45, start there and work until its done, and then work other high priority queues”.
Where this comes into play was our incentive. We had a lot of freedom – a scary amount of it, in retrospect. We could work whatever queues we wanted to. If we suspected fraud we would try and contact the customer to verify the charges. If we couldn't contact them, then we had the power to stop that card. BUT, if we mis-indentified fraud, then there was a monitoring system that told our boss. If we didn't work fast enough there was a system for that. If we worked fast by spending all day in a queue with little priority and almost no fraud in it, then our boss would know. The pay sucked, but a monthly incentive of a few hundred bucks could make it decent. There were also teams of fraud finders, and quarterly incentives for teams (like free lunches, baseball tickets, etc.)
The way that I worked was this:
I know that a certain queue pulls certain accounts for certain reasons. I tended to trust the initial computer selection to do its job, more or less, so I used that as my base point.
My first task was to take a look at the charge that specifically tripped the fraud alarm. I would look at it and first think to myself “Do they have a history of this?” I would compare this against demographics. An 80 year old woman who buys food for 6 months, and all of a sudden a charge coming through from steam? Probably not passing on that one. A 20 year old college student who charges everything from clothes to books, and then an iTunes purchase? Maybe they just got an iPod, I'll pass on it.
Cases weren't always cut and dried, so there's other things I can look at. I could see where plane tickets were purchased to and from. So if we have a plane ticket bought from BWI to LAX and sudden out-of-character charges for shopping in California, well... yeah, probably. I could see previous history through a comment log. Other operators (regardless of department) are obligated to comment each interaction with an account. For example, after working an account that I passed on I might write:
“CHRGS COMING FROM OOS (out of state) BUT GAS TRAIL FROM HOME LOCATION TO CURRENT LOCATION PLUS HISTORY OF TRVL. N/A”
The reps who took the incoming calls would also comment. If I looked in there and saw “PERSON CALLED IN AND WAS UNABLE TO VERIFY NON-TRAD (non traditional info: stuff like previous address and drivers license number ). DENIED ACCESS” I might be suspicious. If they'd recently changed their address, that was a red flag. We also had access to databases like lexis-nexis to search records in the DMV and whatever.
So here's a TLDR answer to your question:
When you use that card you're being watched. Sometimes by a person, but most often by computers that analyze and store every purchase you make. Even if you don't know it you have a data trail, and that data trail has a signature to it. When something breaks that signature, and is surrounded by other suspicious details, it either get automatically handled by a computer, and will eventually be handled by a human. The testing charge was suspicious, but maybe by itself wouldn't have mattered. Followed by tools (easy to fence, so a pretty common flag charge) it's no question. Especially if it looked at your account and couldn't find strong previous history with either. So your account gets sent to a high priority queue, and some underpaid dude on the eastern seaboard looks at it, tags it as fraud, and calls you to confirm, maybe helping him make an extra 200 bones at the end of the month.
I used to work fraud detection for a shall-not-be-named card service department, so I can walk you through my process that I used at the time...
We used software that I can remember the name of that basically tied a bunch of different databases together.
These databases were directly fraud related (collections and customer service had access to the same databases, but filtered through a specific portal that probably made more sense for their job).
The first thing that we did in this program was go into a queue. These queues were sorted by priority of how likely you were to find fraud in them, and accounts would go into queues at different times depending on the risk factors. So, risk factors:
1)Testing charges. These are usually online charges through known online vendors that a scammer can use to test a card number as valid. These have been mentioned before in the thread, but there were certain vendors that would fade in and out of popularity (I'm not naming names) that would allow very small (usually 1 dollar) charges on a card and produce some sort of digital product that allowed them to verify “yes this card works” or “no, this card is already being monitored”. They also told us that sometimes there were random guessing programs just trying to stumble across cards (as cards follow certain numbering rules, making it slightly more probable, and there being so many unused cards like college students get at football games and never touch). I'm not sure that I believe that last part, but that's what they told us. So Amazon MP3 followed by newegg... probably going to get called.
2)Another type of testing charge (usually in cases of physical card theft) is the gas charge. Gas is something you can buy almost anywhere without being on camera or talking face-to-face with a clerk. A crook will steal a card, test it at a pump, and then go on a spending spree. So gas followed by best buy.... probably going to get called.
3)Out of Country charges. This is an indication that a card has been compromised by a foreign entity (Russia and Turky were two concerns at the time) and fake plastic has been made and is being used until it's found. Many, many customers are legitimately using their cards in foreign countries and get cut off for what they see as no reason. You card company has a reason: mostly that they're legally obligated to refund you for any transactions that are made on your card and pissing off a handful of people versus catching stuff before it becomes tens of thousands of dollars is an economical choice. This is also the case if we almost always see charges coming from Delaware and all of sudden California. Cards leave a datatrail of where they're used, so almost always used in X suddenly used miles away in Y... probably going to get called.
4)SIC Code doesn't match. SIC codes (I think that's what they're called) are different types of merchants. Let's say that a person always uses their card for fast food, gas, and sometimes clothes shopping. All of a sudden we have $2000 dollars coming through from electronics. Probably going to get called.
5)Time in queues. If something starts off as low risk, but keeps coming back again and again it's going to get moved up in the queues until someone finally looks at it.
There are also queues that get specially created. When TJ Max lost a hard drive with credit card info on it, then all of the effected accounts were moved to a TJ Max queue, which we would put priority on working. There were byzantine ones that we were told never to touch, but probably had some highly classified purpose.
We could work whatever queues we wanted to. Basically we would start our systems up in the morning, and there would have been a message from management saying “We've been getting a lot of fraud-found cases in X45, start there and work until its done, and then work other high priority queues”.
Where this comes into play was our incentive. We had a lot of freedom – a scary amount of it, in retrospect. We could work whatever queues we wanted to. If we suspected fraud we would try and contact the customer to verify the charges. If we couldn't contact them, then we had the power to stop that card. BUT, if we mis-indentified fraud, then there was a monitoring system that told our boss. If we didn't work fast enough there was a system for that. If we worked fast by spending all day in a queue with little priority and almost no fraud in it, then our boss would know. The pay sucked, but a monthly incentive of a few hundred bucks could make it decent. There were also teams of fraud finders, and quarterly incentives for teams (like free lunches, baseball tickets, etc.)
The way that I worked was this:
I know that a certain queue pulls certain accounts for certain reasons. I tended to trust the initial computer selection to do its job, more or less, so I used that as my base point.
My first task was to take a look at the charge that specifically tripped the fraud alarm. I would look at it and first think to myself “Do they have a history of this?” I would compare this against demographics. An 80 year old woman who buys food for 6 months, and all of a sudden a charge coming through from steam? Probably not passing on that one. A 20 year old college student who charges everything from clothes to books, and then an iTunes purchase? Maybe they just got an iPod, I'll pass on it.
Cases weren't always cut and dried, so there's other things I can look at. I could see where plane tickets were purchased to and from. So if we have a plane ticket bought from BWI to LAX and sudden out-of-character charges for shopping in California, well... yeah, probably. I could see previous history through a comment log. Other operators (regardless of department) are obligated to comment each interaction with an account. For example, after working an account that I passed on I might write:
“CHRGS COMING FROM OOS (out of state) BUT GAS TRAIL FROM HOME LOCATION TO CURRENT LOCATION PLUS HISTORY OF TRVL. N/A”
The reps who took the incoming calls would also comment. If I looked in there and saw “PERSON CALLED IN AND WAS UNABLE TO VERIFY NON-TRAD (non traditional info: stuff like previous address and drivers license number ). DENIED ACCESS” I might be suspicious. If they'd recently changed their address, that was a red flag. We also had access to databases like lexis-nexis to search records in the DMV and whatever.
So here's a TLDR answer to your question:
When you use that card you're being watched. Sometimes by a person, but most often by computers that analyze and store every purchase you make. Even if you don't know it you have a data trail, and that data trail has a signature to it. When something breaks that signature, and is surrounded by other suspicious details, it either get automatically handled by a computer, and will eventually be handled by a human. The testing charge was suspicious, but maybe by itself wouldn't have mattered. Followed by tools (easy to fence, so a pretty common flag charge) it's no question. Especially if it looked at your account and couldn't find strong previous history with either. So your account gets sent to a high priority queue, and some underpaid dude on the eastern seaboard looks at it, tags it as fraud, and calls you to confirm, maybe helping him make an extra 200 bones at the end of the month.
