Any business is at risk of fraud and online business is no different. What makes the internet unusual is that there is no safe neighborhood and a criminal from anywhere in the world could right now studying your business activities looking for a way to defraud your operation.
The technology to protect against fraud can be outside the abilities of most merchants and is always expensive to develop. 3DSecure is a powerful system that blocks fraud and should be used when available.
Some banks implement technology to protect against the fraud. When applied at the Acquiring Bank (the bank that the merchant is setup with) these tools invariably reject good transactions and loose important business to the merchant. To start with, the Acquiring bank is only seeing a small subset of the total transactions and has no other information to act on apart from the card number. When applied at the Issuing Bank (the bank that issues the card to the client) these tools have a higher rate of success since they see all the traffic related to the card. Presumably they can detect the pattern of usage of the card, but the majority of banks employ much simpler counters and daily limits. In both cases, transactions are rejected and the merchant looses the business.
With some businesses, transactions are for items with pre-defined prices and usually one off sales. With other businesses, transaction can be any amount and repeat business is the norm.
Fraud can take place in many ways. The payment process itself can be sabotaged in a number of ways such that the merchant is fooled into thinking that the payment was approved when it fact it was rejected. In other cases, the fraudster attempts to change the amount being paid, in an attempt to buy the product at a much lower price. The Endeavour Gateway protects against these type of attacks.
The Endeavour Payment Gateway used the Phalanx Fraud Detection System. The Phalanx fraud detection systems provides a 'Firewall Against Fraud™'.
The first task of Phalanx is collect as much information as possible about the payment process and to analyze the data collected. Typical examples familiar to everyone is the IP address. Phalanx goes far beyond other systems in the information it collects and then excels in its ability to analyze this data using proprietary technology.
The second task is then to define rules on the data to detect fraud or suspicious activity. The rules can choose to either block or warn. Phalanx also allows the merchant to setup rules specific to their business model. The flexibility and efficiency of these checks can be amazing. Here are a few scenarios.
- Limit (or warn) the Amount that can be paid by any client
- Limit (or warn) the amount that can be paid by a client over a period of time (eg day, week, month) taking into account the total number of transactions and the also different transactions used by the same client.
- Block countries both by IP address and by issuing bank
- Block whole blocks of IP Addresses including a whole ISP
- Block emails
- Detect if email is a valid working email
- Detect browsers from certain countries
- Detect Proxy
A merchant can choose to override the checks if the transaction is from a trusted client. In addition, TRUST rules can be setup to exclude transactions from further checks when the TRUST rules are satisfied. For example, Phalanx can check if there are transactions from the same client on a given card that are older then 4 months. Since chargebacks typically are notified back to the merchant within 4 months, the merchant might choose to trust this client.
The effectiveness of Phalanx has been proven time and again. Merchants benefit from protection against theft, losses from chargebacks and higher bank charges, and further benefits from customer satifaction, ease of use and the streamlining of a critical and important part of their business operation - collecting money.
