Which customer behavior during CNP transaction (e-commerce or MO/TO) would be deemed suspicious?

The internet offers additional opportunities for “virtual” scams.  You know what kind of behavior is normal for your line of business. Differentiating or peculiar behavior does not prove criminal activity. However, Card Association experience suggests that transactions with multiple risk flags could mean you might be the target of a fraud scheme. These include:

• Larger-than-normal orders. Because stolen cards or account numbers have a limited life span, criminals need to maximize the size of their purchase.
• First-time shopper. Criminals are always looking for new merchants to steal from.
• Orders that include several varieties of the same item. Having multiples of the same item increases criminal’s profits.
• Orders made up of “big-ticket” items. These items have maximum resale value and therefore maximum profit potential.
• “Rush” or “overnight” shipping. Criminals want their fraudulently obtained items as soon as possible for the quickest possible resale and aren’t concerned about extra delivery charges.
• Shipping outside of the merchant’s country. There are times when fraudulent transactions are shipped to fraudulent criminals outside of the home country.
• Orders from Internet addresses that make use of free email services. These email services involve no billing relationships, and often neither an audit trail nor verification that a legitimate cardholder has opened the account.
• Transactions with similar account numbers. May indicate the account numbers used have been generated using software available on the Internet.
• Shipping to a single address, but transactions placed on multiple cards. Could involve an account number generated using special software, or even a batch of stolen cards.
• Multiple transactions on one card over a very short period of time. Could be an attempt to “run a card down” until the account is closed.
• Multiple transactions on one card or a similar card with a single billing address, but multiple shipping addresses. Could represent organized activity, rather than one individual at work.
• For online transactions, multiple cards used from a single IP (Internet Protocol) address. More than one or two cards could indicate a fraud scheme.

You should establish procedures for responding to suspicious transactions. Your sales staff should be familiar with these procedures and receive regular training on them. If they feel uncomfortable or suspicious about a cardholder or transaction, they should adhere to the merchant store procedures and respond accordingly and/or contact us.

For suspicious Mail Order / Telephone Order transactions, you may consider your procedure to include:

• Ask the customer for additional information: For example, ask for day and evening phone numbers and call the customer back later. Some merchants ask for the bank name on the front of the card.
• Separately confirm the order with the customer: Send a note to the customer’s billing address, rather than the shipping address.
• When requesting additional information to verify orders, telephone order employees should use a conversational tone so as not to arouse customers’ suspicions. If a customer asks why the information is needed, employees should say they are trying to protect cardholders from the high cost of fraud.

For suspicious e-commerce merchants, you may consider your procedure to include:

• Cardholder verification calls. Contacting customers directly not only reduces fraud risk, but also builds customer confidence and loyalty. Your verification procedures should address the need both to identify fraud and leave legitimate customers with a positive impression of your company.
• Use directory assistance or Internet search tools to find a cardholder’s telephone number. Do not use the telephone number given for a suspect transaction.
• Confirm the transaction, resolve any discrepancies, and let the cardholder know that you are performing this confirmation as a protection against fraud.