Home
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Home
Forums
CARDING & HACKING
Payment Systems & Bank Carding
ANTIFRAUD: WHAT IT IS AND HOW IT WORKS IN THE BANKING SECTOR
Message
<blockquote data-quote="Plotu" data-source="post: 831" data-attributes="member: 5"><p><strong>How antifraud works</strong></p><p>It is generally accepted that buyers-owners of these same cards – suffer from online fraud with plastic cards. But in fact, online stores get no less. Fraudulent transactions, such as fraud, threaten the seller with loss of money, customers, and reputation.</p><p></p><p><strong>What is a fraud?</strong></p><p>Fraud is the conduct of fraudulent transactions, in particular, through the Internet. There are many types of fraud, most of them are aimed at getting hold of a person's bank card data or plastic itself. Among them are phishing (when the cardholder is contacted by "bank employees" by mail or phone with a request to name the card details, or a well-known site is copied by hackers), skimming (copying card data through special devices installed on ATMs), and simply hacker attacks and viruses sent along with spam by email. In this article, we will talk about online fraud that affects online stores-they are the main focus of attention as customers of our processing center.</p><p></p><p><strong>Online fraud</strong></p><p>Fraud in online stores is primarily dangerous for the stores themselves, or TSPS (retail and service enterprises, as they are also called), because it is through them that fraudulent transactions are made and it is from them that they will be asked if the cardholder declares an illegal debit of funds. The classic scheme works as follows: as a result of skimming/phishing or any other illegal actions, the bank card holder unknowingly transfers to the attackers the data of their card that is sufficient to make a purchase in the online store. The attacker makes a purchase and purchases the product / service. The cardholder, after learning about an unauthorized debit, reports the loss of money to the bank that issued the card. In turn, the bank initiates a Chargeback, i.e. a refund of debited funds, and the TSP must return these funds. If the product has already been received by an attacker, then the TPN "hits" three times: it returns money to the cardholder, loses the product for which it has already been paid to the supplier, plus it can earn a fine for missing a fraudulent transaction-up to a complete ban on accepting online payments.</p><p></p><p><strong>What is antifraud and how it works</strong></p><p>Antifraud is a system for monitoring and preventing fraudulent transactions, which checks every payment in real time, running them through dozens, and sometimes hundreds of filters. Anti-fraud mechanisms work in such a way as to track whether there is anything "unusual"in the payment. The task of the system is to check each transaction, find "suspicious" points in it, and make a decision whether to reject the payment or skip it. The anti-fraud system consists of several components: automatic transaction monitoring, which includes many customizable filters, cardholder authentication and card validation mechanisms, and transaction monitoring in "manual" mode for extreme cases.</p><p></p><p>Such a system is an extremely expensive development that only banks, stores and services – market giants and specialized services (payment aggregators and processing centers that specialize in accepting payments) can afford. That is why most online services and online stores prefer to use the services of third-party contractors to accept payments.</p><p></p><p><strong>What filters are available</strong></p><p>Here we will give examples of filters from the PayOnline processing center – Depending on the system developer, they may be different.</p><ul> <li data-xf-list-type="ul">Validator filters. Example – a validator for bank card details. When entering the card number on the payment form, the system checks it using the Luna algorithm, so that the system can understand that the buyer has not made a mistake, and the card number entered on the payment form is correct.</li> <li data-xf-list-type="ul">Geographical filters. For example, by country of IP addresses. Statistics show that there is a high level of skimming and card compromise in some African countries, and as a result, payments made from these countries are highly likely to be fraudulent.</li> <li data-xf-list-type="ul">Filters-stop lists. Example: Bank card stoplist. If the system receives data from a card that has already been used for payments marked "Fraud", or the cardholder has reported to the issuing bank that its data was compromised, such a card is included in the stop list-the system knows that transactions cannot be skipped on it, as they will turn out to be fraudulent.</li> <li data-xf-list-type="ul">Filters for matching parameters. Example: matching the country of the payer's IP address and the country of the bank card issuer. If the payment is made from a country other than the country where the card was issued, and the cardholder did not notify the bank in advance about their travel, it is likely that the card details were stolen and used by intruders.</li> <li data-xf-list-type="ul">Authorization limit filters. For example, the limit for the amount of one transaction, the number of authorization attempts from one IP address, or from one bank card. To protect both the payer and other participants in the online payment process, there are restrictions on the number and amount of payments made during a day or other period. For some types of business, a particularly large payment, if it turns out to be fraudulent, can significantly hit the profit when refunded.</li> </ul><p></p><p>In total, the system can include hundreds of different filters, and the more a business area is susceptible to fraudulent actions, the more filters are included and the more finely each of them is configured for a specific online store or online service.</p><p></p><p><strong>What happens if you disable antifraud completely</strong></p><p>The store will start skipping fraudulent payments – significantly more than if the anti-fraud filters worked and checked every transaction. If you use 3-D Secure, where the buyer is required to confirm the payment using a one-time password sent via SMS, the online store can minimize losses. However, in case of massive fraudulent transactions, the store may still be disconnected from the payment system. It is enough that the number of fraudulent transactions reaches 1-2% of the number of all payments on the site for a certain period – After that, the acquiring bank can already block payments.</p><p></p><p>In a situation where 3-D Secure is not used, the situation can be more than deplorable: the conversion rate to successful payments can reach 100%, but losses from such a rash step will be disastrous for the store. However, in the modern market, it is difficult to imagine the situation with disabling all security mechanisms – under such conditions, processing, acquiring banks, and payment systems will refuse to work with the store even at the activation stage.</p><p></p><p><strong>What happens if you enable all filters</strong></p><p>Here the situation is reversed – if all filters are enabled, the percentage of accepted payments may drop significantly. Such protection can simply kill some businesses: for example, if we are talking about the sale of air tickets, the country restriction may negatively affect sales, because the buyer with a Belarusian bank card may be located in Spain and pay for the ticket on the Russian website. Accordingly, when all filters are enabled, we provide a 100% level of security, but significantly reduce the conversion rate to successful payments – If the country of the issuing bank, the seller's site, and the country from which the purchase is made do not match, this is a reason not to miss the payment.</p></blockquote><p></p>
[QUOTE="Plotu, post: 831, member: 5"] [B]How antifraud works[/B] It is generally accepted that buyers-owners of these same cards – suffer from online fraud with plastic cards. But in fact, online stores get no less. Fraudulent transactions, such as fraud, threaten the seller with loss of money, customers, and reputation. [B]What is a fraud?[/B] Fraud is the conduct of fraudulent transactions, in particular, through the Internet. There are many types of fraud, most of them are aimed at getting hold of a person's bank card data or plastic itself. Among them are phishing (when the cardholder is contacted by "bank employees" by mail or phone with a request to name the card details, or a well-known site is copied by hackers), skimming (copying card data through special devices installed on ATMs), and simply hacker attacks and viruses sent along with spam by email. In this article, we will talk about online fraud that affects online stores-they are the main focus of attention as customers of our processing center. [B]Online fraud[/B] Fraud in online stores is primarily dangerous for the stores themselves, or TSPS (retail and service enterprises, as they are also called), because it is through them that fraudulent transactions are made and it is from them that they will be asked if the cardholder declares an illegal debit of funds. The classic scheme works as follows: as a result of skimming/phishing or any other illegal actions, the bank card holder unknowingly transfers to the attackers the data of their card that is sufficient to make a purchase in the online store. The attacker makes a purchase and purchases the product / service. The cardholder, after learning about an unauthorized debit, reports the loss of money to the bank that issued the card. In turn, the bank initiates a Chargeback, i.e. a refund of debited funds, and the TSP must return these funds. If the product has already been received by an attacker, then the TPN "hits" three times: it returns money to the cardholder, loses the product for which it has already been paid to the supplier, plus it can earn a fine for missing a fraudulent transaction-up to a complete ban on accepting online payments. [B]What is antifraud and how it works[/B] Antifraud is a system for monitoring and preventing fraudulent transactions, which checks every payment in real time, running them through dozens, and sometimes hundreds of filters. Anti-fraud mechanisms work in such a way as to track whether there is anything "unusual"in the payment. The task of the system is to check each transaction, find "suspicious" points in it, and make a decision whether to reject the payment or skip it. The anti-fraud system consists of several components: automatic transaction monitoring, which includes many customizable filters, cardholder authentication and card validation mechanisms, and transaction monitoring in "manual" mode for extreme cases. Such a system is an extremely expensive development that only banks, stores and services – market giants and specialized services (payment aggregators and processing centers that specialize in accepting payments) can afford. That is why most online services and online stores prefer to use the services of third-party contractors to accept payments. [B]What filters are available[/B] Here we will give examples of filters from the PayOnline processing center – Depending on the system developer, they may be different. [LIST] [*]Validator filters. Example – a validator for bank card details. When entering the card number on the payment form, the system checks it using the Luna algorithm, so that the system can understand that the buyer has not made a mistake, and the card number entered on the payment form is correct. [*]Geographical filters. For example, by country of IP addresses. Statistics show that there is a high level of skimming and card compromise in some African countries, and as a result, payments made from these countries are highly likely to be fraudulent. [*]Filters-stop lists. Example: Bank card stoplist. If the system receives data from a card that has already been used for payments marked "Fraud", or the cardholder has reported to the issuing bank that its data was compromised, such a card is included in the stop list-the system knows that transactions cannot be skipped on it, as they will turn out to be fraudulent. [*]Filters for matching parameters. Example: matching the country of the payer's IP address and the country of the bank card issuer. If the payment is made from a country other than the country where the card was issued, and the cardholder did not notify the bank in advance about their travel, it is likely that the card details were stolen and used by intruders. [*]Authorization limit filters. For example, the limit for the amount of one transaction, the number of authorization attempts from one IP address, or from one bank card. To protect both the payer and other participants in the online payment process, there are restrictions on the number and amount of payments made during a day or other period. For some types of business, a particularly large payment, if it turns out to be fraudulent, can significantly hit the profit when refunded. [/LIST] In total, the system can include hundreds of different filters, and the more a business area is susceptible to fraudulent actions, the more filters are included and the more finely each of them is configured for a specific online store or online service. [B]What happens if you disable antifraud completely[/B] The store will start skipping fraudulent payments – significantly more than if the anti-fraud filters worked and checked every transaction. If you use 3-D Secure, where the buyer is required to confirm the payment using a one-time password sent via SMS, the online store can minimize losses. However, in case of massive fraudulent transactions, the store may still be disconnected from the payment system. It is enough that the number of fraudulent transactions reaches 1-2% of the number of all payments on the site for a certain period – After that, the acquiring bank can already block payments. In a situation where 3-D Secure is not used, the situation can be more than deplorable: the conversion rate to successful payments can reach 100%, but losses from such a rash step will be disastrous for the store. However, in the modern market, it is difficult to imagine the situation with disabling all security mechanisms – under such conditions, processing, acquiring banks, and payment systems will refuse to work with the store even at the activation stage. [B]What happens if you enable all filters[/B] Here the situation is reversed – if all filters are enabled, the percentage of accepted payments may drop significantly. Such protection can simply kill some businesses: for example, if we are talking about the sale of air tickets, the country restriction may negatively affect sales, because the buyer with a Belarusian bank card may be located in Spain and pay for the ticket on the Russian website. Accordingly, when all filters are enabled, we provide a 100% level of security, but significantly reduce the conversion rate to successful payments – If the country of the issuing bank, the seller's site, and the country from which the purchase is made do not match, this is a reason not to miss the payment. [/QUOTE]
Name
Verification
Post reply
Home
Forums
CARDING & HACKING
Payment Systems & Bank Carding
ANTIFRAUD: WHAT IT IS AND HOW IT WORKS IN THE BANKING SECTOR
Top