- Risk scoring is a tool that uses statistical models to compare card-not-present transactions against predefined rules and past transactional data to determine whether it’s fraudulent.
- Merchants should prioritize reducing payment fraud risks because high fraud and chargeback rates can lead to hefty fines, losing merchant accounts, and harming their reputation with payment providers and card issuers.
- Various factors are used to calculate fraud risk scores, from address verification (AVS) and IP addresses to email addresses and geolocation data.
What Is Risk Scoring?
Risk scoring is a fraud prevention tool that uses statistical models to compare card-not-present transactions against predefined rules and databases of past transactions. Each transaction is tested for the probability of being fraudulent. Merchants can use these risk scores to decline potentially fraudulent transactions or use additional security measures to identify whether transactions are risky or not. By using this tool, merchants can help prevent chargebacks and reduce their overall risk rating with payment processors, gateways, and card issuers. Furthermore, risk scoring can help businesses combat credit card fraud by identifying and curbing fraudulent activity as it happens.
How Can Merchants Use Risk Scoring?
Like any fraud assessment solution, merchants must receive the most accurate, up-to-date scores possible. By calculating the risk score for each transaction, merchants can help prevent card fraud and chargebacks from harming their business. There are various factors that should be tested to determine a transaction’s risk score, such as the customer’s IP address, address verification, bank identification number's country match, email address, geolocation, proxy use, etc.
- IP Address – IP address is the numerical label to identify a computer’s location connected to the internet. Risk scoring tools can compare the IP address that each transaction comes from against IP addresses used for known fraudulent purchases.
- Address Verification – Address verification (AVS) can check the address entered into a payment gateway against the cardholder’s address registered with the card issuer like Visa or Mastercard. If the address is not correct, it can trigger an AVS failure. This failure can lead to the transaction's rejection, depending on the specific payment solution and risk scoring tool used.
- Bank Identification Number Country Match – Merchants can use a customer’s bank identification number (BIN) to verify that their billing address is in the same country as their credit card’s issuing bank.
- Email Address – Risk scoring tools can compare the email addresses used for transactions against a database of anonymous email addresses. Specifically, the tool will look for past incidents of card fraud or chargebacks. If something suspicious is detected, the tool will adjust the score accordingly.
- Geolocation – IP addresses include geolocation data that can help identify fraudulent transactions. For example, a transaction made from an IP address with a geolocation tag from a different country than the cardholder’s billing country may indicate card fraud, along with other data.
- High-risk Countries – Did you know certain countries have statistically high rates of fraudulent transactions based on IP address data? A few of the top countries include Mexico, Brazil, and the United States. Thus, transactions with billing or IP addresses from these locations can result in higher risk scores.
- Proxy Use – Proxies are configurable IP addresses that can be connected anonymously to mask one’s actual location. Cybercriminals can use proxies to bypass geolocation and IP address identification. For instance, a hacker in Asia could use a proxy to connect to an IP address in the U.S. This proxy would make it look like the user is in the same geographic location as the cardholder’s actual address. Risk scoring can use proxy detection to determine whether a transaction is fraudulent.
Identifying High-Risk Transactions
Risk scoring solutions can help identify high-risk transactions by evaluating several factors, assigning a risk score, such as from 0-100, and determining the fraud risk for each transaction. For example, a transaction risk score of 10 has a 10 percent chance of fraud, while a score of 80 has an 80 percent chance of being fraudulent. A transaction can generate a risk score of -1 if it doesn’t meet specific requirements to calculate a score accurately. Common reasons for a negative score include failing a Pass/Fail check, session timeout, vendor issue, or masked IP address.
Risk Scale Example
- 0-50 – No major risk factors are detected.
- 50-75 - Some potential risk factors are detected.
- 75-100 – Multiple or major risk factors have been detected.
Depending on the tool used to calculate fraud risks, a specific rating may automatically decline a pending transaction due to being a high risk for fraud. Merchants can view the breakdown of these scores, which typically show the top score factors that impact a transaction’s overall risk score.
For example, a customer may have received a high-risk score of 75 for an online backpack purchase on Amazon.com. Factors that could have influenced this rating include using an email flagged due to being associated with a previously declined transaction or making multiple large credit card purchases over the past few days from new websites. This customer’s pending transaction will likely be rejected due to being listed as a high risk for fraud. Businesses can help combat the rising issues and costs associated with credit card fraud and chargebacks by detecting these high-risk charges as they happen.
Why Is Risk Scoring Important?
Organizations that use risk scoring can leverage these accurate fraud scores to establish a suitable risk-response strategy to address incidents, reduce the likelihood of fraud occurring, and mitigate the damage if fraud occurs. Indeed, this tool can help prevent credit card fraud from impacting a merchant’s bottom line, reputation, relationship with payment processors and card issuers, and more.
What Else Can Merchants Do to Fight Credit Card Fraud?
Merchants should harness a layered security solution comprised of various layers to ward off threat actors that aim to harm their customers and profits. A couple of the many methods to protect your sensitive data are tokenization and 3DS.
Tokenization replaces sensitive cardholder data with unique, randomly generated tokens that are valueless to hackers in the event of theft or fraud. 3-D Secure (3DS) is a three-step fraud prevention solution that verifies a cardholder’s identification before a debit or credit card transaction is authorized. 3DS shifts the liability from the merchant to the issuing bank regarding fraud charges. Businesses that use this solution will not have to pay chargeback fees for unauthorized transactions.
Contact TokenEx today, an expert cloud tokenization and 3DS partner that gives customers the freedom and flexibility to work with any payment processor they need and the ability to maintain a holistic security environment comprised of numerous layers, such as 3DS, tokenization, and Kount fraud protection.