Velocity Checks and Fraud Prevention

Scott StoneFraud Prevention36 Comments

Velocity Checks Explained

Fraudsters aren’t satisfied with placing different orders among different merchants. It costs way too much time and (if they're a small-scale group) it'll take a while for them to see any returns. It's only rational to target one merchant. And if you're reading this, you may have been a target who is seeking for help.

Let me first say that there's hope for you. What fraudsters overlook is your ability to learn about their patterns of placing high-risk orders. They assume merchants don't take the time to monitor relationships between transactions. That's where they're wrong. And that's when you seize your moment with velocity checks.


What Are Velocity Checks?

Velocity checks monitor certain data elements that occur in certain intervals for a number of times. A common trait that CNP fraudsters use is to test out stolen credit cards. All it takes is one fraudulent transaction to be approved. Then the fraudster will max out the card until someone notices his activities. That results in a brutal wave of chargebacks.

Velocity checks help merchants review repeated patterns that happen within a short period of time. For example, you notice a significant increase of transactions from one month. At first, you're thinking that's great since you're earning revenue. But the shipping address is being sent to a commercial address, not a residential address. Or vice versa. Then a cardholder, whose Visa credit card was stolen, files a dispute under VCR Dispute Reason Code 10.4.

All customer data enter your payment gateway. It doesn't discriminate between legitimate and fraudulent transactions. But it can take action if the data are entered multiple times in a designated time period. Or it can notify you, the merchant, for manual review.

Velocity Checks: Data Elements

Velocity checks are a critical tool in fraud prevention efforts. Here are typical data that are monitored in this solution:

  • User ID
  • IP address
  • Email address
  • Phone number
  • Device ID / signature
  • Credit card number / payment method
  • Billing address
  • Shipping address

Data elements like customer name aren’t effective points for velocity checks. Multiple people can have the same name. And you can repurpose your time on better things like real-time dispute resolution. Remember, it’s impossible to block 100% of true fraud. The only way to do that is to stop accepting payments. But you can sniff it out and find it.

Just make sure that choose the right data elements in your velocity checks. There's a universal phrase that highlights why it's important to have the right data elements. If you put in garbage in your velocity checks, you'll receive garbage as you extract insights. 

Velocity Checks: Examples

How you use velocity checks depends on the nature of your business. Basically, any data point that looks suspicious when it's shared across customers should be tracked. You need to find the right signals that point to actual instances of fraud.

A velocity check is made up of three or more variables. But it always includes quantity, data element, and timeframe. Here are some examples that help frame velocity checks:

  • How many transactions has a customer completed in the last 24 hours?
  • How much has a customer spent in the last 24 hours?
  • How many transactions have originated from a single device in the last 24 hours?
  • How many orders have been placed with the same credit card number in the last 24 hours? Has it differed with multiple shipping addresses?
  • How many transactions have originated from one IP address in the last 24 hours?
  • How many billing zip codes have a customer loyalty card? How often has it been used in within the last 30 days?

As you can see, the three variables are present in each of the above examples. Whether it’s ‘how many’ or ‘how much’, each velocity check begins with an indicator of volume or sum of the data element(s).  The data element being monitored is given after the volume or sum is qualified. The data elements range from transactions by a single customer, the transaction amount and the device ID. It also ranges from credit card numbers, shipping addresses, IP addresses, billing zip codes, and customer loyalty cards.

Finally, the time frame is specified. It may be common for a single customer to place multiple orders in 24 hours. Some businesses expect that. But others can view this as a sign of fraudulent activity. Merchants need to keep their business in mind when they select timeframe parameters for their velocity checks.

Velocity checks are a critical element in your fraud prevention solution stack. But remember, you need an end-to-end approach to fraud. That is, if you want to maximize recovered revenue from fraud losses. That requires having processes and procedures in place for post-transaction fraud management. Check out our guide to managing chargebacks in-house for the run-down of how to craft these at your company.

Managing Chargebacks In-House