|
NIA #5 - CC Merchant Fraud
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
From @UICVM.uic.edu:[email protected] Wed Dec 5 23:15:48 1990
Return-Path: <@UICVM.uic.edu:[email protected]>
Received: from UICVM.uic.edu by cs.widener.edu (4.1/Widener-2.3)
id AA19573; Wed, 5 Dec 90 23:15:40 EST
Message-Id: <[email protected]>
Received: from NIU.BITNET by UICVM.uic.edu (IBM VM SMTP R1.2.2MX) with BSMTP id 3087; Wed, 05 Dec 902 CST
Date: Wed, 05 Dec 90 22:10 CST
To: [email protected]
From: TK0JUT2%[email protected]
Subject: nia #5
Status: OR
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% N.I.A. %%
%% Network Information Access %%
%% 01FEB90 %%
%% Guardian Of Time %%
%% File #5 %%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
:_Detecting Merchant Fraud
:_Typed In By: Guardian Of Time
:_"A Guide To Monitoring Credit Card Transactions"
:_Written By: Mastercard International
N.I.A, is Proud to Present A Guide To Monitoring Credit Card Transactions, this
file is a small comphrensive manual, on what SOME people look for in Credit
Card Fraud.
This is by NO MEANS to be used for Fraudulent Purposes, and since I know some
of you will, ( why should I deny it? ), you do it w/ out my aproval, meaning
that I am NOT responisble for any actions you do, this is for EDUCATIONAL
PURPOSES ONLY.
----------
Merchant Fraud: Everyone's Problem
A MasterCard merchant portfolio is a major source of revenue and profit for
many banks. And it can be even more profitable if member banks combat oneof
the most serious drains on the entire system -- merchant fraud.
Industry fraud losses total more than $200 million per year. Although most of
the direct cost is borne by issuing banks, acquiring bnks today face increased
liability, particularly in cases where fraud shouold have been detected.
What's more, the associated costs of fraud, in lost time and lost business, are
felt by all participating banks and ultimately, consumers.
But you can fight back. There are basic and inexpensive ways to limit your
bank's exposure and make the system work better for everyone -- through
monitoring of merchant transactions.
This Guide outlines a series of early warning signals that will enable you to
spot fraud promptly and take the necessary responsive reaction. Based on a
survey of MasterCard member banks, this Guide identifies the monitoring
procedures that have proved most effective in fighting fraud. By selecting
those that best fit your circumstances, you can design a monitoring system that
works for you. Note: ( Those members utilizing third party processors should
request reports containing information suggested in this guidebook. )
THE MANY FACES OF FRAUD
The first step in detecting fraud is to understand how it occurs. Here's a
sample of some of the most common forms:
Collusive Merchants
Thee merchants or their employees work actively w/ criminals, supplying account
numbers and other account information, or knowingly process transactions using
lost, stolen or white plastic cards. These merchants are distinguished from
merchants who are honest victims of fraud on their premises but take no steops
to fight it.
Telemarketing Scams
"Boiler Room" phone sales operations offer travel packages, jewelry, vitamins
or other merchandise at prices that seem to good to be true - and are. The
goal: Lure consumers into divulging their card numbers and experation dates.
Consumers receive worthless merchandise, nothing at all; or find that their
accounts are charge repeatedly for a single purchase. Not only is the consumer
cheated, but under some circumstances, the acquiring bank faceds liability as
well.
White Plastic Schemes
Illegally obtained account numbers are embossed onto otherwise blank cards --
obvious fakes, which don't look like real MasterCard cards. The phony card
transactions are then processed by a collusive merchant and submitted to the
member bank as genuine.
Laundering
Laundering is a way for Fraudulent merchants to participate in MasterCard
activity w/out entering into a merchant agreement. A merchant deposits the
fraudulent merchant's sales drafts in return for a cut of the face value of the
items. All such third-party deposits are prohibited by the MasterCard Bylaws
and Rules.
New Merchant Bust-Out Schemes
A fake business is set up, often complete w/ stocked shelves to deceive bank
investigators. W/in the first few days of operation, the new business makes
heavy deposits -- most or all of them fraudulently obtained account numbers,
representing nonexistent sales. No merchandise actually changes hands. The
operators collect from the bank, often by a series of wire transfers to other
accounts, and disappear.
Merchants Who Make Cash Advances to Themselves
Using his or her own MasterCard, a merchant or employee completes a sales slip,
submits it to the acquirer, but receives no merchandise or service. Instead,
the merchant simply opens the register and takes out cash equal to the sales
slip total -- an instant loan. ( The loan may or may not be repaid later,
through the proprietor's personal account ).
Otherwise honest merchants may resort to this practice when they experience
difficult times. Often they have longstanding business and personal
relationships w/ their bankers -- which makes it especially difficult for the
banker to see or act on this type of fraud.
Electronic Data Capture Scams
These scams take advantage of the fact the EDC terminals allow card numbers to
be keyed in, or read electronically. Merchants obtain account numbers
illegally, key enter the transsactions and collect the cash from their banks.
Fraud Busting: Exception Reporting
Fraudulent merchants usually leave tracks. Their account activity often
deviates sharply from the norm for their type of business. That's why an
initial investigation, before signing a merchant, is your first line of defense
in conjunction w/ a monitoring system that pinpoints exceptions to normal
business patterns.
While no screening system can take the place of your sound business judgement
in distinguishing dishonest from honest merchants, a well designed exceptin
reporting program can help you:
:_Track activities of new and established merchants
:_Spot suspicious activity that warrants closer scrutiny
:_Investigate cases of possible fraud
:_Prevent extensive losses
In the next few pages you will find detailed, practical suggestions for
designing your own exception reporting system. No single system is best for
every bank. It's up to you to choose the specific indicators that you will
use in distinguishing exceptional patters from the normal day-to-day ups and
downs of business.
Deposits
Deposit records are a rich source of indicators that can signal fraudulent
activity on the part of a merchant. You'll find a discussion of these
"red-flags" below, including a brief ratinale for each one.
There are three points to keep in mind as you adapt these indicators to your
needs:
1. It's not always necessary or practical to track all of the possible
indicators. They're suggestions from which to pick the ones that make the
most sense for you.
2. There are no magic numbers that automatically indicate questinable
behavior on the part of a merchant. For some, a $5,000 deposit would be
exceptional; for others a $50,000 deposit would be routine. For some, a 20%
increase in deposit volume would be suspicious; for others, a 50% increase
- for example during a peak season -- would be no cause for concern.
That's why numerical cutoffs are left for you to determine. (See "Hints for
Implementation" for thoughs on how to do it).
3. Many "Red Flags" take the form of sudden changes in the volume, frequency,
size or other aspects of a merchant's deposits. To detect such changes,
you will first need to gauge the merchant's normal activity by tracking the
deposit history.
Here's an approach that can help you pinpoint meaningful departures from the
norm:
:_Use deposit data from a 90-day period, to average out shrot term
fluctuations and establish a reliable baseline.
:_Use a rolling base period. Update your figures on each merchant to reflect
the most recent 90 days. You'll automatically adjust for gradual growth or
lulls in the merchant's business, and you may avoid false alarms.
:_For new merchants, use their expected deposit figures until you have
collected actual deposit data for 90 days.
:_To Calculate...
average deposit size, by dividing 90-day volume by total number of deposits
average monthly deposit, by dividing 90-day volume by 3
average weekly deposit, by dividing 90-day volume by 13
average daily deposit, by dividing 90-day volume by the number of deposits
made by the merchant during that time period.
average ticket size, by dividing 90-day volume by total number of
transactions.
:_Add to each base figure an X% margin, to allow for normal variation. (X is a
figure set by you and based on experience ).
:_Whenever a merchan't total deposit, ticket size, etc. exceeds that
merchant's base plus X, this should print on your reports as an exception, to
be investigated further.
This generic approach can be applied to many of the specific deposit
indicators that follow:
Indicator: All deposits for newly signed merchants
Rationale: Careful tracking of new merchants establishes a baseline for
future comparisons. In addition, an unusually high volume of early
business may be a signal a "Bust-Out" Scheme.
Indicators: Sudden Increases in ...
Average Ticket Size
Deposit volume ( daily, weekly or monthly )
number of transactions per deposit
frequency of deposits
Rationale: Sudden jumps in volume, ticket size, etc. Can be associated w/
almost any type of fraud, since the objective is to w/draw as much
money as possible, as quickley as possible. Laundering, in
particular, will raise this type of flag, when the "front" merchant
adds third-part tickets to his own.
Indicator: Diminishing deposit volume, ticket size, number of transactions
per deposit or frequency of deposits
Rationale: While not a fraud indicator per se, a sudden drop in business may
signal impending financial problems, such as delinquent loans and
eventual bankruptcy.
Indicator: Deposits in which the same cardholder account number appears more
than X Times
Rationale: Multiple charges may indicate a stolen card or illegaly obtained
account number. These are typically put to heavy use right away,
before they can be statused by the bank. ( Again, it's up to you
to determine what number of repeat charges in a single deposit
constitutes grounds for suspicion).
Indicator: Deposits in which the same dollar amount appears more than X times
Rationale: Multiple transactions in the same amount sometimes point to a
telemarketing scam. Typically hig pressuer telemarketers sell the
same product over and over in a short period of time. Also, they
often charge the same account several times for one item of
merchandise.
Indicator: Deposits containing X% of transactions just below the MasterCard
floor limit
Rationale: Merchants processing stolen cards or illegally obtained account
numbers will often use this approach to evade the authorization
requirement.
Indicators: Deposits containing transactions...
on cardholder accounts statused by the bank
on expired cards
older than the presentation cycle allowed for the merchant
deposits by blocked merchants
Rationale: All such deposits show negligence on the part of a business or its
employees, and may represent deliberate attempts to obtain
illegitimate payments.
Authorizations
The key in monitoring authorizations is to set up a system that flags
exceptions daily. If you act quickly enough you may even be able to block
fraudlent transactions before they are submitted into interchange.
Indicators: All authorizations over x dollars
more than x authorizations in one day on the same cardholder
account number
More than x authorizatoin attempts in one day on the same
cardholder account
Rationale: Very large authorizations or multiple authorizatins on the same
account may signal an attempt to clean out an account before the
cardholder realizaes that the card has been stolen or the number is
being used fraudulently.
Indicator: Repeated authorizations ( or attempts ) in the same dollar amount
Rationale: Like repeated deposits in the same amount, repeated authorizations
w/in a short period may point to possible fraud situations.
Indicator: All transactions for which authorizatoin was required but not
obtained
Rationale: Failure to secure authorization reflects procedures in need of
correction. Merchants who deliberately ignore the authorization
requirement may be hiding the use of stolen cards or illegally
obtained account numbers.
Indicator: % of denied authorizations vs. attempts
Rationale: When a large percentage of a merchant's authorization attempts are
denied, the merchant may be testing the credit limits of stolen
cards or illegally obtained account numbers.
Electronic Data Catpure
Some cards can't be read electronically because of damage to the magnetic
stripe. This a certain proportion of keyed transactions is unavoidable.
Hoever, excess ue of the key option warrants further examination.
Indicator: Percent of keyed transactons vs. swiped transactions
Rationale: An unusually high proportion of keyed transactions vs. swiped
transactions may indicate that the merchant is using illegally obtained
account numbers.
Chargebacks
Fraudulent trasactions often return as chargebacks. Unfortunately, it's
extremely difficult to design a monitoring system that links current
chargebacks to trasnactions on the actual date of sale, which may be weeks or
months in the past. As a second-hand alternative, many banks compare today's
chargebacks to today's sales.
Indicators: More than X chargebacks in a specified period of time
Value of Chargebacks exceeding X% of sales
Rationale: A high number or large dollar volume of chargebacks may flag a
fraudulent merchant who has evaded other screens.
Hints For Implementation
Here are some hints to help you produce timely, informative reports that will
help your staff focus their efforts effectively:
1) Set the numerical parameters of your system at levels that are appropriate
for both your merchant clientele and your staff. If you set X too low,
you'll generate large, cumbersome reports which your staff will never be
able to follow up. If you set X too high, you may overlook some suspicious
cases. To find the happy medium, experiment.
2) Compile data daily or weekly -- whichever best fits your staff capabilities
and merchant portfolio. There's no point in generating more reports than
you can use.
3) Exclude key merchants, such as chains or high-volume stores, which could
overload the system.
4) Use Merchant Category Codes to identify merchants whose business is subject
to seasonal fluctuations. By adjusting parameters for seasonality, you'll
avoid many false alarms.
Your system can be as complex or as simple as your needs dictate. You can
design it for a mainframe, or download pertinent data to a personal computer,
or create a system to run from a desktop. The guiding prinicple: Generate
the maximum amount of useful information that your stff can handle.
What To Do When You Suspect Fraud
To determine whether fraud has actually occurred...
:_Freeze Funds.
:_Retrieve sales drafts or all suspect transactions.
:_Validate all authorization codes
:_Conduct a merchant visit.
:_Contact issuing bank.
The integrity of the MasterCard System depends on your active participation in
the battle against merchant fraud. W/ your help, fraud can be reduced. It's
in your interest.
N.I.A. - Ignorance, There's No Excuse.
Founded By: Guardian Of Time/Judge Dredd.
[OTHER WORLD BBS]
|
|
