%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% N.I.A. %% %% Network Information Access %% %% 01FEB90 %% %% Guardian Of Time %% %% File #5 %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% :_Detecting Merchant Fraud :_Typed In By: Guardian Of Time :_"A Guide To Monitoring Credit Card Transactions" :_Written By: Mastercard International N.I.A, is Proud to Present A Guide To Monitoring Credit Card Transactions, this file is a small comphrensive manual, on what SOME people look for in Credit Card Fraud. This is by NO MEANS to be used for Fraudulent Purposes, and since I know some of you will, ( why should I deny it? ), you do it w/ out my aproval, meaning that I am NOT responisble for any actions you do, this is for EDUCATIONAL PURPOSES ONLY. ---------- Merchant Fraud: Everyone's Problem A MasterCard merchant portfolio is a major source of revenue and profit for many banks. And it can be even more profitable if member banks combat oneof the most serious drains on the entire system -- merchant fraud. Industry fraud losses total more than $200 million per year. Although most of the direct cost is borne by issuing banks, acquiring bnks today face increased liability, particularly in cases where fraud shouold have been detected. What's more, the associated costs of fraud, in lost time and lost business, are felt by all participating banks and ultimately, consumers. But you can fight back. There are basic and inexpensive ways to limit your bank's exposure and make the system work better for everyone -- through monitoring of merchant transactions. This Guide outlines a series of early warning signals that will enable you to spot fraud promptly and take the necessary responsive reaction. Based on a survey of MasterCard member banks, this Guide identifies the monitoring procedures that have proved most effective in fighting fraud. By selecting those that best fit your circumstances, you can design a monitoring system that works for you. Note: ( Those members utilizing third party processors should request reports containing information suggested in this guidebook. ) THE MANY FACES OF FRAUD The first step in detecting fraud is to understand how it occurs. Here's a sample of some of the most common forms: Collusive Merchants Thee merchants or their employees work actively w/ criminals, supplying account numbers and other account information, or knowingly process transactions using lost, stolen or white plastic cards. These merchants are distinguished from merchants who are honest victims of fraud on their premises but take no steops to fight it. Telemarketing Scams "Boiler Room" phone sales operations offer travel packages, jewelry, vitamins or other merchandise at prices that seem to good to be true - and are. The goal: Lure consumers into divulging their card numbers and experation dates. Consumers receive worthless merchandise, nothing at all; or find that their accounts are charge repeatedly for a single purchase. Not only is the consumer cheated, but under some circumstances, the acquiring bank faceds liability as well. White Plastic Schemes Illegally obtained account numbers are embossed onto otherwise blank cards -- obvious fakes, which don't look like real MasterCard cards. The phony card transactions are then processed by a collusive merchant and submitted to the member bank as genuine. Laundering Laundering is a way for Fraudulent merchants to participate in MasterCard activity w/out entering into a merchant agreement. A merchant deposits the fraudulent merchant's sales drafts in return for a cut of the face value of the items. All such third-party deposits are prohibited by the MasterCard Bylaws and Rules. New Merchant Bust-Out Schemes A fake business is set up, often complete w/ stocked shelves to deceive bank investigators. W/in the first few days of operation, the new business makes heavy deposits -- most or all of them fraudulently obtained account numbers, representing nonexistent sales. No merchandise actually changes hands. The operators collect from the bank, often by a series of wire transfers to other accounts, and disappear. Merchants Who Make Cash Advances to Themselves Using his or her own MasterCard, a merchant or employee completes a sales slip, submits it to the acquirer, but receives no merchandise or service. Instead, the merchant simply opens the register and takes out cash equal to the sales slip total -- an instant loan. ( The loan may or may not be repaid later, through the proprietor's personal account ). Otherwise honest merchants may resort to this practice when they experience difficult times. Often they have longstanding business and personal relationships w/ their bankers -- which makes it especially difficult for the banker to see or act on this type of fraud. Electronic Data Capture Scams These scams take advantage of the fact the EDC terminals allow card numbers to be keyed in, or read electronically. Merchants obtain account numbers illegally, key enter the transsactions and collect the cash from their banks. Fraud Busting: Exception Reporting Fraudulent merchants usually leave tracks. Their account activity often deviates sharply from the norm for their type of business. That's why an initial investigation, before signing a merchant, is your first line of defense in conjunction w/ a monitoring system that pinpoints exceptions to normal business patterns. While no screening system can take the place of your sound business judgement in distinguishing dishonest from honest merchants, a well designed exceptin reporting program can help you: :_Track activities of new and established merchants :_Spot suspicious activity that warrants closer scrutiny :_Investigate cases of possible fraud :_Prevent extensive losses In the next few pages you will find detailed, practical suggestions for designing your own exception reporting system. No single system is best for every bank. It's up to you to choose the specific indicators that you will use in distinguishing exceptional patters from the normal day-to-day ups and downs of business. Deposits Deposit records are a rich source of indicators that can signal fraudulent activity on the part of a merchant. You'll find a discussion of these "red-flags" below, including a brief ratinale for each one. There are three points to keep in mind as you adapt these indicators to your needs: 1. It's not always necessary or practical to track all of the possible indicators. They're suggestions from which to pick the ones that make the most sense for you. 2. There are no magic numbers that automatically indicate questinable behavior on the part of a merchant. For some, a $5,000 deposit would be exceptional; for others a $50,000 deposit would be routine. For some, a 20% increase in deposit volume would be suspicious; for others, a 50% increase - for example during a peak season -- would be no cause for concern. That's why numerical cutoffs are left for you to determine. (See "Hints for Implementation" for thoughs on how to do it). 3. Many "Red Flags" take the form of sudden changes in the volume, frequency, size or other aspects of a merchant's deposits. To detect such changes, you will first need to gauge the merchant's normal activity by tracking the deposit history. Here's an approach that can help you pinpoint meaningful departures from the norm: :_Use deposit data from a 90-day period, to average out shrot term fluctuations and establish a reliable baseline. :_Use a rolling base period. Update your figures on each merchant to reflect the most recent 90 days. You'll automatically adjust for gradual growth or lulls in the merchant's business, and you may avoid false alarms. :_For new merchants, use their expected deposit figures until you have collected actual deposit data for 90 days. :_To Calculate... average deposit size, by dividing 90-day volume by total number of deposits average monthly deposit, by dividing 90-day volume by 3 average weekly deposit, by dividing 90-day volume by 13 average daily deposit, by dividing 90-day volume by the number of deposits made by the merchant during that time period. average ticket size, by dividing 90-day volume by total number of transactions. :_Add to each base figure an X% margin, to allow for normal variation. (X is a figure set by you and based on experience ). :_Whenever a merchan't total deposit, ticket size, etc. exceeds that merchant's base plus X, this should print on your reports as an exception, to be investigated further. This generic approach can be applied to many of the specific deposit indicators that follow: Indicator: All deposits for newly signed merchants Rationale: Careful tracking of new merchants establishes a baseline for future comparisons. In addition, an unusually high volume of early business may be a signal a "Bust-Out" Scheme. Indicators: Sudden Increases in ... Average Ticket Size Deposit volume ( daily, weekly or monthly ) number of transactions per deposit frequency of deposits Rationale: Sudden jumps in volume, ticket size, etc. Can be associated w/ almost any type of fraud, since the objective is to w/draw as much money as possible, as quickley as possible. Laundering, in particular, will raise this type of flag, when the "front" merchant adds third-part tickets to his own. Indicator: Diminishing deposit volume, ticket size, number of transactions per deposit or frequency of deposits Rationale: While not a fraud indicator per se, a sudden drop in business may signal impending financial problems, such as delinquent loans and eventual bankruptcy. Indicator: Deposits in which the same cardholder account number appears more than X Times Rationale: Multiple charges may indicate a stolen card or illegaly obtained account number. These are typically put to heavy use right away, before they can be statused by the bank. ( Again, it's up to you to determine what number of repeat charges in a single deposit constitutes grounds for suspicion). Indicator: Deposits in which the same dollar amount appears more than X times Rationale: Multiple transactions in the same amount sometimes point to a telemarketing scam. Typically hig pressuer telemarketers sell the same product over and over in a short period of time. Also, they often charge the same account several times for one item of merchandise. Indicator: Deposits containing X% of transactions just below the MasterCard floor limit Rationale: Merchants processing stolen cards or illegally obtained account numbers will often use this approach to evade the authorization requirement. Indicators: Deposits containing transactions... on cardholder accounts statused by the bank on expired cards older than the presentation cycle allowed for the merchant deposits by blocked merchants Rationale: All such deposits show negligence on the part of a business or its employees, and may represent deliberate attempts to obtain illegitimate payments. Authorizations The key in monitoring authorizations is to set up a system that flags exceptions daily. If you act quickly enough you may even be able to block fraudlent transactions before they are submitted into interchange. Indicators: All authorizations over x dollars more than x authorizations in one day on the same cardholder account number More than x authorizatoin attempts in one day on the same cardholder account Rationale: Very large authorizations or multiple authorizatins on the same account may signal an attempt to clean out an account before the cardholder realizaes that the card has been stolen or the number is being used fraudulently. Indicator: Repeated authorizations ( or attempts ) in the same dollar amount Rationale: Like repeated deposits in the same amount, repeated authorizations w/in a short period may point to possible fraud situations. Indicator: All transactions for which authorizatoin was required but not obtained Rationale: Failure to secure authorization reflects procedures in need of correction. Merchants who deliberately ignore the authorization requirement may be hiding the use of stolen cards or illegally obtained account numbers. Indicator: % of denied authorizations vs. attempts Rationale: When a large percentage of a merchant's authorization attempts are denied, the merchant may be testing the credit limits of stolen cards or illegally obtained account numbers. Electronic Data Catpure Some cards can't be read electronically because of damage to the magnetic stripe. This a certain proportion of keyed transactions is unavoidable. Hoever, excess ue of the key option warrants further examination. Indicator: Percent of keyed transactons vs. swiped transactions Rationale: An unusually high proportion of keyed transactions vs. swiped transactions may indicate that the merchant is using illegally obtained account numbers. Chargebacks Fraudulent trasactions often return as chargebacks. Unfortunately, it's extremely difficult to design a monitoring system that links current chargebacks to trasnactions on the actual date of sale, which may be weeks or months in the past. As a second-hand alternative, many banks compare today's chargebacks to today's sales. Indicators: More than X chargebacks in a specified period of time Value of Chargebacks exceeding X% of sales Rationale: A high number or large dollar volume of chargebacks may flag a fraudulent merchant who has evaded other screens. Hints For Implementation Here are some hints to help you produce timely, informative reports that will help your staff focus their efforts effectively: 1) Set the numerical parameters of your system at levels that are appropriate for both your merchant clientele and your staff. If you set X too low, you'll generate large, cumbersome reports which your staff will never be able to follow up. If you set X too high, you may overlook some suspicious cases. To find the happy medium, experiment. 2) Compile data daily or weekly -- whichever best fits your staff capabilities and merchant portfolio. There's no point in generating more reports than you can use. 3) Exclude key merchants, such as chains or high-volume stores, which could overload the system. 4) Use Merchant Category Codes to identify merchants whose business is subject to seasonal fluctuations. By adjusting parameters for seasonality, you'll avoid many false alarms. Your system can be as complex or as simple as your needs dictate. You can design it for a mainframe, or download pertinent data to a personal computer, or create a system to run from a desktop. The guiding prinicple: Generate the maximum amount of useful information that your stff can handle. What To Do When You Suspect Fraud To determine whether fraud has actually occurred... :_Freeze Funds. :_Retrieve sales drafts or all suspect transactions. :_Validate all authorization codes :_Conduct a merchant visit. :_Contact issuing bank. The integrity of the MasterCard System depends on your active participation in the battle against merchant fraud. W/ your help, fraud can be reduced. It's in your interest. N.I.A. - Ignorance, There's No Excuse. Founded By: Guardian Of Time/Judge Dredd. [OTHER WORLD BBS]