370 lines
16 KiB
Plaintext
370 lines
16 KiB
Plaintext
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
%% N.I.A. %%
|
|
%% Network Information Access %%
|
|
%% 01FEB90 %%
|
|
%% Guardian Of Time %%
|
|
%% File #5 %%
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
|
:_Detecting Merchant Fraud
|
|
:_Typed In By: Guardian Of Time
|
|
:_"A Guide To Monitoring Credit Card Transactions"
|
|
:_Written By: Mastercard International
|
|
|
|
N.I.A, is Proud to Present A Guide To Monitoring Credit Card Transactions, this
|
|
file is a small comphrensive manual, on what SOME people look for in Credit
|
|
Card Fraud.
|
|
|
|
This is by NO MEANS to be used for Fraudulent Purposes, and since I know some
|
|
of you will, ( why should I deny it? ), you do it w/ out my aproval, meaning
|
|
that I am NOT responisble for any actions you do, this is for EDUCATIONAL
|
|
PURPOSES ONLY.
|
|
|
|
----------
|
|
|
|
Merchant Fraud: Everyone's Problem
|
|
|
|
A MasterCard merchant portfolio is a major source of revenue and profit for
|
|
many banks. And it can be even more profitable if member banks combat oneof
|
|
the most serious drains on the entire system -- merchant fraud.
|
|
|
|
Industry fraud losses total more than $200 million per year. Although most of
|
|
the direct cost is borne by issuing banks, acquiring bnks today face increased
|
|
liability, particularly in cases where fraud shouold have been detected.
|
|
What's more, the associated costs of fraud, in lost time and lost business, are
|
|
felt by all participating banks and ultimately, consumers.
|
|
|
|
But you can fight back. There are basic and inexpensive ways to limit your
|
|
bank's exposure and make the system work better for everyone -- through
|
|
monitoring of merchant transactions.
|
|
|
|
This Guide outlines a series of early warning signals that will enable you to
|
|
spot fraud promptly and take the necessary responsive reaction. Based on a
|
|
survey of MasterCard member banks, this Guide identifies the monitoring
|
|
procedures that have proved most effective in fighting fraud. By selecting
|
|
those that best fit your circumstances, you can design a monitoring system that
|
|
works for you. Note: ( Those members utilizing third party processors should
|
|
request reports containing information suggested in this guidebook. )
|
|
|
|
THE MANY FACES OF FRAUD
|
|
|
|
The first step in detecting fraud is to understand how it occurs. Here's a
|
|
sample of some of the most common forms:
|
|
|
|
Collusive Merchants
|
|
|
|
Thee merchants or their employees work actively w/ criminals, supplying account
|
|
numbers and other account information, or knowingly process transactions using
|
|
lost, stolen or white plastic cards. These merchants are distinguished from
|
|
merchants who are honest victims of fraud on their premises but take no steops
|
|
to fight it.
|
|
|
|
Telemarketing Scams
|
|
|
|
"Boiler Room" phone sales operations offer travel packages, jewelry, vitamins
|
|
or other merchandise at prices that seem to good to be true - and are. The
|
|
goal: Lure consumers into divulging their card numbers and experation dates.
|
|
Consumers receive worthless merchandise, nothing at all; or find that their
|
|
accounts are charge repeatedly for a single purchase. Not only is the consumer
|
|
cheated, but under some circumstances, the acquiring bank faceds liability as
|
|
well.
|
|
|
|
White Plastic Schemes
|
|
|
|
Illegally obtained account numbers are embossed onto otherwise blank cards --
|
|
obvious fakes, which don't look like real MasterCard cards. The phony card
|
|
transactions are then processed by a collusive merchant and submitted to the
|
|
member bank as genuine.
|
|
|
|
Laundering
|
|
|
|
Laundering is a way for Fraudulent merchants to participate in MasterCard
|
|
activity w/out entering into a merchant agreement. A merchant deposits the
|
|
fraudulent merchant's sales drafts in return for a cut of the face value of the
|
|
items. All such third-party deposits are prohibited by the MasterCard Bylaws
|
|
and Rules.
|
|
|
|
New Merchant Bust-Out Schemes
|
|
|
|
A fake business is set up, often complete w/ stocked shelves to deceive bank
|
|
investigators. W/in the first few days of operation, the new business makes
|
|
heavy deposits -- most or all of them fraudulently obtained account numbers,
|
|
representing nonexistent sales. No merchandise actually changes hands. The
|
|
operators collect from the bank, often by a series of wire transfers to other
|
|
accounts, and disappear.
|
|
|
|
Merchants Who Make Cash Advances to Themselves
|
|
|
|
Using his or her own MasterCard, a merchant or employee completes a sales slip,
|
|
submits it to the acquirer, but receives no merchandise or service. Instead,
|
|
the merchant simply opens the register and takes out cash equal to the sales
|
|
slip total -- an instant loan. ( The loan may or may not be repaid later,
|
|
through the proprietor's personal account ).
|
|
|
|
Otherwise honest merchants may resort to this practice when they experience
|
|
difficult times. Often they have longstanding business and personal
|
|
relationships w/ their bankers -- which makes it especially difficult for the
|
|
banker to see or act on this type of fraud.
|
|
|
|
Electronic Data Capture Scams
|
|
|
|
These scams take advantage of the fact the EDC terminals allow card numbers to
|
|
be keyed in, or read electronically. Merchants obtain account numbers
|
|
illegally, key enter the transsactions and collect the cash from their banks.
|
|
|
|
Fraud Busting: Exception Reporting
|
|
|
|
Fraudulent merchants usually leave tracks. Their account activity often
|
|
deviates sharply from the norm for their type of business. That's why an
|
|
initial investigation, before signing a merchant, is your first line of defense
|
|
in conjunction w/ a monitoring system that pinpoints exceptions to normal
|
|
business patterns.
|
|
|
|
While no screening system can take the place of your sound business judgement
|
|
in distinguishing dishonest from honest merchants, a well designed exceptin
|
|
reporting program can help you:
|
|
|
|
:_Track activities of new and established merchants
|
|
:_Spot suspicious activity that warrants closer scrutiny
|
|
:_Investigate cases of possible fraud
|
|
:_Prevent extensive losses
|
|
|
|
In the next few pages you will find detailed, practical suggestions for
|
|
designing your own exception reporting system. No single system is best for
|
|
every bank. It's up to you to choose the specific indicators that you will
|
|
use in distinguishing exceptional patters from the normal day-to-day ups and
|
|
downs of business.
|
|
|
|
Deposits
|
|
|
|
Deposit records are a rich source of indicators that can signal fraudulent
|
|
activity on the part of a merchant. You'll find a discussion of these
|
|
"red-flags" below, including a brief ratinale for each one.
|
|
|
|
There are three points to keep in mind as you adapt these indicators to your
|
|
needs:
|
|
|
|
|
|
1. It's not always necessary or practical to track all of the possible
|
|
indicators. They're suggestions from which to pick the ones that make the
|
|
most sense for you.
|
|
|
|
2. There are no magic numbers that automatically indicate questinable
|
|
behavior on the part of a merchant. For some, a $5,000 deposit would be
|
|
exceptional; for others a $50,000 deposit would be routine. For some, a 20%
|
|
increase in deposit volume would be suspicious; for others, a 50% increase
|
|
- for example during a peak season -- would be no cause for concern.
|
|
That's why numerical cutoffs are left for you to determine. (See "Hints for
|
|
Implementation" for thoughs on how to do it).
|
|
|
|
3. Many "Red Flags" take the form of sudden changes in the volume, frequency,
|
|
size or other aspects of a merchant's deposits. To detect such changes,
|
|
you will first need to gauge the merchant's normal activity by tracking the
|
|
deposit history.
|
|
|
|
Here's an approach that can help you pinpoint meaningful departures from the
|
|
norm:
|
|
|
|
:_Use deposit data from a 90-day period, to average out shrot term
|
|
fluctuations and establish a reliable baseline.
|
|
|
|
:_Use a rolling base period. Update your figures on each merchant to reflect
|
|
the most recent 90 days. You'll automatically adjust for gradual growth or
|
|
lulls in the merchant's business, and you may avoid false alarms.
|
|
|
|
:_For new merchants, use their expected deposit figures until you have
|
|
collected actual deposit data for 90 days.
|
|
|
|
:_To Calculate...
|
|
|
|
average deposit size, by dividing 90-day volume by total number of deposits
|
|
average monthly deposit, by dividing 90-day volume by 3
|
|
average weekly deposit, by dividing 90-day volume by 13
|
|
average daily deposit, by dividing 90-day volume by the number of deposits
|
|
made by the merchant during that time period.
|
|
average ticket size, by dividing 90-day volume by total number of
|
|
transactions.
|
|
|
|
:_Add to each base figure an X% margin, to allow for normal variation. (X is a
|
|
figure set by you and based on experience ).
|
|
|
|
:_Whenever a merchan't total deposit, ticket size, etc. exceeds that
|
|
merchant's base plus X, this should print on your reports as an exception, to
|
|
be investigated further.
|
|
|
|
This generic approach can be applied to many of the specific deposit
|
|
indicators that follow:
|
|
|
|
Indicator: All deposits for newly signed merchants
|
|
|
|
Rationale: Careful tracking of new merchants establishes a baseline for
|
|
future comparisons. In addition, an unusually high volume of early
|
|
business may be a signal a "Bust-Out" Scheme.
|
|
|
|
Indicators: Sudden Increases in ...
|
|
Average Ticket Size
|
|
Deposit volume ( daily, weekly or monthly )
|
|
number of transactions per deposit
|
|
frequency of deposits
|
|
|
|
Rationale: Sudden jumps in volume, ticket size, etc. Can be associated w/
|
|
almost any type of fraud, since the objective is to w/draw as much
|
|
money as possible, as quickley as possible. Laundering, in
|
|
particular, will raise this type of flag, when the "front" merchant
|
|
adds third-part tickets to his own.
|
|
|
|
Indicator: Diminishing deposit volume, ticket size, number of transactions
|
|
per deposit or frequency of deposits
|
|
|
|
Rationale: While not a fraud indicator per se, a sudden drop in business may
|
|
signal impending financial problems, such as delinquent loans and
|
|
eventual bankruptcy.
|
|
|
|
Indicator: Deposits in which the same cardholder account number appears more
|
|
than X Times
|
|
|
|
Rationale: Multiple charges may indicate a stolen card or illegaly obtained
|
|
account number. These are typically put to heavy use right away,
|
|
before they can be statused by the bank. ( Again, it's up to you
|
|
to determine what number of repeat charges in a single deposit
|
|
constitutes grounds for suspicion).
|
|
|
|
Indicator: Deposits in which the same dollar amount appears more than X times
|
|
|
|
Rationale: Multiple transactions in the same amount sometimes point to a
|
|
telemarketing scam. Typically hig pressuer telemarketers sell the
|
|
same product over and over in a short period of time. Also, they
|
|
often charge the same account several times for one item of
|
|
merchandise.
|
|
|
|
Indicator: Deposits containing X% of transactions just below the MasterCard
|
|
floor limit
|
|
|
|
Rationale: Merchants processing stolen cards or illegally obtained account
|
|
numbers will often use this approach to evade the authorization
|
|
requirement.
|
|
|
|
Indicators: Deposits containing transactions...
|
|
|
|
on cardholder accounts statused by the bank
|
|
on expired cards
|
|
older than the presentation cycle allowed for the merchant
|
|
deposits by blocked merchants
|
|
|
|
Rationale: All such deposits show negligence on the part of a business or its
|
|
employees, and may represent deliberate attempts to obtain
|
|
illegitimate payments.
|
|
|
|
Authorizations
|
|
|
|
The key in monitoring authorizations is to set up a system that flags
|
|
exceptions daily. If you act quickly enough you may even be able to block
|
|
fraudlent transactions before they are submitted into interchange.
|
|
|
|
Indicators: All authorizations over x dollars
|
|
|
|
more than x authorizations in one day on the same cardholder
|
|
account number
|
|
|
|
More than x authorizatoin attempts in one day on the same
|
|
cardholder account
|
|
|
|
Rationale: Very large authorizations or multiple authorizatins on the same
|
|
account may signal an attempt to clean out an account before the
|
|
cardholder realizaes that the card has been stolen or the number is
|
|
being used fraudulently.
|
|
|
|
Indicator: Repeated authorizations ( or attempts ) in the same dollar amount
|
|
|
|
Rationale: Like repeated deposits in the same amount, repeated authorizations
|
|
w/in a short period may point to possible fraud situations.
|
|
|
|
Indicator: All transactions for which authorizatoin was required but not
|
|
obtained
|
|
|
|
Rationale: Failure to secure authorization reflects procedures in need of
|
|
correction. Merchants who deliberately ignore the authorization
|
|
requirement may be hiding the use of stolen cards or illegally
|
|
obtained account numbers.
|
|
|
|
Indicator: % of denied authorizations vs. attempts
|
|
|
|
Rationale: When a large percentage of a merchant's authorization attempts are
|
|
denied, the merchant may be testing the credit limits of stolen
|
|
cards or illegally obtained account numbers.
|
|
|
|
Electronic Data Catpure
|
|
|
|
Some cards can't be read electronically because of damage to the magnetic
|
|
stripe. This a certain proportion of keyed transactions is unavoidable.
|
|
Hoever, excess ue of the key option warrants further examination.
|
|
|
|
Indicator: Percent of keyed transactons vs. swiped transactions
|
|
|
|
Rationale: An unusually high proportion of keyed transactions vs. swiped
|
|
transactions may indicate that the merchant is using illegally obtained
|
|
account numbers.
|
|
|
|
Chargebacks
|
|
|
|
Fraudulent trasactions often return as chargebacks. Unfortunately, it's
|
|
extremely difficult to design a monitoring system that links current
|
|
chargebacks to trasnactions on the actual date of sale, which may be weeks or
|
|
months in the past. As a second-hand alternative, many banks compare today's
|
|
chargebacks to today's sales.
|
|
|
|
Indicators: More than X chargebacks in a specified period of time
|
|
Value of Chargebacks exceeding X% of sales
|
|
|
|
Rationale: A high number or large dollar volume of chargebacks may flag a
|
|
fraudulent merchant who has evaded other screens.
|
|
|
|
Hints For Implementation
|
|
|
|
Here are some hints to help you produce timely, informative reports that will
|
|
help your staff focus their efforts effectively:
|
|
|
|
1) Set the numerical parameters of your system at levels that are appropriate
|
|
for both your merchant clientele and your staff. If you set X too low,
|
|
you'll generate large, cumbersome reports which your staff will never be
|
|
able to follow up. If you set X too high, you may overlook some suspicious
|
|
cases. To find the happy medium, experiment.
|
|
|
|
2) Compile data daily or weekly -- whichever best fits your staff capabilities
|
|
and merchant portfolio. There's no point in generating more reports than
|
|
you can use.
|
|
|
|
3) Exclude key merchants, such as chains or high-volume stores, which could
|
|
overload the system.
|
|
|
|
4) Use Merchant Category Codes to identify merchants whose business is subject
|
|
to seasonal fluctuations. By adjusting parameters for seasonality, you'll
|
|
avoid many false alarms.
|
|
|
|
Your system can be as complex or as simple as your needs dictate. You can
|
|
design it for a mainframe, or download pertinent data to a personal computer,
|
|
or create a system to run from a desktop. The guiding prinicple: Generate
|
|
the maximum amount of useful information that your stff can handle.
|
|
|
|
What To Do When You Suspect Fraud
|
|
|
|
To determine whether fraud has actually occurred...
|
|
|
|
:_Freeze Funds.
|
|
:_Retrieve sales drafts or all suspect transactions.
|
|
:_Validate all authorization codes
|
|
:_Conduct a merchant visit.
|
|
:_Contact issuing bank.
|
|
|
|
The integrity of the MasterCard System depends on your active participation in
|
|
the battle against merchant fraud. W/ your help, fraud can be reduced. It's
|
|
in your interest.
|
|
|
|
N.I.A. - Ignorance, There's No Excuse.
|
|
Founded By: Guardian Of Time/Judge Dredd.
|
|
|
|
[OTHER WORLD BBS]
|
|
|
|
|
|
|