Fraud Risk Scheme:
Card-Not-Present (CNP) fraud occurs during online, telephone, or mail-order transactions where the bank card is not physically used. A fraudster uses stolen card information (number, expiration date, CVV code) to make remote purchases, generally without the legitimate cardholder's knowledge. This data can be obtained via data breaches, phishing, malware, or fraudulent websites.
Detection:
Inconsistent IP address with customer profile: Detection of transactions initiated from an unusual IP address or one geographically distant from the customer's residence or habits.
Multiple use of the same card across different accounts: Potential indicator of card compromise used in organized fraud schemes.
Multiple failed attempts followed by a successful payment: Behavior that may indicate a brute-force attack (attempting combinations of number/expiration/CVV).
Unusual or high-value purchases: Transactions deviating from the customer's usual purchase behavior (high amount, different product category, etc.)
Prevention:
Strong Customer Authentication (3D Secure/SecureCode): Requiring an additional authentication step (password, code sent by SMS, validation within the banking app) to validate the online transaction.
Transaction limits and geographical restrictions: Implementation of limits on the amount and number of transactions, or restriction of purchases from certain high-risk areas.
Behavioral analysis and machine learning systems: Use of algorithms to assess the risk of a transaction in real-time based on the customer's historical purchasing profile.
Address Verification System (AVS): Comparison of the provided billing address with the one registered by the card issuer.
Share Your Feedback:
What tools, techniques, and processes are used in your organization to detect and prevent such fraud schemes?
