Fraud is a major concern for any Merchant who trades online. Preventing fraud is a
fundamental concern at
Iridium. To this end we offer, free of charge, all the major fraud detection and
available in the industry. Iridium also has a suite of internal features and tools,
also freely available
for your use.
Address Verification (AVS)
Matching the address that the buyer supplies at the point of transaction against
the one that is registered
with the card issuer is very useful in detecting possible fraud.
If a cardholder is unable to deliver
the correct registered
address, it could be an indication of fraud. Address checking does, however, have flaws.
Specifically, the wording in the
address itself is not checked but rather only the numeric characters. If a cardholder
enters "Flat 1" and the bank holds
"Flat One", the check will fail, even though the address is actually correct.
should be done in combination with other checks to give a clearer indication
of whether a transaction is genuine.
Security Code (CV2) Checks
On the back of all credit and debit cards there is a 3 or 4 digit code which can be
checked against the code held by the card issuer. Only the card issuer is allowed to
store this code, so it should only exist on the card itself and in the issuer's database.
This check verifies
that the person giving the
card information at the point of purchase has physical access to the card itself.
However, this check also has
flaws. The person giving the card information may have physical access
to the card, but may not be
the cardholder, or may not have permission from the cardholder to enact the transaction.
This check is best
used in conjunction with other security checks.
IP Address Checking
The IP address from where the transaction request originates can also indicate the
likelihood of fraud.
For example, if the cardholder AVS checks come back matched for a UK postal address
but the IP address
originates from another country then this can be a possible indication of fraud.
There can be legitimate situations where this may happen. An example would be a
businessman, who is overseas, purchasing a gift to be delivered on their return home.
With this in mind, this check is best used in conjunction with other security checks.
All types of credit and debit cards offer 3D-Secure Authentication.
The principal concept is that the card issuer, at the point of transaction,
authenticates the card holder. This authentication is done by checking a password registered
with the card issuer and is only known by the card holder,
similar to a PIN number. The benefit of this check is that the if the transaction is
3D-Secure Authenicated, the liability for the
transaction is shifted from
the Merchant to the card issuer. This means that even if the transaction is fraudulent,
the financial burden
is not worn by the Merchant. 3D-Secure Authentication is recommended as the primary
check in today's eCommerce environment. However, it
should still be done in conjunction with other security checks.
The biggest protection against fraud is common sense. If you have any doubts about a
transaction, then do not take it. You can insist on other payment methods to minimise
your risk, for example ask them to transfer the funds via BACS or another bank to
bank transfer mechanism.