Spotting Fraudulent Transactions - How To?

[Lee]

So i was wondering if anyone had any hints/tips on helping program/paysite owners to spot fraudulent transactions or at least things we should be looking for? I have a few things that i typically look for when a new sale comes in just by browsing the sale notification email...

1) The Customers Name.

More often than not, this is actually the best thing that program owners can use to spot fraudulent signups, things like celebrity names or famous names or anything else that stands out as looking 'strange' is definately worth a closer look at the transaction, in addition, if you notice a lot of 'Smiths' or 'Jones' signing up.

2) The Customers Email Address.

When compared to the name used to join the site, for example, if you have a member who signs up called 'Robert Jones' for example and their email address is something like 'GeoffreyEdwards@' this is another good thing to warrant a little closer inspection of the transaction.

3) The Affiliate Account.

More often than not, fraudulent affiliates are a programs biggest problem, if you suddenly notice an affiliate sending more sales than what they are used to sending or, if you notice an affiliate who has joined the program but hasnt sent any traffic and they get a good sales ratio when compared to everyone else, this can be a red flag to watch out for.

4) Country Of Transaction.

Most fraudulent transactions that i have had on Condom Cash in the past 2 years, have actually come from places like Italy and Australia, because of this i naturally check the details of transactions from these countries, this is where keeping an eye on your chargebacks and fraud transactions in terms of the country of origin can be a great asset.

So what other thiings are there to look out for in terms of spotting fraudulent membership transactions that you use? Lets add to this list and help everyone get a little better at fraud management with their programs

It would also be nice if we could get someone from CCBill or Epoch in here to give some pointers, there must be lots of things the processors can add to this thread to help us all become more profitable in combating fraud, friendly or otherwise.

Regards,

Lee

[basschick]

we got a stack of fraudulent signups from one source and the usernames and passwords were a series of meaningless numbers and letters. we've literally never had a member create such a login, and although using roboform's password generator, one could, it's pretty uncommon.

[Lee]

Thats a good one actually, i had that happen a few weeks ago, the login was something stupid like asdfgh and the password was 123456.

I deactivated the account immediately and saved a highly potential chargeback because of a fraudulent transaction.

Something else i have noticed starting more and more is when someone signs up and doesnt access the members area right away.... Porn is an impulse buy, if someone doesnt login right away after getting their membership ill typically cancel their account because it just doesnt seem 'right' to me.

Regards,

Lee

[corvett]

here are some point we presented at the feb xbiz show:


Screening - Know Your Business Partners
• Affiliates from countries that have a low GDP are generally riskier than affiliates from more industrialized counties.

• Ask for references from other sites that the affiliate has promoted

• Validate the affiliate’s information: Whois information for the domains, the date the domain was registered, IP address of the affiliate, the check or bank wire receiving location, etc.

• Watch for affiliates with differing personal information but with consistent payment information. Some fraudulent affiliates may choose to distribute their transactions across multiple accounts for the same program.

Monitoring - Watch the Transaction Flow
• Watch for patterns in the non transaction-critical information that the fraudulent affiliate has to create:

o Email Address (Watch for higher proportions of uncommon or free email addresses.)
o Username/Password
o IP address (Do the IP addresses generally match the consumer’s postal location?)
o Price Points
o Subscription Level (trials, monthly membership, 3 month membership, etc.)
o Computer Fingerprint/Cookies

• Women’s Names - Generally, lists of credit card information are split up evenly between men and women, while users to most adult sites (excluding female-oriented sites such as lesbian sites/dating sites, etc.) are men.

• Cancellation Ratios - Look for affiliates that are sending transactions with low cancellation ratios. For example, if the average cancellation ratio before the first rebill for your 3 day trials is 70% and there is an affiliate sending sales with a ratio significantly higher than that, the consumers who are being charged may not know there is a transaction to cancel.

• Consumers Logging Into The Site - Look for affiliates that are sending transactions with users who are not logging into the site. Most legitimate users will log into the members area of a site after they make a purchase.

• Signup Ratios - Look for suspicious form hits/submission ratios on affiliate transactions, ratios that are different from other affiliates ratios. For instance, where every unique hit turns into a sale.

• Affiliate Payouts - Higher payouts are more likely to attract fraudulent affiliates.

• Reactive Information - Monitor the cancellation reasons, refund reasons, chargeback rates, refund rates, etc for affiliates.

[Chilihost]

this is a very good thread!

Nats helps out a lot with this - it shows you the IP address of the signups and of the affiliates and their click trails, its a brilliant way to see fraud. I spotted a fraudulent affiliate who had 3 signups using the same IP addresses - which were registered to webservers! My suspicions were verified when I dug deeper: the surfers supposedly clicked directly to the signup pages, they never signed into the sites, they all used the same pattern for userids & passwords and the email addresses were all similar.

Plus nats also let me see all other activity on any affiliate (nats saves all info every time someone clicks an affiliate's join link, even if the surfer never signs up), you could see the exact same pattern with all other so-called surfer clicks & signup attempts.

Another huge give-away is that these webmasters tend to use epassporte and not cheque payouts.

I make it a habit to tag any affiliates who I don't know with an internal tagging system. Until I know they are not fraudulent, this tag remains on their account and any signups get extra attention. Sure it takes more time, but by being proactive and reversing these fraud charges, we avoid chargebacks and fraud payouts.

[Lee]

Thanks for that great list Mark :thumbsup:

Im curious though, if a high amount of hotmail/yahoo/gmail addresses are more likely to be fraudulent, would it not be a good idea to block those types of email address from even signing up in the first place?

I mean for someone to be 'online' they must have a 'real' email address from their ISP.

Regards,

Lee

[corvett]

Thanks for that great list Mark :thumbsup:

Im curious though, if a high amount of hotmail/yahoo/gmail addresses are more likely to be fraudulent, would it not be a good idea to block those types of email address from even signing up in the first place?

I mean for someone to be 'online' they must have a 'real' email address from their ISP.

Regards,

Lee

fyi, i think about half or more users use a free email address similar to the ones you described above

[chodadog]

I saw some fucking hilarious fraudulent transactions recently.

Referring URL for all his transactions? The linking code page from within the affiliate program.
Email addresses for signups? Same username as his account name.
And then he had the audacity to contact someone and ask what was going on. When told his account was canceled for blatant fraud, he seemed stunned.
But no less stunned than we were to find him doing the exact same thing the next day. Funny stuff.