Anti-fraud system for the white label payment solution beGateway

Today the White Label Payment Solution beGateway offers payment service providers three options of fraud protection: 3-D Secure, beGateway and minFraud (MaxMind) that are able to integrate with any other processing system.

1. 3-D Secure is the official payer verification technology, aka Verified by Visa, and MasterCard SecureCode.

2. MinFraud is a tool for detecting network fraud from the MaxMind company.

3. beProtected is a fraud protection and risk management system developed by the eComCharge team. beProtected can work with beGateway as well as any other payment gateway of the payment service provider if the latter requires fraud protection.

Besides the above-mentioned tools, a beGateway client can use any other fraud protection system.

beProtected. The Anti-fraud system for the white label payment solution beGateway

We have been thinking about our own system for detecting suspicious transactions since we began developing the white label payment gateway solution beGateway. We were able to accumulate enough statistical data due to the active use of the processing system by the merchants. Having analyzed the chargeback transactions and the related payment transactions, we noticed a number of common characteristics which, combined in a single transaction, suggest a highly probable fraudulent transaction.

For example, we have noticed that in most cases fraudsters use the same IP address, and sometimes even the same e-mail address with different cards belonging to different people. Besides, if the payment transaction has been rejected, the fraudster usually does not stop, and immediately or soon enough retries the payment using the same card. Then tries using a second or a third one. And keeps on either until the payment is successful, or till there are no more stolen cards.

Simply put, if over a short period of time there are a number of transactions with different cards, but with the same IP address or the same e-mail, such transactions are likely to be fraudulent. If on average payments for an online store come at intervals of 10-15 minutes and then suddenly there appears a group of transactions at an interval of 20-25 seconds, and only the last transaction is successful – this calls for additional verification of the paid order. And this order may well have been paid for by a stolen card (using stolen data).

We thought that the most effective fraud protection for electronic payments would be protection based on the analysis of behavioral characteristics of buyers and their payments. For successful fraud detection it is not enough to check card numbers, the IP and the e-mail. While continuing to analyze the payments for which chargebacks were received due to fraud, we have come to the conclusion that fraud can be described by a rule based on the payment parameters. 99% of fraudulent transactions have one or several of the 10-15 most commonly encountered features.

1. We have defined transaction parameters to be considered;

2. We have come up with a convenient form of creating security rules that describe the characteristics of a fraudulent transaction.

Finally, we have created beProtected – a fraud protection and risk management system that is able to use security rules to analyze each incoming transaction automatically.

beProtected is built on the basis of security rules, and in addition to fraud detection is excellent for other functions not directly related to fraud. For example, beProtected allows you to create and manage “white” and “black” lists based on any transaction parameter. Or set limits on the amount and number of payments. Or limit the number of transactions to be processed per unit of time. beProtected is able to control and respond to any event related to payment processing according to the specified rule.

The anti-fraud and risk management system beProtected works on the principle of a blackbox. The transaction data is input through the API. The output recommends one of the three actions:

1. admit transaction to processing

2. reject transaction

3. admit, but pay extra attention to it

The recommendation depends on the set of security rules that analyze the transaction. beProtected works with 32 transaction parameters, but the system user determines the amount of incoming data. The more information the system receives about a transaction, the more efficient the system is.