« Market Segmentation of your consumers needs to include security | Main | OAUTH and OATH - confusing? »

Stopping Card Not Present Fraud

Interesting article on "The Register" about a new way around an existing security measure in place to prevent online shopping fraud (http://www.theregister.co.uk/2008/06/11/plastic_fraud/).

To summarise, when you shop online (or place a mail or telephone order) this is known as a Card Not Present transaction, in other words the card is not physically present at the merchant when the transaction takes place.

This means that the clever stuff in your card which authenticates it to the electronic Point of Sale machine can't actually work, hence if a fraudster gets all the numbers on your credit card they can commit fraud.

A number of years ago, the financial industry (led by Visa and MasterCard) introduced a couple of measures to stop Fraudsters just stealing the credit card details of others. One is CVV2 (the three digit Security Code on the back of the card), the other AVS or Address Verifcation Service looks at the numbers in the address the card is registered to and compares that to the mailing address for the goods. If they are different it is more likely to be a fraudulent transaction (i.e. a Fraudster using stolen credit card details to order and send goods to another address).

The Fraudsters worked out that the AVS only checks the numbers in an address and so have got around this by looking for addresses they can send the fraudulent goods to which have the same numbers in as the real address (i.e a house number of 12 and a post code of W4 2QR would be the same as a housenumber of 12 and post code of E4 2RT).

Obviously this is not a perfect "workaround" for the fraudster but the article mentions a number of occasions where this has worked.

Solving the Card Not Present fraud problem is a major priority for banks and vendors alike and I hope to post something soon about how VeriSign plans to stop this type of fraud....sorry to be cryptic, we have a solution we are very sure will stop this and most other types of CNP fraud, but until we have done our due dilligence am unable to say more...

Posted by Mike Davies on June 11, 2008 2:04 PM |

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)