Fraud Prevention

Effective Tools to Detect Stolen Credit Cards, Part 1 Of 3

There are hundreds of branded tools that ecommerce merchants can turn to for help in catching fraudulent credit card orders. Some tools are free, and some come bundled or offered as additional features in payment processing systems like and Google Checkout. Others can be subscribed to, purchased as software or outsourced. As yet there doesn’t appear to be any all-in-one solution, although some come close.

Many online merchants are already on board with fraud detection technology. The average merchant uses 4.4 fraud detection tools according to the 2008 “Online Fraud Report”; from CyberSource, a major electronic payment and risk management solution provider. The trick is to wade through all of the tools to determine which ones are best for your type of sales, your type of data storage and your type of customer. These articles should give you a sense of where to start or what you might be missing.

Online merchants are one step ahead of the game if they can catch fraudsters in the act of making fraudulent credit card purchases. There are many real-time options for checking the authenticity of data entered into online order fields.


This tool runs the card information through the credit card issuer’s network. It’s a free service to merchants using real-time processing. It can check with the bank to see if the card has enough credit capacity to cover the purchase and has not otherwise been reported lost or stolen. Some advanced authorization tools, such as ones offered by Visa, will also check the number against lists of breached data. Cards that don’t pass the authorization step are declined, and the potential customer must enter another form of payment or correct any manually inputted errors. Authorization does not confirm if the person using the card is authorized to use it.

Address verification services

Numbers in addresses, such as street numbers and zip codes, can be checked as a card is authorized or with a merchant-placed phone call to the credit card company. This tool determines whether the billing address on the order form matches the address where the customer gets their credit card statements. But it’s not failsafe. The customer could have moved recently, the AVS computer could be down, the person could be traveling or stationed somewhere else or the customer could make a simple mistake.

Merchants with the best AVS acceptance spell out that the billing address must be the address where the potential customer’s credit card statement is mailed. Even so, “a sophisticated cyber thief is going to be able to pass that,” says Dan Clements of, a subscription service that catalogs stolen credit card numbers floating around the Internet. “Ninety-nine percent of the [stolen] cards that we see are accompanied by the full and valid address.”

Thieves provide the valid address for AVS approval, but request that their package be shipped somewhere else. Sure, gifts can happen. So savvy e-merchants are setting up additional safeguards for orders with different ship-to addresses. Some are charging fees for delivery signatures on different ship-to addresses. Others, like, simply won’t ship certain products, like MP3 players or other electronics items, out of the U.S. unless the billing address and shipping address are the same.

Credit card verification method

Eighty percent of merchants in CyberSource’s survey requests that customers input their card-code-verification or card-verification-method numbers. These three- or four-digit numbers can be checked during authorization to make sure it matches. Found on the back of most cards and on the front of American Express, these codes are known by different initials: CVV2 for Visa, CVC2 for MasterCard, and CID for American Express and Discover.

“;Since most fraudulent transactions result from stolen card numbers rather than the actual theft of the card, a customer that supplies this number is much more likely to be in possession of the credit card,” says Terry Jepson, a business software developer for Wisconsin-based Wisco Computing who has researched credit card fraud for the Association for Shareware Professionals. “Reports from VISA say that using AVS with CVV2 validation for card-not-present transactions can reduce chargebacks by as much as 26 percent.”

Turning on this option with your merchant account or payment gateway is “as easy for me as checking the appropriate box in the administrative functions,” says Jepson.

It’s still not failsafe: “This used to be a good tool to determine if a card was stolen or not, but we see hundreds of stolen cards each day and they all seem to have a valid [CCV] number,” Clements says. “But still run the tool to detect the ones that don’t pass.”

Jennifer D. Meacham
Jennifer D. Meacham
Bio   •   RSS Feed