Skip to content

How Velocity Checks Prevent Fraud

Anti-fraud services use velocity checks to detect unusual shopping behavior. When a thief is using stolen credit cards, that thief may attempt to make purchases much more frequently than a legitimate customer would. A velocity checking service uses this observation to prevent fraud. It measures how often a buyer tries to make purchases and uses this metric to adjust the risk score for the transaction. If the score rises beyond a certain threshold, the velocity checking service can automatically lock a customer out of your store.

Measuring Transaction Frequency to Prevent Fraud

A velocity check considers how reasonable it would be for a customer to make repeat purchases. You probably know how often your customers buy products from your store. If one customer makes purchases much more often than other customers, this is a potential sign of fraud. But transaction frequency isn’t enough to flag a transaction by itself because the risk depends on the product the customer is buying.

For example, it’s normal to visit a convenience store several times a week to pick up refreshments, so it wouldn’t be unusual for the same customer to visit the convenience store and use the same card there every day. And the same thing would be true if the customer visited a coffee shop before work every morning. Using the same card to buy coffee every day would be normal. Some people even visit the same coffee shop multiple times per day because they like to talk to the other customers.

But if a buyer used a credit card to purchase a TV set today, and then they bought another TV set the next day, that type of transaction would be more unusual. If the buyer already owns a TV set, they’re less likely to need to purchase another one. And if they buy a third television set the next day with the same credit card, it would be a good idea to confirm that they actually own that credit card. If they attempted to purchase a fourth TV set a day later, it might be a good idea to automatically block that purchase.

So if you plan to use a velocity checking service, the appropriate transaction frequency for a product depends on the product’s category. For example, a big-box store might sell potato chips and soft drinks as well as TV sets and laptop computers. A velocity check should not treat buying a bag of chips the same way as buying a new smartphone. A transaction classification service would be complementary to a velocity checking service because of this factor.

Metrics Used to Perform Velocity Checks

To perform a velocity check, the velocity checking software attempts to identify the customer by using data provided by the customer. These sources of data include IP addresses and the hardware and software configuration of the customer’s computer as well as credit card data. For example, velocity checking software may identify the web browser the customer is using, such as Chrome, Safari, or Mozilla, as well as any plug-ins they have installed.

It’s important to consider multiple metrics during a velocity check because using one metric might not be enough. For example, a scammer might be using a proxy service to hide their IP address and obtain a new IP address for each transaction. This trick could fool a system that rejects multiple orders from the same IP address if they occur right after one another. But anti-fraud software can pierce the proxy by using other data, such as details about the computer that’s being used to make the purchase.

Banks use identity verification services like this to ensure that only the authorized account holder can log into the web portal for a bank account. They can check the hardware and software configuration of the device that’s submitting the login request, and if the bank doesn’t have details for the device on file they may ask for additional verification data. This type of identity verification service is called device fingerprinting.

The Velocity Checking Algorithm

A velocity checking algorithm is a counter. For example, imagine that you rated the fraud risk for each customer on a scale of 0 to 100. You might start off the counter for each customer at zero. Then, when the velocity checking algorithm identifies multiple purchases from the same customer in a short time frame, you can increment the counter.

For example, the first purchase from a customer might have a risk score of 0. But if the customer submits a second order an hour later, you could increment the risk score by 10 so the total score would be 10. Then, if the customer makes a third order on the same day, you could add another 10 points to the risk score and the total score would be 20. If you set the maximum risk score to 30, your system would automatically block transactions from that customer until their risk level decreases.

An example of this concept in action is a bank or credit union locking you out of your account after several failed log-in attempts. The velocity checking service does the same thing for your business by temporarily blocking transactions from buyers who submit multiple orders, including valid orders, in a short period. Because velocity checking provides a time-based risk score, it should gradually drop over time. So a velocity checking service might reduce the risk score for each customer by 10 points the next day or even reset it to zero.

Velocity Checks Must Consider Multiple Factors

If you look at how banks and telecommunications companies set up their log-in processes, you can see how a velocity check works and why it’s important. These firms use both time-based account lockouts and device fingerprinting to prevent fraud. But store owners need to consider an additional question if they plan to use velocity checks. They need to know how often a customer would normally visit a store to buy a specific item.

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *