We often think of payment fraud as an isolated, opportunistic crime. Of one fraudster operating alone: stealing cards, then using them to make illegitimate purchases.
This does happen, of course – but it’s the exception, rather than the rule. Because fraudsters rarely operate in single, isolated acts, or alone – they’re big, expansive operations that, more than anything, rely on speed. On testing stolen debit and credit cards fast, then quickly pilfering as much money from them as possible before the owner finds out.
To do this, they may target your ecommerce website: making illegitimate purchases that, when discovered, you foot the bill for – and which detract from your bottom line and brand.
So how can you stop them?
With velocity checks, that’s how. Velocity checks use fraudsters’ greatest weapon – speed – against them by looking at the rate of transactions a user is attempting to make in a given time period. Below, we’ll explain how velocity checks and risk rules work, and – more importantly – how merchants can use them to prevent multiple types of online payment fraud.
Velocity checks are a fraud prevention strategy designed to reduce the amount of fraud and chargebacks your business faces – and the associated financial and reputational impacts they come with.
As the name suggests, velocity checks examine the rate at which a buyer attempts to make multiple transactions through your ecommerce website.
But wait – why is that important? Multiple transactions mean more sales, and more revenue…isn’t that a good thing?
Not always. Let us explain.
Generally, the people who steal credit card information – usually hackers – aren’t the same people attempting to use it. The fraudsters attempting to use that stolen data to make illegitimate purchases have often bought it off the Dark Web. But they have a problem – they don’t know how much of that unauthorized credit card information is valid.
To find out, they engage in card testing fraud: making small-value purchases and observing whether or not they go through:
Once the cardholder wises up to the illegitimate activity, they’ll contact their bank, which will result in a chargeback. When this is (rightly) upheld by the issuing bank, you – as the merchant – will be slapped with a chargeback fee on top of the goods or services you’ve already delivered to the fraudster.
This is what makes velocity checks so important – so how do they work?
Velocity payments work by looking at the rate at which a buyer is attempting to make multiple transactions through your site – and raising the alarm if foul play is suspected.
The most important element, here? Time. Two or three failed transactions from one customer over the course of a day, or a week, isn’t necessarily cause for concern. They may have forgotten their card details, inputted the wrong CVV, or accidentally used an expired card.
Five transactions over the course of 20 minutes, however, should set the alarm bells ringing – and this is exactly what velocity checks look at. Velocity checks are available through fraud detection solutions – like Checkout.com’s Fraud Detection product – and here’s how they work:
Of course, seasoned credit card testing fraudsters have a few tricks up their sleeves to get around velocity checks. One strategy might be to create multiple fake accounts, and test different cards from each so it doesn’t look like they’re all coming from the same user.
Fortunately, there’s another type of velocity check that doesn’t look at the user, or their credit or debit card information, alone – but their IP address (a unique digital identifier assigned to every internet-connected device). This enables velocity checks to take a user’s device and location into consideration – and enable a more comprehensive fraud detection approach.
To recap, there are two types of velocity check:
Risk rules are sets of conditions that, if met, indicate a potentially fraudulent transaction.
These ‘risks’ include unusual transaction types, amounts, currencies, or locations, as well as mismatching credit card details. Machine learning models – which spit out a score of between 0 (not at all risky) and 100 (extremely risky) per transaction – also feed into risk rules.
Velocity risk rules, then, allow you to automatically trigger actions based on the frequency of transactions (this could be daily, weekly, or monthly) with matching attributes (such as account holder name or IP address) over a specific period.
Some of the commonly used parameters velocity rules rely on include:
How do these parameters look in practice? Building on our basic example from above, velocity risk rules essentially say:
“If more than X instances of Y behavior occur while Z is active and A present – all within a timeframe from B to C, from D location – increase the user’s risk score by E.”
To read more about fraud detection’s various risk rules and categories, explore our comprehensive document designed to help you understand fraud prevention.
Firstly, velocity checks are important because they prevent fraud.
They can stop your business from falling prey to illegitimate transactions, and the lengthy – and often unwinnable – credit card disputes they result in. This saves your business time and money, while allowing you to sidestep the damage to your brand’s public profile and reputation.
Secondly? Velocity checks are as customizable as your business needs them to be. Velocity risk rules allow you to choose the triggers and timeframes most relevant to your ecommerce website’s unique, specific online fraud prevention needs – then tailor them accordingly.
This allows you not only to detect the various types of online fraud prevalent in 2023 – such as card testing fraud, synthetic identity fraud, and account takeover fraud – but understand them, too. Ensuring your business isn’t relying on a reactive fraud prevention solution, but a proactive one – built on the most relevant knowledge, and the most sustainable foundations.
You can use velocity checks to detect and prevent a wide range of fraud, including:
Now you know what types of fraud velocity checks can help prevent, what strategies can you use to apply them? To customize velocity checks to your business’s most pressing needs, and harness them to solve real-world commercial challenges?
To get started, try:
For a deep dive into the role of data in tackling fraud, explore our guide to fraud analytics.
Velocity checks are a brilliant anti-fraud tool – but they aren’t perfect.
Relying on velocity checks alone – or too much – can lead to false positives. And rules that are too complicated could prevent legitimate users from completing purchases on your site. Conversely, as the US Payments Forum notes, velocity rules that are too simple can be reverse engineered by fraudsters – who’ll keep activity just below the alert threshold to stay incognito.
What’s more, velocity checks can only prevent fraud that occurs before an illegitimate transaction takes place – not, in the case of ‘friendly’ fraud, after it’s already happened.
That’s why velocity checks are best used not in isolation, but as one weapon in a potent, powerful fraud detection arsenal that works seamlessly, hand in hand, with your payment processing solution.
A solution, perhaps, that’s exactly what Checkout.com offers with Fraud Detection Pro.
We engineer velocity checks directly into our fraud prevention approach: using advanced machine learning and flexible risk rules to spot – and stop – fraud at the source.
Our fraud prevention toolkit is simple to set up and get started with (Fraud Detection Pro is built into Checkout.com, so no extra integrations are required). And – like velocity rules – you can customize your fraud setup to fit your precise needs.
That means the ability to set custom lists and machine learning rule thresholds: to direct transactions to different outcomes, and leverage AI to create automated ‘risk profiles’ of customers and transactions – before they have the chance to damage your business.
Get in touch with our team today to find out more about how Checkout.com can help you combat different types of fraud – and safeguard your business from scammers.