Posts Tagged ‘credit card verification’

Three credit cards with Banking Identification Number showing

Credit Card Validation – BIN There, Done That

If you are involved in e-commerce, you probably know the importance of credit card validation. And if you work with Service Objects, you may have at least a passing familiarity with our DOTS BIN Validation service, which helps you fight fraud by checking the validity of incoming credit card numbers. But do you know how BIN validation works, or where it fits in the overall ecosystem of credit card verification strategies?

This is one area where knowledge is truly power. You see, there is no single “best” approach to credit card validation. If you use a strict approach to flag suspicious cards, you may also lose a lot of sales (and still have fraud issues). If you try to maximize your sales through more relaxed business rules, you may get eaten alive by fraudulent transactions and chargebacks – or even lose your merchant account and ability to do business. So knowing your business needs and your options are the keys to being an educated and protected credit card processing merchant.

It all starts with the number

Ever wonder why you can’t just make up 16 random digits and call it a credit card number? Because the various parts of this number each have specific roles, ranging from the type of issuer in the first digit, to a checksum digit at the end based on a mathematical formula involving the other digits. These 16 digits pack a lot of useful information about the card besides its account number.

Your first line of defense in preventing fraud lies with first six digits of this credit card number, commonly known as Bank Identification Number (BIN), but increasingly being called by the broader term of Issuer Identification Number (IIN). Under either name, here are some fun facts about the BIN, courtesy of Sapling:

  • Most true credit cards start with a 4 or 5, signifying financial institutions. But your American Express card starts with a “3,” because of its history as a so-called “travel and entertainment” card.
  • Other values of this first digit are reserved for other types of issuers such as airlines, gas stations, and retailers.
  • The next five digits are used to specify the issuing institution as well as the type of card, such as credit, debit or gift cards.

How to validate a credit card: the short course

What is the best way to validate a credit card? You would probably expect us to say “ours.” And often, of course, that would be correct. (We’re a little biased.) But we are just part of the best practices you should have in place to protect your business.  Let’s look at the pros and cons of different approaches, how they interact with each other and explain why we recommend BIN validation be part of your strategy for most applications.

Luhn Check

Remember that checksum we mentioned earlier? This is the simple algorithmic check that generates it. It is great for catching typos on cards and saving sales in real-time, and is generally built into most e-commerce platforms or easily added. This is your first line of defense and costs nothing. Good, immediate error messaging to your customer is the most effective way to save a sale from a bad typo. The Luhn check does little to protect you from stolen and fraudulent credit cards, as it is easy to create numbers that can fool this simple check.

Address Verification System (AVS)

AVS requires you to connect with the credit card companies, through their merchant processing portals to perform a real-time check. It compares the address on file for the credit card to the address entered at the time of the order. This is stronger than the Luhn check because it will flag cards where the address doesn’t match the one on file. However, it is prone to both false positives (most stolen cards are acquired with valid addresses) and false negatives (legitimate cards with user typos), where the risk of lost sales can outweigh its fraud prevention benefits.

(Pro tip: Our DOTS Address Validation suite, checks the validity of any address in the world and, if needed, corrects it. These validation services are often low-cost ways to guard against false negatives, where we can correct the address before submitting for AVS, helping preserve legitimate sales.)

Real-Time Card Validation

This check can normally be performed through the merchant processor with the card issuer, where the card is validated to ensure that the account is real, has not been flagged for fraud or theft, and that funds are available. This check is often used in parallel with AVS. However, this process can put a hold on a cardholder’s funds – particularly in the case of debit cards – and it does NOT provide guaranteed prevention from fraudulent cards from being used.

BIN/IIN Validation

Based on data returned from the BIN look-up, (brand, card type, sub-type, issuer, country), you can create business logic on how you want to handle each scenario, particularly high-risk ones. For example, you can:

  • Decline to accept pre-paid credit cards for a monthly subscription product (because they are finitely funded).
  • Flag an order for further review if the issuing country or bank is outside of accepted boundaries.
  • Review transactions where the issuer location raises suspicion relative to the customer address.

In cases like these, you have options such as asking for a different card in real-time, or escalating the issue to your customer care team to call the customer directly before shipping product or providing service.

The importance of credit card validation

It is important to note that whenever fraudulent cards are used, the merchant loses. The customer of a stolen credit card is not on the hook, and the credit card companies generally do not take the hit. However, the merchant is usually out the product or service supplied, as well as the resources it takes to discover the fraud and fight the credit card company. And if too many fraudulent transactions happen, you can incur higher processing fees, expensive chargebacks, or even ultimately lose your merchant account and your ability to do business.

But you can mitigate these risks with the help of a little automation – and we can help! Simply contact us, and we’ll be happy to help you create a personalized strategy for fighting fraud while maximizing your credit card sales.

Online Fraud is Growing. What Can Your Business Do?

What is one of the biggest growth industries in the United States today? Hint: It isn’t something most of you would want your kids to major in at school, unless you want them to go to the state pen instead of Penn State – because this rapidly growing industry is online fraud.

The Costs of eCommerce Fraud Are Staggering

Estimates vary, but recent figures from DigitalCommerce360 project the value of eCommerce fraud nearly doubling from US $10 billion to $19 billion between 2014 and 2018, as the eCommerce market continues to grow from a historic peak of US $2.3 trillion in 2017. One particular area of fraud, account takeovers, jumped 45% in Q2 of 2017 alone according to the Global Fraud Index, and these fraudulent pirated accounts represent one of the top three types of online retail fraud.

A subtle but equally important issue is what the fear of online fraud costs you and your business. According to a recent fraud benchmarking survey from CyberSource:

  • Domestic and cross-border orders have exactly the same rates of fraud among companies surveyed – just under 1% – however nearly twice as many cross-border orders get rejected, costing valuable revenue as well as damaging customer relationships.
  • The costs of manual transaction review are one of the major financial consequences of online fraud. Nearly 80% of companies conduct manual reviews, impacting an average 25% of their transactions – and yet nearly 90% of these transactions are ultimately accepted.
  • The costs of manual review hits smaller companies particularly hard, where companies under US $5M in annual revenue review nearly six times the percentage of transactions (47%) as companies greater than $100M (8%).

The uptake of all of this? Guarding against eCommerce fraud is really a two-pronged effort: reducing online fraud itself, and reducing the revenue lost to the indirect costs of fraud. For both of these issues, the key is implementing effective automated solutions.

Technology Plays a Key Role in Preventing Online Fraud

According to the CyberSource survey, companies themselves rate three technologies among their top weapons against fraud:

Address verification: making sure an address is real, valid, and corresponds with the person making the order

Credit card number verification: making sure a credit card is legitimate and properly owned

Fraud scoring models: coming up with a quantitative score based on multifactor analysis

Other tools fall into the category of leveraging existing customer data, such as credit history checks, customer order history, or two-factor phone authentication using previous device information on file.

Cyber-fraud is growing explosively nowadays because the market for it gets more lucrative every year, and combating it requires tools that keep you one step ahead of the fraudsters. Service Objects’ fraud prevention capabilities have the advantage of leveraging authoritative up-to-the-minute third-party data, such as USPS CASS Certified® address validation capabilities, global address validation that verifies and corrects international mailing addresses to the unique requirements of each country’s postal address formats and cultural idiosyncrasies, and IP validation that helps you ensure that the origin of an online order correlates with billing and shipping locations. In addition, we offer lead and order validation capabilities using multi-function verifications that give you a quantitative quality score you can use to automate your order processing decisions.

We offer a free consultation to help you determine what tools can help protect your revenue stream. Contact us today to learn what we can do for you.