Australian e-Business Services

Fraud Prevention - Tips for WorldPay Clients

WorldPay supply very sophisticated, cutting edge card checking and authorisation systems that enable you to trade online. These systems have been developed over several years, use state of the art technology and undergo regular scrutiny from our banking and other strategic partners to ensure that they conform to their high standards. The systems are modified regularly to incorporate not only, additional functionality and flexibility, but also to build in additional checks to ensure that your account is not compromised by fraudsters in the same way as those operated by many other payment system suppliers.

WorldPay will be implementing even greater levels of fraud control by the end of February 2001. Part of that exercise includes educating users of these systems in how to spot potentially fraudulent transactions that will not be detectable automatically (i.e. a cardholders card is stolen by someone close to them, but they have not yet registered it as stolen). Obviously our systems, being necessarily automated due to the vast amount of transactions passing through them, can detect abnormal usage patterns and check databases of previously fraudulent transactions, but regular scrutiny 'by eye' assists to some extent in isolating potentially fraudulent transactions that cannot be detected automatically.

To this end, the following advice should assist in reducing your minimal exposure even more, and we would advise that you implement your own checking procedures to supplement ours, using this document as your point of reference. Where appropriate, as in country mismatch between cardholder and delivery address, we will warn you of transactions that have cleared, that may warrant further scrutiny and commensurate action, based on the knowledge and experience we have accrued.

1. Most semi-serious fraudsters, who obtain their credit card details from lists published on websites, or by using illicit programs that produce lists of algorithmically allowable card numbers, will attempt to mask their identity from later tracing by obtaining an Internet connection via an ISP utilising dynamic IP allocation (i.e. they get a different, randomly allocated address every time they login), and by using as their email identity a 'free' address from one of a growing number of suppliers. Included amongst these are the ubiquitous Hotmail and Yahoo Mail, but there are some 10,000 others. While most users of these free addresses are quite legitimate, caution should be exercised when an order is received where the purchaser has entered one onto your payment form, and a warning will be published on the transaction confirmation despatched to you to assist you in this. Any follow up activities to confirm identity prior to despatch of the goods are of course at your discretion, and you may wish to restrict yourself to a checking subset, based on the other criteria outlined below, if transactions of this type are preponderant.
   
   Customers who are particularly concerned, such as those shipping 'downloadable' goods, can apply to have all transactions arising from users of these email addresses blocked at source, thereby rendering the 'checking' automatic. Though we would advise that this could significantly affect profitability. Finally, it must be noted that although not all users of free email addresses are fraudsters, most fraudsters use free email addresses, and most legitimate transactions use email addresses assigned by their ISP, which are normally traceable.
    
2. We do not mandate display or capture certain items of information on the payment form, but you may wish to reject orders from purchasers who choose not to complete the form fully. Especially contact detail fields, if you feel suspicious in any way about the legitimacy of the purchaser (some pointers to this are given below). As a side effect, you could even be alerting a genuine cardholder in advance that their card is being used illegitimately, so that they can notify their card issuer and have the card 'stopped'.
   
   Customers being requested to ship orders outside their own country, especially to known centres of Internet credit card fraud such as the ex-Eastern Bloc and third world countries, may wish to stress this particular check, as regardless of your ability to trace a potential fraudster. Getting your goods back, may prove extremely difficult in this circumstance, as even in your own country prosecution and recompense for credit card fraud are difficult to pursue, especially for (what are deemed by the authorities) low value transactions. To close, obviously PO or 'drop' boxes are open to abuse, and you should be wary of their users.
    
3. You should be wary of orders that are outside your norm, for example multiple purchases of an item normally only ordered singly (e.g. 10 copies of the latest Britney Spears CD, or even 2 television sets), or purchases that vastly exceed the average value of normal orders. Where you have regular purchasers, you should also be wary of orders outside their norm.
    
4. You should be wary of orders placed by purchasers in the middle of the (their) night. Again, some of these may be legitimate, but most won't be.

Note: Information and advice concerning transactions which may potentially be suspect is supplied in good faith to our customers in order to support them in deciding whether they wish to process the transaction in question or raise further queries, but Worldpay cannot guarantee the accuracy or completeness of the information. Worldpay cannot accept responsibility for the use of such information and the customer shall indemnify WorldPay against any liabilities arising from the customer deciding to accept or decline a transaction.