Today, electronic commerce encompasses a broad range of order and delivery channels such as the Internet, telephone, catalogue, and fax, to name the most visible. In addition to being homogeneous due to their electronic order, entry, and delivery means, these channels share a characteristic of non-personal payment or payee-not-present. That is, the electronic merchants and direct marketeers must accept electronic payments without being able to personally verify the purchaser's identity. As a consequence, one of the most serious problems facing electronic commerce today is the risk of transaction fraud when the consumer and merchant do not meet face-to-face.
Fraud can be divided both into merchant fraud (where a merchant defrauds a consumer) and consumer fraud, whereby a transaction is conducted by a consumer using a fraudulent credit card account or by a consumer misrepresenting himself in a transaction. Consumer fraud costs electronic merchants and direct marketeers today between 5% and 7% of their sales.
Presently, there are a number of companies who are in the business of limiting credit card fraud. Each of these companies utilizes a method of exposing the fraudulent transaction by determining that it does not follow a predictable experience in the usage of a particular credit card (i.e., within a geographic location, from one of a group of vendors, for a particular type of merchandise or service, etc.). Using these existing methods, the merchant is typically only notified when there is a deviation from a predictable credit card pattern.
It is fundamental to understand that for non-personal transactions, such as on-line or direct marketing transactions, since there can be no signature confirmation, the merchant accepts all of the risk that the transaction is fraudulent in the event that the credit card holder denies the charge. A transaction can be voided simply by the denial of a cardholder, and the merchant will have funds deducted by the transaction processor (netted from future payments), and the merchant will incur a charge-back cost.
For example, for an electronic transaction processed over the Internet, merchants have to contract with a transaction processor. Transactions can either be processed via a direct interface with the merchant, whereby the merchant directly captures information on the customer, the card numbers, the “ship-to” address, etc. or via a “gateway” company which outsources key features of the transaction processing and data capture.
The electronic merchant receives an order from the person who gives a name, credit card number, and expiration date to the retailer in connection with a purchase. The purchaser directs that the merchandise be delivered to an address which is different than the credit card billing address. Using traditional methods, the merchant receives a credit card approval number from its gateway and ships the merchandise to the shipping address.
If, in fact, the credit card number has been stolen and the transaction is fraudulent, the true cardholder will likely reject the invoice when he is billed for it, claiming fraud. Since the credit card company had confirmed the validity of the card (which remains in the owner's possession), and because the transaction is “card not present,” i.e., was not involved with a signature verification, the credit card company has no liability. Assuming the cardholder refuses to pay the credit card company, the credit company will issue a charge back against the retailer, which has no recourse. As a result, the merchant loses the value of the merchandise, the shipping charge, the original transaction costs, and the transaction cost on the charge back with its payment processor. Such losses could be significant if the rate of fraudulent activity for these non-personal transactions is high.
Thus, there exists a need for a system and method for detecting fraudulent transactions in non-personal commerce transactions and reducing the risk and loss associated therewith.