Any business that accepts bank or credit cards for payment accepts some amount of risk that the transaction is fraudulent. However, for most merchants the benefits of accepting credit cards outweigh the risks. Conventional “brick and mortar” merchants, as well as mail order and telephone order merchants, have enjoyed years of business expansion resulting from credit card acceptance, supported by industry safeguards and services that are designed to contain and control the risk of fraud.
Credit card transactions are being utilized in a variety of environments. In a typical environment a customer, purchaser or other user provides a merchant with a credit card, and the merchant through various means will verify whether that information is accurate. In one approach, credit card authorization is used. Generally, credit card authorization involves contacting the issuer of the credit card or its agent, typically a bank or a national credit card association, and receiving information about whether or not funds (or credit) are available for payment and whether or not the card number is valid. If the card has not been reported stolen and funds are available, the transaction is authorized. This process results in an automated response to the merchant of “Issuer Approved” or “Issuer Denied.” If the merchant has received a credit card number in a “card not present” transaction, such as a telephone order or mail order, then the credit card authorization service is often augmented by other systems, but this is the responsibility of the individual merchant.
While most merchants will not accept orders that result in a response of “Issuer Denied,” the automated nature of an online transaction requires merchants to implement policies and procedures that can handle instances where the card has been approved, but other data to validate a transaction is questionable. Thus, the purchaser's bank may approve the transaction, but it is not clear whether the transaction is valid.
Because significant amounts of legitimate sales are associated with unknown levels of risk, it is critical to find ways to maximize valid order acceptance with the lowest possible risk. Categorically denying such orders negatively impacts sales and customer satisfaction, while blind acceptance increases risk.
To address these issues, merchants have augmented card authorization with additional screening procedures and systems. One such additional procedure is to manually screen orders. While this approach is somewhat effective when order volume is low, the approach is inefficient and adds operating overhead that cannot scale with the business.