The nature of credit card fraud has shifted in recent years. In the past, credit card skimming or cloning was a popular option among fraudsters. In credit card skimming schemes, thieves can use a device to steal credit card information from a credit card in an otherwise legitimate transaction and use the stolen information to clone a new credit card. This practice, however, has declined with the growing use of Europay MasterCard Visa (EMV) integrated circuit cards (chip cards). These chip cards have made it difficult for fraudsters to use cloned cards at physical merchants. Because cloning schemes have become less effective, fraudsters have turned their attention to CNP fraud in order to bypass the chip-related features of EMV cards.
CNP fraud involves the unauthorized use of a credit or debit card number to purchase products or services in a non-face-to-face setting. CNP fraud generally takes place on the Internet although some fraudsters perpetrate it through call center operations or through the mail. In these transactions, the merchant does not physically inspect the credit card. The incidence rate of CNP fraud is rising and accounts for more than 50% of card fraud losses worldwide. In view of this alarming trend, there is a need to develop preventive mechanisms to combat CNP fraud.
Many CNP schemes follow a similar pattern. This pattern generally begins with the theft or mass compromise of numerous cards. These stolen or compromised cards are then sold in batches via the Internet to prospective buyers. Because some of these cards may be inactive or blocked, buyers must test these cards before attempting a fraudulent event.
Testing can occur anonymously at CNP Internet testing sites. At these testing sites, a fraudster can determine which cards are active by cycling through a batch of cards and charging a nominal amount to each probed card. Probed cards that can accept the charge are considered active and can be used at a later date in a fraudulent event.
Because batch testing of these cards is a precursor to a fraudulent event, the real-time detection of a test event and the flagging of probed cards as high risk accounts can help prevent CNP fraud. Although test event detection can also be based on a common point of purchase (CPP), such as a particular Internet test site, a fraudster may intentionally mix CPPs in order to distribute fraudulent charges over a large footprint to avoid detection. As such, the real-time detection of test events is preferred.