In this digital age, merchants are challenged by customers who want near instantaneous transactions across multiple channels and the need to reduce fraudulent transactions. At the same time, merchants struggle to enhance fraud detection for the rapidly growing market of digital goods.
With the prevalence of computers, mobile telephones and the Internet, buyers and sellers can now interact without seeing one another; card-not-present (CNP) transactions in which the merchant never sees the payment card are now much more common. As e-commerce becomes more popular and digital sales and delivery more common, merchants struggle to contain fraudulent payments without inconveniencing customers. A glitch during an e-commerce transaction can result in loss of the transaction for the merchant.
Unfortunately, card-not-present transactions—many of which are performed using computers, a telephone or mobile devices—are responsible for a great deal of fraud. But, increasing fraud controls and tightening up fraud detection algorithms in order to detect fraud during a transaction can result in a good transaction being denied and a good customer being turned away. Most fraud detection systems are not yet able to handle the increase in online card-not-present transactions and especially the sale and delivery of digital goods.
One type of software tool used in a fraud detection system is known as link analysis. Link analysis is used in law enforcement to find associated individuals or behaviors and in building social networks, and can be useful in fraud detection. For example, consider a fraudster who has stolen a large number of credit card numbers and is attempting to use those cards to complete transactions from his or her computer—and is trying to fool the fraud detection system into thinking that all of these transactions are from different people. Link analysis can be used to analyze any links between all of these transactions and to eventually conclude that many cards are being used from a single IP address—indicating an anomaly or fraud. Thus, link analysis allows one to link disparate transactions in order to find fraud.
But, it is important in link analysis to identify erroneous links that may cause misidentification. For example, one hundred orders may originate from the same IP address because that IP address is used by all guests of a hotel, or because that is the IP address of a gateway proxy server. Or, the same billing address may be listed for numerous transactions because that is the billing address of a corporate credit card or the address of an apartment complex. In addition, the entity “caller ID” may be the same for many transactions because that telephone number is an exchange number or an 800 number. Thus, even though an entity in all of these transactions is the same, this common link does not indicate (in these examples) that all transactions are originating from a fraudster.
Some existing technologies use a static exclusion list that accumulates over time in order to differentiate between a corporate firewall IP address (from which different users execute electronic-commerce transactions) and an IP address of a home computer which a fraudster is using to impersonate numerous people using stolen identities or stolen payment cards. A static exclusion list is not optimal and is often ineffective because manually maintaining a static exclusion list is not a scalable solution. Adding or removing entries from the list usually causes delay, and the list needs to be manually reviewed. Thus, further techniques and systems are desired to improve link analysis.