More Related Content
What's hot
What's hot (20)
Similar to Trust and safety in the vacation rental industry
Similar to Trust and safety in the vacation rental industry (20)
Recently uploaded
Recently uploaded (20)
Trust and safety in the vacation rental industry
- 2. I’M NINA, A NERD WHEN IT COMES TO FRAUD
- 4. Use fraud tools aka superpowers to fight fraud and build trust.
- 5. AVS AND CVV CHECKS CVV in particular is a shared secret between the card holder and the issuing bank. We ask buyer to provide their credit card billing address and card verification value/CVV and verify the same with the issuing bank. Given that e- commerce merchants CAN NOT store CVV (a PCI requirement), a fraudster will not have access to it even if they have card number, expiration date and billing address information. (Fraudsters typically buy stolen cards pm the dark web). MAINTAIN LISTS Verified traveler, block traveler, watchlists (suspicious) : Over 10% of all orders are from repeat travelers that have proved themselves to be legitimate card holders A.K.A. as verified. Similarly, you can track email IDs amongst other uniquely identifying attributes from orders that resulted in fraud chargeback to block them from gaming the system subsequently. MACHINE LEARNING & BEHAVIORAL ANALYSIS Statistical models that learn complex patterns in data. Behavioral analysis: We know the typical behavior of a traveler making a $1000 booking. They looks at a few options, spend, say 15 minutes before they make a booking. We compare the behavior of traveler with the “expected behavior” and do all this without introducing any friction to the process. This also spots bot activity. DEVICE FINGERPRINTING It is quite important to uniquely identify the device (browser) that the booker is making the transaction from. It is easy to buy multiple emails but much harder to use one device per order. Similarly, if we know where the device is located you can determine its proximity from the card holder’s billing (generally their residential address) VELOCITY CONTROL Given that fraudsters are organized crime units, you want to watch out for “repeat bookings” from the same person: be it the same email or device and effectively stop them for perpetuating fraud on your platform
- 7. Did you know? Fraudsters are organized and very resourceful in converting stolen cards to cash Fraudster Real Cardholder Did you know? They buy stolen cards on dark net that other fraudsters added from a data breach Steals Card details 1 Fraudster Completes stay 3 Vacation Rental website Books an immediate stay2 Approve 2 Payment Processor/ Gateway Calls bank with anxiety5 Credits the money back to the real card holder and debits the merchant6 Receives credit card statement and recognizes a purchase he didn’t make4 2 2 2 Issuing Bank BUYER FRAUD You, the vacation rental, lose money ($1000) every time you let a fraudster book your property . To make this worse, you also get dinged a chargeback fee and have to work hard to fight it. 7 7 7
- 9. Travel merchants lose an average of 0.44% of annual revenues to online fraud.
- 12. AVS AND CVV CHECKS CVV in particular is a shared secret between the card holder and the issuing bank. We ask buyer to provide their credit card billing address and card verification value/CVV and verify the same with the issuing bank. Given that e- commerce merchants CAN NOT store CVV (a PCI requirement), a fraudster will not have access to it even if they have card number, expiration date and billing address information. (Fraudsters typically buy stolen cards pm the dark web). MAINTAIN LISTS Verified traveler, block traveler, watchlists (suspicious) : Over 10% of all orders are from repeat travelers that have proved themselves to be legitimate card holders A.K.A. as verified. Similarly, you can track email IDs amongst other uniquely identifying attributes from orders that resulted in fraud chargeback to block them from gaming the system subsequently. MACHINE LEARNING & BEHAVIORAL ANALYSIS Statistical models that learn complex patterns in data. Behavioral analysis: We know the typical behavior of a traveler making a $1000 booking. They looks at a few options, spend, say 15 minutes before they make a booking. We compare the behavior of traveler with the “expected behavior” and do all this without introducing any friction to the process. This also spots bot activity. DEVICE FINGERPRINTING It is quite important to uniquely identify the device (browser) that the booker is making the transaction from. It is easy to buy multiple emails but much harder to use one device per order. Similarly, if we know where the device is located you can determine its proximity from the card holder’s billing (generally their residential address) VELOCITY CONTROL Given that fraudsters are organized crime units, you want to watch out for “repeat bookings” from the same person: be it the same email or device and effectively stop them for perpetuating fraud on your platform
- 13. AVS fails CVV fails CVV pass Address Verification Service (AVS) / Card Verification Value (CVV) Fraudster Payment Processor/Gateway Can’t provide CVV Booking declined Provides correct CVV/zip Booking successful Dark Web Obtains a stolen card Real Cardholder Issuing Bank Cardholder Profile Issue a Credit card2 Registers / creates an account1 3 4 VacationRental.com Name Card # Exp Date Zip Code CVV Submit VacationRental.com
- 14. Known Good and Bad Buyers (Maintain Blocklist/Whitelist/Watchlist) Fraudster Real Cardholder Payment Processor/Gateway VacationRental.com Name Card # Exp Date Zip Code CVV Submit Booking declined Booking successful Dark Web Obtains a stolen card Traveler List Green (Approve) Orange (Refer) Red (Decline) Did you know? More than 10% of the traffic is from repeat or known customers Check if you know the buyer (use verified elements like email or phone ) STRONG match on buyer fuzzy match on card, run rules by checking against traveler lists. 1 2 Cardholder Profile Issuing Bank
- 15. Velocity Control (frequency of seeing a buyer) Fraudster Real Cardholder Payment Processor/Gateway VacationRental.com Name Card # Exp Date Zip Code CVV Submit Issuing Bank Cardholder Profile Dark Web Obtains stolen cards Counters IP Address Email id Card Number Multiple bookings from the same card (Orange/ Risky) Multiple bookings from different cards but same device (Orange/Risky) The above from a device proxying itself (red/ decline) 2 TOOL #3 Bookings declined Booking successful Booking from a real cardholder Booking 1 Booking 2 Booking 3 1 3
- 16. Device Fingerprinting ( IP, Geo location etc.) Fraudster Real Cardholder Payment Processor/Gateway VacationRental.com Name Card # Exp Date Zip Code CVV Submit Issuing Bank Cardholder Profile Dark Web Obtains a stolen card TOOL #4 Location: RUSSIA Location: CALIFORNIA Detect where the device is using IP and geolocation 2 Detect the device uniquely using device fingerprinting 1 Detect the real device even if proxy is used 3 * RED FLAG - Zip verified in California but device is in Russia - CVV failed - Multiple bookings - Immediate stay - E-mail can’t co-relate to CA either *
- 17. Modern Tools – Machine Learning, Behavioral Analysis Fraudster Real Cardholder Payment Processor/Gateway VacationRental.com Name Card # Exp Date Zip Code CVV Submit Issuing Bank Cardholder Profile Dark Web Obtains a stolen card TOOL #5 MACHINE LEARNING - Statistical models can’t handle more than 2 dimensions well - Pair Machine learning with Rules to define Policies such as avoiding business with sanctioned countries &/or quick fixes Machine Learning Behavioral Analysis - Behavior of a fraudster is different from that of a real cardholder. For instance, they use bots to fill card information and spend much lesser time reviewing properties
- 20. 20
- 21. Yapstone proprietary and confidential 21 TPV by Billing City
- 22. Yapstone proprietary and confidential 22 Fraud and Attempted Fraud by Billing City