Post Process Detection Helps You Avoid Fraud

    June 18, 2003

Unfortunately the holiday shopping season brings with it an increase in the unauthorized and fraudulent use of credit cards to pay for on-line purchases. Fraudsters and hackers will to try and take advantage of you during this season in the hope that you will be too busy to notice a bad transaction.

This article covers post process fraud prevention: prevention after an order is received. Pre process prevention measures tend to be more technical in nature and are applied prior to or during a credit card transaction. Such items as checksum number validation, date checking, form field checking, and transaction isolation are some pre process activities.

If the items you sell are custom made or simply not readily resold into the retail market, then outright fraud is not likely to be a big concern. High value electronic consumer goods, on the other hand, are prime targets for fraudsters because they can be readily resold.

First, it is helpful to understand the process for a real time credit card transaction. Card transactions on the financial networks take place in two parts: authorization followed by settlement. When a customer submits a credit card at your storefront for payment, it is first processed for an authorization of payment. If the card is valid, a hold for the requested amount is placed on the customer’s available credit in the card account. Funds have not yet been transferred.

At some subsequent time, a request for settlement has to be made to the customer’s bank to cause a transfer funds from the customer’s account to your merchant account. Depending on the particular financial gateway and it’s configuration, this request, sometimes called a capture, may happen automatically or may require a settlement request from the merchant. Automatic settlements will usually occur in a batch during specific times of the day.


At any time but, especially during the holiday season, it is good practice to assign one person or group the responsibility of determining the validity of any order paid for on-line. While automatic fraud detection software is useful, it can provide false positive as well as false negative responses and should not be relied on exclusively. There is no good substitute to having a person that knows the business and the customers checking orders before shipment. Naturally, this assumes that the person doing the checking knows what to look out for.


There are some obvious signals to watch out for as well as some subtle indications of a bogus charge. The most obvious signal is a declined card. This may seem like a trivial item to mention but, depending on the order processing system in use, declined charges can slip through and become fulfilled orders. Always make sure the authorization was successful.

A good authorization is often indicated by the word “success” or the letter “G” being returned by the processing gateway. On certain gateways, a transaction authorization status may also be indicated by a three digit response code, 000 indicating a success; 001 indicating a failed authorization due to insufficient credit.

Nearly all card authorizations respond with an address verification (AVS) from the issuing bank. This is an important service for detecting fraud. Unfortunately it is only available from USA and some Canadian banks and will only verify leading digits in an address. IE: a street number can be verified but not the street name. Showing AVS return results should always be a part of any merchant’s card transaction utility. If address verification isn’t available, the merchant should look for an alternate service.

Address verification is returned usually as a letter code indicating the level of verifiable data. For instance a “Y” will indicate that the five digit zip code and the address given match the information on file for the given card. An “N” indicates that neither address or zip matches. There are other indicators, for instance, a “Z” indicates a match on the five digit zip only.

Using address verification requires some interpretation. A “Z” return may indicate a perfectly valid order where the customer has given a Post Office box number as their rightful card address. That is, some cards are now being issued to PO box addresses but the AVS system can only confirm leading digits in the address. Automated fraud detection systems that refuse an order when there is no “Y” address verification may be blocking perfectly legitimate orders.

Another signal that should trigger an alert is an order going to a previously used shipping address originating from a different person and/or a different credit card. The shipping address may be a temporary location for receiving deliveries or it may be a freight forwarder location. The chances are very good that the address will not verify.

Fleece lined boots to Florida is an unlikely order. The order may be perfectly legitimate but, should trigger an alert for a closer look.

If the same credit card number appears more than once in within a few hours or days, take a closer look at the order. If the address given is different from a previous address for the same card, the merchant can be pretty sure this is a fraudulent transaction. It also means that the first order was most likely bogus as well and probably did not get an address verification.

Actually there isn’t a “wrong” IP address. just one that isn’t very likely based on the information given. For instance, if the customer gives a Kansas location and an AOL e-mail address and the IP number lookup indicates a network in China or even a non AOL network, there is reason for suspicion.


Many uncertainties about an order can be resolved by a simple e-mail or telephone call to the customer. Of course the contact information may be to the fraudster who will naturally verify that this is a valid order. A few friendly questions, for instance, about how the customer plans to use or locate the product may help detect a fraud. In our own experience, valid customers are always grateful for our checking with them about charges to their credit card.

If communication fails to quell the alert, the merchant can use one of the reverse lookup services for checking the validity of given information.

A telephone number check of area code will confirm the state or region while the full number check will provide the person and address. You have your choice of telephone number lookup services at:

Search for an e-mail address given a person’s name at:

A reverse zip code lookup can be found at:

If you want a mind boggling array of choices for looking up people, places, e-mail, zips, etc., go to:

ImagineNation provides a multiple register IP number lookup service for merchants at:

Remember, IP numbers usually won’t identify a person, just the network that they use to connect to the Internet. The above are free services so expect a fair number of pop up ads with some of them.

Finally, if after an alert signal, customer information checks out OK, the merchant can be reasonably assured that the order is valid. If confirmation or information doesn’t validate, don’t ship or ship at your own risk!

This is where manual settlement (capturing the charge as a subsequent process to authorization) is an excellent utility for the merchant to avoid making wrongfull charges to a credit card. If the order is obviously bogus, even though the card charge was authorized, no further action is required. The monies won’t be transferred and the merchant doesn’t ship the order. If the order checks out, the merchant settles the card authorization and ships the order.

IAMS merchants at ImagineNation will be familiar with this capability. Even though they do not themselves settle transactions, they can withhold an authorization from settlement by voiding the order or by not entering a shipping date.

Don’t forget to ship using some means of delivery confirmation and have a successful holiday selling season.

Mel Davey is the creator of ImagineNation (, a full service E-Commerce Application Service Provider, offering Storefronts, Order Management Utilities, and 3rd party credit card processing.