Velocity Checking: Explained in GladstonePay

When do Velocity Rules come into play?

A fraudster who submits an unauthorised transaction isn’t typically the same person who stole a cardholder’s information. Instead, fraudsters usually buy stolen cardholder information in bulk from hackers.

Many of the card numbers that fraudsters buy will be invalid. Knowing this, they typically “test” the cards by trying to run repeated transactions. They can do this by purchasing a legitimate product or service for a few pounds whilst capturing the URL of your payment gateway. This gives access to a link where they can automate millions of test payments bypassing the full check-out process.  If the transaction is declined, they know the card information is invalid; if it’s accepted, then they have a finite window of time in which to use the stolen information before the cardholder discovers the abuse.

If a fraudster uses your payment gateway to test cards, or to run transactions using a working card, you’re the one who ends up footing the bill. You can face chargebacks once the cardholders discover the fraud, and may be responsible for the resulting fees, lost revenue, and additional costs.

This is where velocity checks come in.

You can adjust the Velocity Checking Rules within your GladstonePay console as part of your regular checks and reviews, you might want to check the number of times your VC rule/s has/have been triggered and consider adjusting up or down as appropriate.

Things to bear in mind, make the rule too tight and you will see an increase of declined transactions, make them too loose and you become more vulnerable.

Velocity checks are designed to scan the information submitted with each transaction and flag repeated submissions of the same information in a designated time period. This allows you to segment out suspicious transactions, identifying cases in which a fraudster might be engaged in card testing, or trying to run multiple transactions with a valid card number.

There isn’t a clear standard for all merchants across the board that can determine whether the activity should be flagged and reviewed manually for potential fraud. Instead, you should adapt the tool to flag transactions based on what makes sense for your centre.

Things to consider..

Is it common for a customer to complete several transactions within a 24-hour time frame? What about for the same customer to buy the same item several times? Do you often see multiple transactions using the same address, but different payment methods?

You can't stop these attempts, just defend against them. Velocity Rules and setting the appropriate parameters will form a part of your overall fraud strategy.

In addition to velocity rules, GladstonePay also includes the 'reCapture' process - this adds a step to the user's payment journey whereby the user is presented with a 'picture or phrase' before submission of their payment. Bear in mind, this does add an extra step of complexity for 'speedy check-out' for legitimate purchases.

To learn how to adjust your velocity rules or turn on 'reCapture' in GladstonePay review the knowledge article below. You will need to log into the Gladstone Portal to access the article.

Or simply search 'velocity' on the front page of the portal to find the article.