topic Re: CIM and fraud detection in Integration and Testing

CIM and fraud detection

CharlieDev — Wed, 25 Feb 2015 18:01:44 GMT

In the past few months, we have seen a much higher rate of decline for our clients using CIM processing transactions. Generally there is not any particular message from the Card Issuer for the decline. However, I think the card issuers are looking at the transaction as potentially fraudulant.

Here is why I think this is happening: When we save the CIM profile, we use the default setting for VerificationMode (live) which, in order to confirm that the credit card is valid, puts through a .01 transaction and then voids it. Once the CIM profile is saved, we follow up shortly after with a large transaction (say a 700 membership dues). This pattern (small amount then large amount) is a known pattern for credit card theives (e.g., verify the card is valid, then sell the credit card at a premium). Therefore some (it is so inconsistent) issuers are decling charges that would have gone through say before the giant credit card hacks that recently occured.

Is there any validity to this theory? We are updating our CIM interface that clients use to allow clients to use testmode (which validates the card numbers but not the validity of the card) in hopes of decreasing declines.

Also, does anyone know if saving a CIM profile using the CVV code option helps at all with credit card issuers? E.g., does authorize.net somehow relay this information (that the credit card was saved with a CVV code for validation) to the card issuer?

Thoughts are appreciated. Thanks.

Re: CIM and fraud detection

Joy — Wed, 25 Feb 2015 23:32:29 GMT

Hi CharlieDev,

Unfortunately, we don't really get any more information about why a transaction is declined then you do. I really can't say if there is any merit to your guess that the $0.01 transactions could be causing a problem. I can tell you that we actually use "AVS only" transactions for many of the most common card type and processor combination instead of $0.01 transactions. These are for $0 and presumably wouldn't cause any kind of fraud check that you are describing.

In regards to your question about CVV, there is no signal that we send indicating that the CVV has been previously verified. The closest thing to this is the optional "recurringBilling" flag that you can set in the API. We pass this through to your processor essentially as an indication that this is a returning customer.

Thanks,

Joy

Re: CIM and fraud detection

CharlieDev — Thu, 26 Feb 2015 15:00:03 GMT

Thanks for the response Joy. The higher rate of declines for CIM transactions the last few months has been a thorn - trying to figure out a solution (our clients are established and reputable assocations - so it's not like the vendor itself is viewed as risky).

Is Authorize.net planning ot add another verification mode betweew test mode and livemode that would do a 0.00 AVS transaction? This would seem to be a good compromise and based upon your reply it is a common method for Authorize?

Re: CIM and fraud detection

RichardH — Thu, 26 Feb 2015 15:23:50 GMT

Hello @CharlieDev

I would also suggest contacting your merchant service provider if you haven't already and discuss your increased decline challenge. They can provide much more detail on specific transactions.

Richard