%%               N.I.A.                %%
                 %%     Network Information Access      %%
                 %%               01FEB90               %%
                 %%          Guardian Of Time           %%
                 %%               File #5               %%

:_Detecting Merchant Fraud
:_Typed In By: Guardian Of Time
:_"A Guide To Monitoring Credit Card Transactions"
:_Written By: Mastercard International

N.I.A, is Proud to Present A Guide To Monitoring Credit Card Transactions, this
file is a small comphrensive manual, on what SOME people look for in Credit
Card Fraud.

This is by NO MEANS to be used for Fraudulent Purposes, and since I know some
of you will, ( why should I deny it? ), you do it w/ out my aproval, meaning
that I am NOT responisble for any actions you do, this is for EDUCATIONAL


Merchant Fraud:  Everyone's Problem

A MasterCard merchant portfolio is a major source of revenue and profit for
many banks.  And it can be even more profitable if member banks combat oneof
the most serious drains on the entire system -- merchant fraud.

Industry fraud losses total more than $200 million per year.  Although most of
the direct cost is borne by issuing banks, acquiring bnks today face increased
liability, particularly in cases where fraud shouold have been detected.
What's more, the associated costs of fraud, in lost time and lost business, are
felt by all participating banks and ultimately, consumers.

But you can fight back.  There are basic and inexpensive ways to limit your
bank's exposure and make the system work better for everyone -- through
monitoring of merchant transactions.

This Guide outlines a series of early warning signals that will enable you to
spot fraud promptly and take the necessary responsive reaction.  Based on a
survey of MasterCard member banks, this Guide identifies the monitoring
procedures that have proved most effective in fighting fraud.  By selecting
those that best fit your circumstances, you can design a monitoring system that
works for you.  Note:  ( Those members utilizing third party processors should
request reports containing information suggested in this guidebook. )


The first step in detecting fraud is to understand how it occurs.  Here's a
sample of some of the most common forms:

Collusive Merchants

Thee merchants or their employees work actively w/ criminals, supplying account
numbers and other account information, or knowingly process transactions using
lost, stolen or white plastic cards.  These merchants are distinguished from
merchants who are honest victims of fraud on their premises but take no steops
to fight it.

Telemarketing Scams

"Boiler Room" phone sales operations offer travel packages, jewelry, vitamins
or other merchandise at prices that seem to good to be true - and are.  The
goal:  Lure consumers into divulging their card numbers and experation dates.
Consumers receive worthless merchandise, nothing at all; or find that their
accounts are charge repeatedly for a single purchase.  Not only is the consumer
cheated, but under some circumstances, the acquiring bank faceds liability as

White Plastic Schemes

Illegally obtained account numbers are embossed onto otherwise blank cards --
obvious fakes, which don't look like real MasterCard cards.  The phony card
transactions are then processed by a collusive merchant and submitted to the
member bank as genuine.


Laundering is a way for Fraudulent merchants to participate in MasterCard
activity w/out entering into a merchant agreement.  A merchant deposits the
fraudulent merchant's sales drafts in return for a cut of the face value of the
items.  All such third-party deposits are prohibited by the MasterCard Bylaws
and Rules.

New Merchant Bust-Out Schemes

A fake business is set up, often complete w/ stocked shelves to deceive bank
investigators.  W/in the first few days of operation, the new business makes
heavy deposits -- most or all of them fraudulently obtained account numbers,
representing nonexistent sales.  No merchandise actually changes hands.  The
operators collect from the bank, often by a series of wire transfers to other
accounts, and disappear.

Merchants Who Make Cash Advances to Themselves

Using his or her own MasterCard, a merchant or employee completes a sales slip,
submits it to the acquirer, but receives no merchandise or service.  Instead,
the merchant simply opens the register and takes out cash equal to the sales
slip total -- an instant loan.  ( The loan may or may not be repaid later,
through the proprietor's personal account ).

Otherwise honest merchants may resort to this practice when they experience
difficult times.  Often they have longstanding business and personal
relationships w/ their bankers -- which makes it especially difficult for the
banker to see or act on this type of fraud.

Electronic Data Capture Scams

These scams take advantage of the fact the EDC terminals allow card numbers to
be keyed in, or read electronically.  Merchants obtain account numbers
illegally, key enter the transsactions and collect the cash from their banks.

Fraud Busting: Exception Reporting

Fraudulent merchants usually leave tracks.  Their account activity often
deviates sharply from the norm for their type of business.  That's why an
initial investigation, before signing a merchant, is your first line of defense
in conjunction w/ a monitoring system that pinpoints exceptions to normal
business patterns.

While no screening system can take the place of your sound business judgement
in distinguishing dishonest from honest merchants, a well designed exceptin
reporting program can help you:

:_Track activities of new and established merchants
:_Spot suspicious activity that warrants closer scrutiny
:_Investigate cases of possible fraud
:_Prevent extensive losses

In the next few pages you will find detailed, practical suggestions for
designing your own exception reporting system.  No single system is best for
every bank.  It's up to you to choose the specific indicators that you will
use in distinguishing exceptional patters from the normal day-to-day ups and
downs of business.


Deposit records are a rich source of indicators that can signal fraudulent
activity on the part of a merchant.  You'll find a discussion of these
"red-flags" below, including a brief ratinale for each one.

There are three points to keep in mind as you adapt these indicators to your

1. It's not always necessary or practical to track all of the possible
   indicators.  They're suggestions from which to pick the ones that make the
   most sense for you.

2.  There are no magic numbers that automatically indicate questinable
    behavior on the part of a merchant.  For some, a $5,000 deposit would be
    exceptional; for others a $50,000 deposit would be routine.  For some, a 20%
    increase in deposit volume would be suspicious; for others, a 50% increase
    - for example during a peak season -- would be no cause for concern.
    That's why numerical cutoffs are left for you to determine. (See "Hints for
    Implementation" for thoughs on how to do it).

3.  Many "Red Flags" take the form of sudden changes in the volume, frequency,
    size or other aspects of a merchant's deposits.  To detect such changes,
    you will first need to gauge the merchant's normal activity by tracking the
    deposit history.

Here's an approach that can help you pinpoint meaningful departures from the

:_Use deposit data from a 90-day period, to average out shrot term
  fluctuations and establish a reliable baseline.

:_Use a rolling base period.  Update your figures on each merchant to reflect
  the most recent 90 days.  You'll automatically adjust for gradual growth or
  lulls in the merchant's business, and you may avoid false alarms.

:_For new merchants, use their expected deposit figures until you have
  collected actual deposit data for 90 days.

:_To Calculate...

  average deposit size, by dividing 90-day volume by total number of deposits
  average monthly deposit, by dividing 90-day volume by 3
  average weekly deposit, by dividing 90-day volume by 13
  average daily deposit, by dividing 90-day volume by the number of deposits
                         made by the merchant during that time period.
  average ticket size, by dividing 90-day volume by total number of

:_Add to each base figure an X% margin, to allow for normal variation. (X is a
  figure set by you and based on experience ).

:_Whenever a merchan't total deposit, ticket size, etc. exceeds that
merchant's base plus X, this should print on your reports as an exception, to
be investigated further.

This generic approach can be applied to many of the specific deposit
indicators that follow:

Indicator:  All deposits for newly signed merchants

Rationale:  Careful tracking of new merchants establishes a baseline for
            future comparisons.  In addition, an unusually high volume of early
            business may be a signal a "Bust-Out" Scheme.

Indicators:  Sudden Increases in ...
             Average Ticket Size
             Deposit volume ( daily, weekly or monthly )
             number of transactions per deposit
             frequency of deposits

Rationale:  Sudden jumps in volume, ticket size, etc.  Can be associated w/
            almost any type of fraud, since the objective is to w/draw as much
            money as possible, as quickley as possible.  Laundering, in
            particular, will raise this type of flag, when the "front" merchant
            adds third-part tickets to his own.

Indicator:  Diminishing deposit volume, ticket size, number of transactions
            per deposit or frequency of deposits

Rationale:  While not a fraud indicator per se, a sudden drop in business may
            signal impending financial problems, such as delinquent loans and
            eventual bankruptcy.

Indicator:  Deposits in which the same cardholder account number appears more
            than X Times

Rationale:  Multiple charges may indicate a stolen card or illegaly obtained
            account number.  These are typically put to heavy use right away,
            before they can be statused by the bank.  ( Again, it's up to you
            to determine what number of repeat charges in a single deposit
            constitutes grounds for suspicion).

Indicator:  Deposits in which the same dollar amount appears more than X times

Rationale:  Multiple transactions in the same amount sometimes point to a
            telemarketing scam.  Typically hig pressuer telemarketers sell the
            same product over and over in a short period of time.  Also, they
            often charge the same account several times for one item of

Indicator:  Deposits containing X% of transactions just below the MasterCard
            floor limit

Rationale:  Merchants processing stolen cards or illegally obtained account
            numbers will often use this approach to evade the authorization

Indicators:  Deposits containing transactions...

             on cardholder accounts statused by the bank
             on expired cards
             older than the presentation cycle allowed for the merchant
             deposits by blocked merchants

Rationale:  All such deposits show negligence on the part of a business or its
            employees, and may represent deliberate attempts to obtain
            illegitimate payments.


The key in monitoring authorizations is to set up a system that flags
exceptions daily.  If you act quickly enough you may even be able to block
fraudlent transactions before they are submitted into interchange.

Indicators:  All authorizations over x dollars

             more than x authorizations in one day on the same cardholder
             account number

             More than x authorizatoin attempts in one day on the same
             cardholder account

Rationale:  Very large authorizations or multiple authorizatins on the same
            account may signal an attempt to clean out an account before the
            cardholder realizaes that the card has been stolen or the number is
            being used fraudulently.

Indicator:  Repeated authorizations ( or attempts ) in the same dollar amount

Rationale:  Like repeated deposits in the same amount, repeated authorizations
            w/in a short period may point to possible fraud situations.

Indicator:  All transactions for which authorizatoin was required but not

Rationale:  Failure to secure authorization reflects procedures in need of
            correction.  Merchants who deliberately ignore the authorization
            requirement may be hiding the use of stolen cards or illegally
            obtained account numbers.

Indicator:  % of denied authorizations vs. attempts

Rationale:  When a large percentage of a merchant's authorization attempts are
            denied, the merchant may be testing the credit limits of stolen
            cards or illegally obtained account numbers.

Electronic Data Catpure

Some cards can't be read electronically because of damage to the magnetic
stripe.  This a certain proportion of keyed transactions is unavoidable.
Hoever, excess ue of the key option warrants further examination.

Indicator:  Percent of keyed transactons vs. swiped transactions

Rationale:  An unusually high proportion of keyed transactions vs. swiped
transactions may indicate that the merchant is using illegally obtained
account numbers.


Fraudulent trasactions often return as chargebacks.  Unfortunately, it's
extremely difficult to design a monitoring system that links current
chargebacks to trasnactions on the actual date of sale, which may be weeks or
months in the past.  As a second-hand alternative, many banks compare today's
chargebacks to today's sales.

Indicators:  More than X chargebacks in a specified period of time
             Value of Chargebacks exceeding X% of sales

Rationale:  A high number or large dollar volume of chargebacks may flag a
fraudulent merchant who has evaded other screens.

Hints For Implementation

Here are some hints to help you produce timely, informative reports that will
help your staff focus their efforts effectively:

1) Set the numerical parameters of your system at levels that are appropriate
   for both your merchant clientele and your staff.  If you set X too low,
   you'll generate large, cumbersome reports which your staff will never be
   able to follow up.  If you set X too high, you may overlook some suspicious
   cases.  To find the happy medium, experiment.

2) Compile data daily or weekly -- whichever best fits your staff capabilities
   and merchant portfolio.  There's no point in generating more reports than
   you can use.

3) Exclude key merchants, such as chains or high-volume stores, which could
   overload the system.

4) Use Merchant Category Codes to identify merchants whose business is subject
   to seasonal fluctuations.  By adjusting parameters for seasonality, you'll
   avoid many false alarms.

Your system can be as complex or as simple as your needs dictate.  You can
design it for a mainframe, or download pertinent data to a personal computer,
or create a system to run from a desktop.  The guiding prinicple:  Generate
the maximum amount of useful information that your stff can handle.

What To Do When You Suspect Fraud

To determine whether fraud has actually occurred...

:_Freeze Funds.
:_Retrieve sales drafts or all suspect transactions.
:_Validate all authorization codes
:_Conduct a merchant visit.
:_Contact issuing bank.

The integrity of the MasterCard System depends on your active participation in
the battle against merchant fraud.  W/ your help, fraud can be reduced.  It's
in your interest.

                    N.I.A. - Ignorance, There's No Excuse.
                  Founded By: Guardian Of Time/Judge Dredd.