My company (Sift Science) helps sites fight credit card fraud. We work with a few large ($100m+ revenue) marketplaces, and here are some things I've learned.
First off, strictly speaking, this is most likely to be a stolen credit card (i.e., fraud) rather than money laundering. You do NOT benefit from fraud, because when the cardholder notices the charges, they'll call up their bank and issue a chargeback. The $488.15 in your account will actually be removed and given back to the original cardholders. In addition, each fraudulent charge carries a $15-$25 fee, which you're liable for.
https://www.balancedpayments.com/docs/testing#chargebacks---...
What's worse, chargebacks can take 60-120 days to reach you, since there's delay at every step: the customer's bank, the credit card networks, your payment gateway, and the acquiring bank (your bank). Unfortunately, that means you won't know how much fraud you have today until February (!). It's a broken system, but that's how all the major card networks work, so it's something that everybody who sells online has to deal with.
If your fraud rate is higher than about 2% for two months in a six month period, Visa and Mastercard reserve the right to block payments entirely to your (or Balanced's) account unless you prove you can get the chargeback rate down. This is called an "excessive chargeback program."
In terms of heuristics, fraudsters adapt rapidly to whatever counter-measures you use. The half-life of a good heuristic is maybe a couple of months. The best approach is to evaluate hundreds of different signals, using a machine learning algorithm to constantly adapt to changing fraud patterns. My company is running a private beta of exactly this technology and we're happy to help: http://siftscience.com. Even if you don't use us, I can recommend other services or give you general pointers.
Hope that helps! Let me know if you have any questions: brandon@siftscience.com.
Thanks Brandon! Great info. If you see a way for Sift Science to add value to Gittip then I'm open to a proposal. Balanced won our business by stepping forward and contributing the integration themselves:
Do you have any data on what percentage of fraudulent charges get past your system. (i.e. of all fraudulent charges received how many does your system not catch) and what percentage of your fraudulent charge alerts are non-fraudulent? Just curious! I'm a co-founder of an eCommerce company and our average transaction is around $5,000 so this is pretty important to us and we already have some pretty strong systems in place, but I'm curious how well this more automatic approach works.
Good question. We measure these using "precision" (of the users that users Sift flags, which percentage are actually fraudsters?) and "recall" (what percentage of fraudsters on the site does Sift flag?). We can get 90% precision or 90% recall, although not currently both at the same time, and it's the customers choice as to which to optimize for. We can just adjust a threshold to tune our system to their needs.
Companies that have high transaction amounts often use the machine learning system to detect likely fraudsters, but then have a human review each one and make the final decision to approve/deny. We have a visualization "widget" that shows the reviewers which signals made a particular user look suspicious. The advantage of using machine learning is then that you: a) catch fraudsters you wouldn't have noticed otherwise, b) don't have to review every single transaction, just the subset that are most suspicious, c) make it faster for your staff to review transactions since the visualization tools will help point them at what to look at.
First off, strictly speaking, this is most likely to be a stolen credit card (i.e., fraud) rather than money laundering. You do NOT benefit from fraud, because when the cardholder notices the charges, they'll call up their bank and issue a chargeback. The $488.15 in your account will actually be removed and given back to the original cardholders. In addition, each fraudulent charge carries a $15-$25 fee, which you're liable for. https://www.balancedpayments.com/docs/testing#chargebacks---...
What's worse, chargebacks can take 60-120 days to reach you, since there's delay at every step: the customer's bank, the credit card networks, your payment gateway, and the acquiring bank (your bank). Unfortunately, that means you won't know how much fraud you have today until February (!). It's a broken system, but that's how all the major card networks work, so it's something that everybody who sells online has to deal with.
If your fraud rate is higher than about 2% for two months in a six month period, Visa and Mastercard reserve the right to block payments entirely to your (or Balanced's) account unless you prove you can get the chargeback rate down. This is called an "excessive chargeback program."
In terms of heuristics, fraudsters adapt rapidly to whatever counter-measures you use. The half-life of a good heuristic is maybe a couple of months. The best approach is to evaluate hundreds of different signals, using a machine learning algorithm to constantly adapt to changing fraud patterns. My company is running a private beta of exactly this technology and we're happy to help: http://siftscience.com. Even if you don't use us, I can recommend other services or give you general pointers.
Hope that helps! Let me know if you have any questions: brandon@siftscience.com.