Fraud Toolkit: Repeat Purchase Limits

This interface provides a way to set a limit on the number of times a scenario can occur in a designated cycle of time.  For most of the options, the rule structure is:

If [number] of [scenario occurrence] > [allowed occurrences] per [amount] of [time measures], do not allow [scenario occurrence]


Max Declines

An eBook vendor is seeing a high volume of purchase attempts on a variety of credit card numbers.  Many of them are declined, and while the customer information is different with each attempt, it looks suspicious.  Names such as "Joe Texas," "Danny Pencil," and "Francis Nunyer" have been used.

The merchant's fraud team has noticed is that there are many attempts with a number of cards until a purchase is successful. After a successful purchase new attempts are made from a new IP address, once again with a variety of information, until a purchase is successful.

Figuring that the suspicious attempts must be via proxy, and the card data is from some large list of numbers that is being tried over and over, the merchant chooses to apply rules around proxy servers.



Max Purchases

A merchant has a Pay Per View business model where customers can purchase and stream full length movies. Most customers purchase one rental in a day; in some rare exceptions as many as four or five have been purchased in a day by regular customers.

The merchant's fraud team recently discovered trend of many purchases of one day for the same card.  Eventually the card is declined, but then then a new card number is used, with new customer data, purchasing more products than could be viewed in a day. These all came from the same IP address.

Figuring that not only are the streaming movies being downloaded and kept, but the cards numbers used are likely stolen, the merchant reverses the charges and configures some Max Purchase rules:




A merchant with a website where customers purchase access per minute is having a chargeback problem. They have determined there is a trend of buyer's remorse among customers spending more than about $1100.00 a month. 

Because the site is selling non-tangible goods, the chargebacks have difficult to challenge.  A couple of customers have claimed that other members of the household used their cards without permission, and there is some evidence that this may be true because for some purchases (but not all) a different email address was used with the same card information.

Deciding that it's better to keep the merchant account safe from chargebacks than to risk the account for more purchases, he merchant applies a maximum of $1000.00 for card number and email address. The merchant chooses to set the maximum amount for billing address a little higher to accommodate for the unlikely event that there actually are two members of the same household using the site.


Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Article is closed for comments.