Fraud Protection

We are committed to protecting all of our partners against fraud with security’s best practices that detects, analyses and prevents any suspicious transactions that inevitably come along. Every card that is processed through our system enters multiple levels of security measures that work in conjunction including pre-authorization, tokenization, IP geolocation and behaviour analysis.

IP Geolocation

Omise’s resourceful IP Geolocation technology identifies the geographic location of a device from which an online order is placed. It attempts to determine the real-world location from country level down to the city area and comparing that data with the result of each card to assess its fraud risk.

Behaviour Analysis

Omise adds another layer of protection that leverages the identification of fraudulent transactions. We deploy real-time machine learning models which uses behavioral analytics to monitor transactions and detect anomalous activities or identify hidden behaviour to proactively stop fraudulent charges before they actually occur.

Tokenization

The process safely stores and exchanges sensitive credit card data from one party to another in the form of a randomly selected value which is created for one-time use. Every card processed with us goes through tokenization.

Here’s how it works:

Token overview

How tokenization benefits merchants

Whether executing one-time checkouts or processing recurring payments, tokenization reduces your business’s liability by not having to worry about securing sensitive data, while at the same time retaining essential card information without compromising its security.

How tokenization benefits cardholders

As credentials are never disclosed, cardholders can rest assured that even if their mobile device were lost or stolen or if there happens to be a breach only the tokens would be compromised. And unless it is the cardholder’s consent, these tokens are generated for one-time use and is valid for one particular merchant only.

3-D Secure

3-D Secure adds another level of protection to both merchants and cardholders. With the service enabled, chances of fraud is reduced significantly as each transaction is authenticated with a second factor authentication provided by the card issuing bank (OTP or SMS token).

3-D Secure Authentication user view

3-D Secure is advantageous for merchants offering the following services:

  • Flight tickets
  • Mobile topup
  • Game money, digital money, prepaid cards
  • Digital goods such as music, movies and software
  • Any online content where fraud and chargebacks occur frequently

When to consider enabling 3-D Secure?

  • Business has lost many chargebacks and is unable to provide proof of delivery
  • Experienced many cases of fraud
  • Business does not require recurring payment, and would like to have more protection against fraud

The only disadvantage of enabling 3-D Secure is that cardholders will be redirected to a bank page for every purchase. Thus, merchants will not be able to do automatic/recurring payments. However, the Customer API can be used so that cardholders do not have to re-enter their card details in every time. All they’ve got to do is authenticate with 3-D Secure whenever payment is made.

3-D Secure Redirection Flow

Learn more on how to implement 3-D Secure.

You can easily identify charges that are blocked by our fraud system on the dashboard, the status will be marked failed fraud check.

Friendly Fraud

A friendly fraud or also known as chargeback fraud occurs when the cardholder takes advantage of the chargeback process to secure a refund. Generally, what happens is that the customer makes an online purchase, and once the goods or service has been delivered they deliberately request a chargeback from the issuing bank instead of contacting the merchant for a refund.

Why does friendly fraud occur?

  • Intention to get something free
  • Cardholder experiencing buyer’s remorse!
  • Someone else in the family made the purchase and the cardholder did not want to honour the charge in the first place
  • The cardholder didn’t recognize or forgot about the purchase
  • The cardholder is not qualified for a normal refund (ex. The cardholder may have exceeded the refund limit)

Although multiple tools are utilized to combine efforts in determining a transaction’s legitimacy and help minimize fraud losses, technology is not everything. We believe people have a huge contribution to make to preventing fraud too. Our fraud team is trained extensively to be able to spot the first signs of attacks. We also ask you to let us know if you believe a charge may be fraudulent so that we can use that information to help improve our system.

Related articles:
How do I react to a fraudulent charge?
Security Overview