Fraud Protection

Topics covered on this page

We are committed to protecting all of our partners against fraud with security’s best practices that detect, analyze, and prevent any suspicious transactions that inevitably come along. Every card processed through our system enters multiple security measures that work in conjunction, including pre-authorization, tokenization, IP geolocation, and behavior analysis.

IP Geolocation

Omise’s resourceful IP Geolocation technology identifies the geographic location of a device from which an online order is placed. It attempts to determine the real-world location from the country level down to the city area and compares that data with the result of each card to assess its fraud risk.

Behaviour Analysis

Omise adds another layer of protection that leverages the identification of fraudulent transactions. We deploy real-time machine learning models that use behavioral analytics to monitor transactions and detect anomalous activities or identify hidden behavior proactively to stop fraudulent charges before they occur.

Tokenization

The process safely stores and exchanges sensitive credit card data from one party to another in the form of a randomly selected value created for one-time use. Every card processed with us goes through tokenization.

Here’s how it works:

Token overview

How tokenization benefits merchants

Whether running one-time checkouts or processing recurring payments, tokenization reduces your business’s liability by allowing you to not worry about securing sensitive data while retaining essential card information without compromising its security.

How tokenization benefits cardholders

As credentials are never disclosed, cardholders can rest assured that even if their mobile device were lost or stolen or if there was a breach, only the tokens would be compromised. Unless the cardholder gives consent, these tokens are generated for one-time use and are valid for one particular merchant only.

3-D Secure

3-D Secure adds another level of protection to merchants and cardholders. With the service enabled, the chances of fraud are reduced significantly, as each transaction is authenticated with a second-factor authentication provided by the card issuing bank (OTP or SMS token).

3-D Secure is mandatory for certain business types. Our fraud analysts will determine whether enabling the service on your account is necessary based on your business’s risk profile.

3-D Secure Authentication user view

3-D Secure is advantageous for merchants offering the following services:

  • Flight tickets
  • Mobile top-up
  • Game money, digital money, prepaid cards
  • Digital goods such as music, movies and software
  • Any online content where fraud and chargebacks occur frequently

When to consider enabling 3-D Secure?

  • Business has lost many chargebacks and is unable to provide proof of delivery
  • Experienced many cases of fraud
  • Business does not require recurring payment and would like to have more protection against fraud

The only disadvantage of enabling 3-D Secure is that cardholders will be redirected to a bank page for every purchase. Therefore, merchants will not be able to process automatic/recurring payments. However, the Customer API can be used so that cardholders do not have to re-enter their card details every time. All they’ve got to do is authenticate with 3-D Secure whenever a payment is made.

3-D Secure Redirection Flow

Learn more on how to implement 3-D Secure.

You can easily identify charges blocked by our fraud system on the dashboard; the status will be marked failed fraud check.

Friendly Fraud

Friendly fraud, also known as chargeback fraud, occurs when the cardholder takes advantage of the chargeback process to secure a refund. Generally, the customer makes an online purchase, and once the goods or service has been delivered, they deliberately request a chargeback from the issuing bank instead of contacting the merchant for a refund.

Why does friendly fraud occur?

  • Intention to get something free
  • Cardholder experiencing buyer’s remorse!
  • Someone else in the family made the purchase, and the cardholder did not want to honor the charge in the first place
  • The cardholder didn’t recognize or forgot about the purchase
  • The cardholder is not qualified for a standard refund (e.g., The cardholder may have exceeded the refund limit)

Although multiple tools combine efforts to determine a transaction’s legitimacy and help minimize fraud losses, technology is not everything. We believe people have a considerable contribution to make to prevent fraud. Our fraud team is trained extensively to spot the first signs of attacks. We also ask you to let us know if you believe a charge may be fraudulent so we can use that information to help improve our system.

Related articles:

Omise uses cookies to improve your overall site experience and collect information on your visits and browsing behavior. By continuing to browse our website, you agree to our Privacy Policy. Learn more