Similar scenario, but this time I am an actual owner of that Canadian credit card, but I'm using Tor (or VPN) with an exit in Romania.
Can you elaborate how your 200+ variables will be able to block first and allow second purchase?
But the genuine holder is probably going to be blocked when they start throwing flags like that, and that's probably just standard everywhere with any type of automated fraud protection.
In both cases the vast majority of their 200 variables will look the same. The only differences will be in the IP and latency data and, possibly, the time zone/locale information if a fraudster is not being careful.
Point being is that differentiating these two cases comes down to analyzing just few bits of data, so I'm not sure why they are using "200 points" as a selling point.
I also wouldn't expect them to detail all their fraud prevention techniques in a public forum.
IMO this is a really interesting idea! Since they are also the payment processor, they have access to more data for fraud prevention, so much so that fraud "insurance" is basically baked into the rate.
Increased efficiency through data analysis, and they are passing the savings on to yoooouuuu!
This could be a paradigm shift. Very cool. The docs look good, AND it works in Canada!?! Thank you! Canada is rarely a priority for US fintec companies. Even amazon DevPay doesn't work here last i checked. Sign me up!
We'd factor this in, and it may be negative, but if the other 198 variables match up, you'll be in good shape with Bolt given your purchase behavior, on-page event patters, order details, and many other factors that are much better predictors of fraud than VPN/Country/etc.
With what exactly? 198 variables will be the same between two cases I described.
The follow up question is what your false-positive rates are. As I said in another reply - there is a set of simple and common cases when both fraud and legit purchases look the same, so by having a zero fraud rate you will be driving the false-positive rate up - and that is bad. People won't be able to pay even though they are already with a wallet in hand.
This in turn means that merchants will need to implement a fallback option to cover this risk... which is going to be PayPal, probably.
All of this is why Stripe Radar implements _provisional_ blocking. They let purchases through, but flag them for a human review. I am going to make a bold prediction and say that you will converge to the same approach sooner rather later. There's no magic recipe.
At the bottom of https://bolt.com/fraud
"MACHINE POWERED, HUMAN REVIEWED"
"Everything we do at Bolt is tailored to maximize your order approval rates. Purely algorithmic systems falsely reject good customers. Every suspicious order goes through an extra layer of human review to ensure the best results."
A Bolt employee already replied[1] with a section about false positives vs. false negatives.
I can't imagine any legitimate financial industry company cares much about supporting Tor users. If your financial accounts are based in Canada but your IP traffic appears to be coming from Romania (whether through Tor or VPN or other similar reasons), you probably are much more likely to be involved in fraud from their perspective.
If you have Canadian accounts and are travelling in Romania, that's a different story.
