The new rule is:
- Transaction outside normal hours (e.g. 95% of transactions - for the merchant in question - take place during business hours, but this transaction is taking place at midnight, on a Saturday)
- High dollar amount - the highest potential dollar amount for the merchant in question
- Email address is hotmail, gmail, yahoo or some other free service, despite the fact that the merchant is doing B2B transactions only
- IP address, email, address and phone number do not match (e.g. IP address in Texas, email provider in UK, phone number is bogus - however the credit card might be genuine)
- When contacted about the transaction (by phone or email), fraudster does not reply
- Purchase is about getting private data (e.g. resume contact information)
Note: each of the above triggers does not mean that the transaction is fraudulent; it is the simultaneous occurrence of all the above triggers that should generate a very strong red flag.