Balanced is burying the lede on this, the final table of correlations between payment information signal failures and incidence of fraud is pretty fascinating.
The merchant doesn't know what name is on the cards. It's still virtually guaranteed fraud when one person presents more than 2 or 3 cards on your site in a short period.
In theory, everything can be evaded. In practice, it won't be. If you run your transactions through something like MaxMind MinFraud with Device ID, you will know it's the same person, even if they clear cookies, switch proxies and re-register on your store between every card. It costs half a penny per transaction; anyone can afford basic risk scoring.
Most of the time that kind of tech isn't even necessary. The types of criminals most online stores deal with are not sophisticated; they're just people that paid $1/number for a list of phished credit cards on a black market forum who are going to enter them one-by-one on a few websites to see which haven't been reported stolen yet.
(I wrote the post)
Thanks! There are certain aspects of fraud which can be open and will definitely help the community of anti-fraudsters. This was our way of contributing something back.
