How to deal with fraud beyond account bans and manual review?

‍Background
It starts with a sudden spike in transaction disputes as customers claim they never placed orders through your app. Is this friendly fraud, or something more sinister? Your investigation reveals a disturbing pattern. Dozens of different user accounts are making purchases with the same stolen credit cards, none belonging to the actual account holders. The picture becomes clear: fraudsters have exploited a vulnerability in your checkout system, launching a coordinated attack using compromised payment methods at scale. Your response is immediate but blunt - block suspicious transactions. Unfortunately, legitimate customers get caught in the crossfire, their valid purchases declined along with the fraudulent ones. If this scenario sounds familiar, keep reading.

What makes fraudulent use of cards a lucrative business?
Credit card numbers are often stolen through skimming devices attached to gas pumps, ATMs, and POS terminals, which capture data from magnetic stripes. Large scale data breaches, phishing attacks, and social engineering schemes also play a major role in leaking card information. Once compromised, these card details are sold on underground marketplaces such as the dark web (ex. Alphabay) or even social platforms like Telegram. Fraud rings purchase these packages, typically containing the 16-digit card number, expiration date, cardholder name, and CVV in exchange for cryptocurrency for anonymity. Armed with these full card profiles, fraudsters can make high-value purchases (like electronics) from e-commerce sites, create and resell accounts loaded with recurring memberships, or even resell the exploitation method itself to other groups. This not only scales the fraud but also fuels profit-driven networks, creating systemic leaks across major online marketplaces.
How do fraudsters bypass protections?
Fraudsters often evade advanced fraud systems by spoofing IP addresses and resetting device identifiers, enabling them to use stolen credit cards undetected. Risk models may flag them, but many still slip through by passing basic checks like CVV or ZIP code verification methods that have consistently proven too weak against sophisticated attacks.

That’s why platforms need to be adaptive, similar to the next-generation solutions like Dyneti. Powered by AI, Dyneti’s card scanning technology instantly identifies and blocks these complex threats. The Dyscan solution not only stops fraud in real time but also prevents repeat attacks, creating a safer and more seamless customer experience

‍

Case study : How did Doordash catch these fraudsters? 

As transaction volume on DoorDash surged, a significant segment of users fell into a gray area. They exhibited suspicious behavior but not enough to justify blocking them, which would have negatively impacted legitimate transactions. However, this ambiguous user group was responsible for a substantial portion of chargebacks. The solution required implementing fraud prevention measures with lower friction than outright bans to effectively manage this cohort.

Frictions at Doordash are deployed at different levels of risk, with backup safeguards in place to ensure that legitimate consumers can still complete their transactions while fraudsters are stopped in their tracks. DoorDash’s friction stack includes:

• 3D Secure (3DS): For eligible cards, transactions are routed to the issuer’s authentication page, where consumers validate their identity, often through multifactor authentication. Since only major issuers support 3DS, having a reliable backup method for card authentication is critical.
• Dyneti’s Card Scan: An AI-powered solution that prompts risky users to scan their card in real time. The system instantly detects whether the card is genuine or a fake (including embossed or AI-generated counterfeits), blocking fraudulent transactions within seconds. 
• Tap-to-Verify: A pioneering feature that lets users tap their physical card on their phone to verify authenticity directly with the issuing bank.
• Manual Account Verification: For the highest risk cases, accounts are temporarily paused, anywhere from a few minutes to a few hours while human reviewers manually validate account details before reactivation.

This multi-layered approach has allowed DoorDash to scale safely, always have a backup option for its consumers, minimizing fraud while ensuring legitimate customers are never locked out.

Why does card scanning stand out in DoorDash friction stack? 

‍

Card scanning is one of the most accessible and reliable ways to authenticate payments. It works with virtually any card, requires almost no eligibility checks, and can be used by anyone with a phone or laptop camera. Built to verify 100% of payment cards, it stands out as one of the most trusted solutions in the fight against fraud. What makes scanning especially powerful is its versatility. It does more than block fraud, it also helps boost conversion at checkout. Moreover, the experience feels natural for customers since people already use their cameras to scan checks or upload IDs blending it into their everyday digital habits. The result is a secure yet low friction process that customers find intuitive and easy to use. 

For DoorDash, this balance has been key. Card scanning has allowed the platform to grow safely at scale, protecting against fraud while still keeping checkout easy and friction-free. Even when other authentication methods aren’t an option, scanning gives every customer a dependable way to verify their payments. 

‍

Images fake credit cards blocked by Dyneti’s card scanning solution

‍

‍