This filter scans for repeated transaction attempts from the same computer. The specified action is taken when the filter detects five or more transactions within three days (72 hours) coming from the same IP address.
When triggered, this filter performs the action specified only on the transaction that triggered the filter. This filter does not retroactively hold or reject the previous four transactions.
Review the Transaction Details report and click the IP Address Velocity link to view the previous four transactions.
In the risk management industry, velocity is a term that refers to the frequency in which an event occurs. Velocity could indicate that a fraudster is making repeated attacks on a system.
Fraudsters often make multiple purchases or attempts within a short time period in order to "crack the system." A fraudster may repeatedly attempt transactions through an automated script that tests unknown card numbers, or more simply the fraudster may attempt to make many small purchases through multiple stolen cards to bypass other existing filters.
When set to Review, the IP Address Velocity filter sets aside the transaction so you can review it more closely, as well as track the preceding four transactions. Even though these preceding transactions have already passed through the filters, you should still review them and take action on them as needed.
IP addresses do not always identify a unique computer or user. For example, an Internet Service Provider (ISP) may use a limited number of IP addresses for all of its users. To protect against "false positives," set up an IP Address Velocity Ignore List.