What is Velocity Checks?

What Are Velocity Checks?

Velocity checks are fraud detection rules that monitor how frequently certain actions happen within a defined time period. In the payments world, this typically means tracking how many transactions are attempted using the same card number, from the same IP address, by the same customer account, or from the same device within a set window -- and flagging or blocking activity that exceeds normal thresholds.

The logic behind velocity checks is simple and intuitive. Legitimate customers do not usually try to make ten purchases in two minutes. They do not typically use five different cards in rapid succession. And they rarely attempt the same transaction over and over after it has been declined. When these patterns appear, they almost always indicate either card testing, fraud, or a technical problem -- and in any case, they need attention.

How Velocity Checks Work

A velocity check works by counting events over a defined time window and comparing the count to a threshold. When the threshold is exceeded, the system takes a predefined action -- this might be blocking the transaction, flagging it for manual review, or requiring additional authentication.

Here are some common velocity checks used in payment processing:

Transaction Frequency by Card

This tracks how many times the same card number is used within a given period. A rule might say: "If the same card number is used more than three times within ten minutes, block subsequent transactions and flag the card." This catches card testing, where criminals rapidly test stolen card numbers, and also catches fraudsters making multiple purchases with a stolen card before the legitimate cardholder notices.

Decline Rate Monitoring

This monitors how many declined transactions originate from the same source (IP address, device, or account). A high decline rate is a strong indicator of card testing, because legitimate customers do not normally submit a string of invalid card numbers. A rule might say: "If more than five transactions from the same IP address are declined within fifteen minutes, block all further transactions from that IP."

Amount Velocity

This tracks the total value of transactions from a single card or account within a time window. Even if each individual transaction looks reasonable, a large total over a short period could indicate fraud. For example: "If total transactions on a single card exceed two thousand pounds within one hour, flag for review."

New Card Velocity

This watches for a single account adding and using multiple new payment cards in a short period. Legitimate customers rarely add three new cards to their account in one day. When this happens, it often means a fraudster has gained access to the account and is testing which stolen cards work.

Why Velocity Checks Matter

Velocity checks are one of the most straightforward and effective fraud prevention tools available. They require no complex machine learning or behavioural analysis -- just clear rules about what constitutes normal versus suspicious activity. This makes them easy to implement, easy to understand, and easy to tune.

Their primary value lies in catching automated fraud at scale. Card testing bots, credential stuffing attacks, and automated purchasing fraud all produce activity patterns that velocity checks are specifically designed to detect. Without velocity checks, a fraudster can test thousands of stolen card numbers against your payment system in minutes, incurring processing fees and chargebacks on every successful test.

Velocity checks also protect the customer experience. By stopping suspicious activity early, you prevent legitimate cardholders from discovering fraudulent charges on their statements and having to go through the chargeback process. This reduces customer complaints, protects your chargeback ratio, and maintains trust.

Velocity Checks in Telephone Payments

While velocity checks are most commonly discussed in the context of online payments, they are equally important in the telephone payment environment. The patterns may look slightly different, but the underlying principle is the same: unusual frequency of activity is a warning sign.

In a contact centre setting, velocity checks might monitor:

• Multiple payment attempts from the same caller -- if a caller provides several different card numbers in succession, this could indicate a fraudster testing stolen cards through the phone channel
• Repeated calls from the same number -- frequent calls to the payment line, especially if they involve different names or accounts, may indicate organised fraud
• Multiple small transactions -- a pattern of low-value transactions over a short period, especially on different cards, is a classic card testing indicator
• High-value transactions on new accounts -- a first-time caller placing a large order could be legitimate, but combined with other risk factors, it warrants additional verification

For businesses using automated telephone payment systems (such as IVR-based payments), velocity checks can be applied programmatically, just as they would be for online transactions. For agent-assisted payments, the velocity check logic can be built into the payment processing system that the agent uses, flagging suspicious patterns on screen so the agent can take appropriate action.

Setting the Right Thresholds

One of the biggest challenges with velocity checks is setting thresholds that catch fraud without blocking legitimate customers. Too strict, and you will decline good transactions and frustrate real customers. Too lenient, and the fraudsters will slip through.

The right thresholds depend on your business. A company that processes thousands of small transactions daily (like a fast-food chain) will have very different normal patterns compared to a luxury retailer processing a few high-value orders per day. Start by analysing your historical transaction data to understand what "normal" looks like for your business, then set your initial thresholds conservatively and adjust based on results.

Some practical guidelines:

• Review and adjust your velocity rules regularly -- fraud patterns change, and your rules need to keep up
• Use different thresholds for different risk levels -- a regular customer with a long purchase history might have higher thresholds than a brand-new account
• Combine velocity checks with other fraud prevention tools -- a single transaction that passes velocity checks might still be caught by AVS, CVV verification, or risk scoring
• Monitor false positive rates -- if your velocity checks are declining a significant number of legitimate transactions, your thresholds are too tight
• Have a clear process for customers who trigger velocity checks legitimately -- for example, someone making multiple genuine purchases for a business should have a way to contact you and get unblocked

Velocity Checks as Part of a Layered Strategy

Velocity checks work best as part of a thorough fraud prevention strategy rather than as a standalone measure. A sophisticated fraudster who knows you use velocity checks can adapt -- making transactions slowly enough to stay under your thresholds, or spreading activity across multiple IP addresses or devices.

By combining velocity checks with address verification, CVV checks, device fingerprinting, risk scoring, and authentication measures like 3D Secure, you create multiple barriers that a fraudster must overcome simultaneously. This layered approach is far more effective than any single tool, and it allows each layer to compensate for the limitations of the others.