Challenges and Opportunities
The Paypers has invited various thought leaders to share their views on 2017 predictions regarding security threats and fraud management solutions
Monica Eaton-Cardone, Global Risk Technologies: Criminal fraud, in the form of unauthorised transactions, will remain an ever-present threat
Criminal fraud, in the form of unauthorised transactions, will remain an ever-present threat. Fortunately, though, technologies have made it easier to mitigate this type of fraud. The threat will continue, but it is a manageable concern. Conversely, another type of fraud continues to go unmitigated. Friendly fraud, which is unwarranted or illegitimate chargebacks, is growing at an alarming rate—as much as 50% annually in certain regions and industries. To date, this threat has remained relatively unmitigated.
Fortunately, we are identifying new techniques that are proven effective at preventing illegitimate chargebacks and recovering unnecessary revenue loss. First, merchants need to identify the cause of each chargeback. Identifying the source of a problem is the only way to effectively mitigate it—otherwise, solutions merely address the symptoms. Technologies like Chargebacks911’s Intelligent Source Detection make this possible. Second, once merchants have identified the chargeback sources, they need to dispute known cases of friendly fraud. Disputing illegitimate chargebacks effectively challenges faulty consumer behaviours.
Lastly, the industry needs standardisation and compliance. Programmes piloted by schemes to address these concerns are apt to provide good feedback. Without more attention on identifying the underlying source of this growing problem, consumer expectations will threaten sustainable growth industry-wide.
Jason Tan, Sift Science: Stolen identities or accounts are attractive to fraudsters because they offer a richer form of data than simple payment details
While companies are making strides in fighting payment fraud, there are still some worrying gaps when it comes to combating the new frontier of fraud, account takeover (ATO). Nearly half (48%) of respondents to the Sift Science Fraud-Fighting Trends 2017 survey reported that they saw a rise in ATO last year. And with large-scale data breaches showing no sign of slowing down, there should be plenty of fodder floating around on the dark web for criminals to use in their attacks.
Stolen identities or accounts are attractive to fraudsters because they offer a richer form of data than simple payment details. Non-payment data like login information, birth dates, social security numbers, and security questions can be used to create more accounts, make purchases, or even sign up for new credit cards.
From the standpoint of a merchant or financial institution, ATO is particularly concerning since these fraudsters may take the guise of some of your most trusted customers. However, machine learning and behavioral analysis can help unearth the subtle nuances that separate a real, valuable user from an imposter – so you can stay ahead of the game.
Luke Reynolds, Featurespace: It’s time to embrace machine learning to identify new fraud attacks as they occur while protecting your customers and revenue
Do not treat your customers like criminals. That is the big differentiator for banks and payment processors that want to get ahead. Criminals are advancing faster than existing fraud systems can cope with. Machine learning and advanced anomaly detection are the answer to preventing new fraud attacks, while accepting ‘good’ business from genuine customers.
One type of fraud attack increasing within financial services is Authorisation Stream attacks, where criminals manipulate the standard authorisation message, impacting payment processors upstream of where fraud systems usually spot an attack at transaction stage.
Social Engineering attacks on the elderly and vulnerable are also an increasing threat – where genuine banking customers are manipulated via phone by a criminal impersonating the bank.
Financial Services organisations are typically already capturing data needed to protect customers from these attacks. However, to do so, organisations need to be identifying anomalies accurately and efficiently at the level of accounts, merchants, cardholders and locations.
The good news? Machine learning systems – which use adaptive behavioural analytics to monitor individuals in real-time and detect anomalies – enable organisations to understand behaviour across their customer base. It’s time to embrace machine learning to identify new fraud attacks as they occur, while protecting your customers and revenue.
John Karantzis, iSignthis: The convergence of 4AMLD and PSD2 can lead to proactive solutions that mitigate fraud
Are companies ready for even more sophisticated fraud attacks? Unfortunately, it appears not, as card fraud has continued to rise around the world, with fraudsters becoming more sophisticated and harder to catch than ever.
In 2015, we saw more than USD 16.31 bln lost to card fraud globally, with a significant proportion of this being within SEPA. Whilst more and more predictive or risk-based solutions are released to the market each year to protect businesses from fraud, the fraud statistics are not decreasing.
Clearly, relying on risk-based assessment or predictive systems such as ReD, Kount, Cybersource, are proving to be less and less effective, and often lead to false positives or false negatives.
In response, regulators have introduced the Payment Services Directive 2 (PSD2), which incorporates a requirement for ‘Strong Customer Authentication’ (SCA) for every payment transaction. SCA however, relies upon Knowing Your Customer, which for transactions originating outside of SEPA can be extremely challenging. The strengthening of the transparency rules regarding identity has been introduced to tackle terrorism financing, tax avoidance and money laundering, which in turn will also address the adjacent issue of card not present (CNP) fraud. The convergence of 4AMLD and PSD2 can lead to proactive solutions that mitigate fraud, which in turn increases merchant’s confidence to pursue exporting and revenues from outside the SEPA.
The iSignthis Paydentity solution adds a layer of proactive defence for merchants against sophisticated CNP attacks, in addition to providing a basis for compliance for the 4AMLD and PSD2.
Additional resources for business accounting tips are available here