With two-thirds of businesses struggling to combat fraud, The Payments Association examines how data, artificial intelligence and verification tools can be used to mitigate the risks.
Almost two-thirds (64%) of global business leaders have found it increasingly difficult to combat fraud since the Coronavirus pandemic, according to research
conducted by Stripe. This is, in part, due to the creation of thousands of new e-commerce businesses, which in turn have provided ample opportunities for fraudsters.
Tactics used to carry out payment fraud have also become more sophisticated as technology has evolved. For example, there has been a growth in automated bot attacks – the method of choice for testing stolen identity credentials.
Fraudsters have taken advantage of customers move to remote banking during the pandemic. According to a report
by UK Finance, losses arising from internet banking fraud reached £111.8m in 2019. In 2020, that number increased by 43% to £159.7m in losses. As a result, companies are struggling to keep pace with the evolving online methods, volume and tools used by scammers.
Therefore, the “next evolution” in fraud management should focus on “richer data to inform fraud models”, says Will Megson, product lead for Stripe Radar. “The tools and technology to gather this information are available today, but they are often in siloed, disparate systems; businesses may have separate tools for identity verification and biometrics, for example.”
Leveraging data to consolidate information is a key step to making fraud management systems for effective. Colin Neil, UK managing director at Adyen, says: “Businesses that make use of in-built risk management systems will benefit from trend data from across the whole platform. This helps detect and mitigate fraud, as well as assisting in handling disputes and chargebacks.”
As fraudsters increasingly utilise data for their attacks, companies must do the same to combat scams. Card testing, a tool used by scammers to obtain long lists of stolen credit card data, has been a significant headache for companies.
Card testing enables fraudsters to make thousands of purchases over a very short time period to check if the cards are still active. The attacks can negatively impact businesses in a number of ways, including higher payment processing costs, failure risks, or immobilising their websites under heavy traffic.
Research conducted by Stripe illustrates that card testing has increased significantly, with 40% more businesses exposed to such attacks today compared to before the pandemic.
Artificial intelligence making fraud decisions
Machine learning, a subset of artificial intelligence, has emerged as a key tool to combat fraudulent transactions. It has the advantage of processing data at rapid speed and identifying suspicious patterns.
More advanced AI used in payment fraud management can take various data points and make contribution to decisions, explains Sunny Thakkar, head of global merchant fraud and exemptions products at FIS.
“Artificial machine learning is super important because with the amount of information we need to infer, a machine can make those decisions within milliseconds. Whereas humans write rules to try and keep up with the trends, the AI can automatically start to figure out these trends.”
For example, AI machine learning can triangulate data such as email address, IP address and physical address to see if there are any red flags in a given transaction.
“It makes us a lot more vigilant in terms of finding fraud that's more advanced and moving a lot more rapidly than we would with traditional fraud management,” adds Thakkar.
Mastercard has been using AI and behavioural technology solutions to assess data. This includes behaviour such as “how you hold your phone or how fast you type or swipe” says Ian Morris, director communications, C&I at Mastercard. “It acts in real time to detect when devices are compromised and acts quickly to prevent fraud.”
Identification and verification
Additional customer verification and two-factor authentication has also been one of the widely used solutions against payment fraud. Asking for customer information such as names and email addresses helps verify their legitimacy and gives a business more evidence in the case of a dispute.
Two-factor authentication adds another layer of security to a transaction, but applying it dynamically will help guard against unnecessary friction and lost revenue.
However, challenges remain in correctly identifying the cardholder. “It’s a constant arms race when it comes to both technology and strategy, with everyone looking to beat existing systems on their side,” says Gergo Varga, product evangelist at Seon. “Fraudsters are also increasingly sharing their methods and knowledge, as well as renting out their services: Fraud-as-a-Service is a reality today.”
Another fraud management tool used as part of customer verification is address verification service (AVS). However, this method can lead to a lot of legitimate transactions being blocked.
Additionally, “AVS really only works in three countries, which is the UK, the US and Canada”, claims Ed Whitehead, managing director EMEA at Signified.
“If you're using an AVS filter, and you're shopping for a Christmas gift to send to your brother who lives in France, suddenly that AVS filter is blocking a good order,” says Whitehead. He explains that companies should remove the reliance on rules-based data points and actually look at the transaction as a whole. Capturing large data points will allow companies to have supporting evidence to be able to assure a gateway (or an internal merchant) that this is a good transaction.
“It is all about the ability to process your data, understand that feedback loop automatically and iterate and improve the outcomes each time,” adds Whitehead.
While payment firms and banks can feel as if they are playing catch up to the tactics of fraudsters, the ability to accumulate data points and use them for effective decision making will level the playing field. Investing in verification tools, AI or machine learning might be seen as a significant upfront cost; however, it could potentially, save companies thousands of pounds – and more importantly, customer trust – in the future.