Felix Eckhardt, CTO, and Piet Mahler, COO of the fraud prevention software firm Risk Ident, offers a multi-layered approach to staying ahead of the fraudsters.
Criminals go to great lengths to exploit vulnerabilities in payment systems, which means those charged with protecting merchants from fraud need to work even harder to keep them at bay. Tackling fraud can be akin to trying to hit a moving object – by the time you have taken action, the fraudster has already moved on to their next target. The solution lies in increasing the agility and speed of development in software engineering.
Innovation is crucial. Those attempting to defraud merchants and their customers are not limited by geographical or jurisdictional boundaries. They are persistent, increasingly sophisticated and once they find a vulnerability in a transaction process they will extract as much money as they can, as quickly as possible.
The key to combatting fraud is to match the fraudster’s ability to focus on finding weaknesses in merchant systems. One possible approach is to apply the Spotify model of development, which scales agile practices across the organisation. The music streaming platform found a way to avoid bottlenecks caused by dependencies between teams: by focusing on giving each team more autonomy.
Some of the world’s leading technology firms are also advocates of Objectives and Key Results (OKR), a leadership process for setting, communicating and monitoring goals and results that encourages developers to work together to reach specific targets by defining measurable results. Targets are defined based on the experience and knowledge of fraud experts, as well as regular, honest and unfiltered feedback from merchants on the challenges they are facing.
Regardless of the approach taken, it needs to be backed up by people with the skills and insight to identify and develop innovative solutions. Software engineers are natural problem-solvers, which means they are well placed to rise to the challenge posed by fraudsters who are constantly changing their point of attack and the techniques they use.
Anti-fraud technology must be be completely customer-centric. A quick time-to-market delivery ensures this approach is more effective – not only in markets that fraudsters target across e-commerce, telecoms and financial services, but also in new, emerging markets around the world.
The technology must also be able to distinguish between genuine and fraudulent transactions with a high degree of accuracy. False positives (where a retailer’s anti-fraud set-up incorrectly determines that a genuine purchase attempt is fraud) cost merchants millions in lost revenue each year and are a major source of frustration to consumers.
Various techniques can be employed to reduce false positive rates, such as identifying the device used to make the transaction, or analysing multiple data points. Few merchants have the resources to undertake this activity without external support, but by utilising the most-up-to-date AI technology to accurately detect anomalies across every transaction and channel, fraud managers can spot and block fraud attacks at the exact moment they occur.
Visualising the potential steps of the criminals is also useful. Fraudsters do not simply target one victim, succeed and retire, so merchants need to identify the fraudster’s process and beat them to it with a trusted, reliable defence.
If you are to understand and trace the actions of the perpetrator, you need to think like them: what is their goal, what is their skill-set, what is their mindset and what identifiers might they hide or accidentally leave behind? Fraud prevention is a technology arms race and this type of insight provides a crucial tactical advantage.
We are living in an increasingly digital world where our interactions with utility providers, banks and retailers are more likely to be online than face-to-face. We have also become more demanding, expecting the payment process to be smooth and easy, and for goods to be dispatched and delivered in double-quick time.
This creates considerable challenges for merchants who are under pressure to process payments and orders rapidly, narrowing the timeframe in which they can confirm whether a transaction may be fraudulent and prevent money or goods coming into the possession of fraudsters.
The answer lies in combining the expertise of fraud managers with the ability of machine learning technology to identify suspicious activity. On their own, each is reasonably effective – but together they are a powerful combination in the quest to enable fast, accurate fraud decisions and improve response times for active payments processing.
