Third Generation Payments Fraud Technology is Here. What Is It?
January 28th, 2019 by Earl Stevens
The fight against fraud is more like a race – a long, never-ending ultra marathon where your opponents are always 100 yards ahead of you. If you don’t keep pace, your profit margins are impacted, you put customers at risk, and the government eventually steps in and shuts you down.
If you sprint too hard, you delay legitimate transactions, which alienates your customers and they open an account at your competitor.
So I guess it’s like running an ultra marathon on a never-ending tightrope?
Dumb analogies aside, fighting non-cash payments fraud is a tough challenge. With new advances in technology, increasing government regulation – and new competitors popping up everywhere – the stakes are high, the industry is chaotic, and customers are fickle. When it comes to fighting fraud, it’s time to work harder and smarter.
Before I get into third-generation fraud technology, let’s start from the beginning.
First Generation Payments Fraud Approach
In the early days – let’s say pre-internet days – times were simpler. Fraud certainly existed, but it didn’t evolve and replicate like it does today. Efforts to fight fraud were based on monitoring the number of transactions, and creating rules to define high-risk behavior. For example, it might be worth taking a closer look when a particular customer’s transaction count went from three per week to six per day.
Velocity counting and expert rules were effective, but the fraudsters were soon able to discover the rules and definitions around “risky behavior” and change them slightly to stay under the radar.
Second Generation Payments Fraud Approach
Financial institutions quickly learned that their rules were being decomposed almost as soon as they were implemented. They decided to take a new approach. Technology was improving, and they now had the computing power to analyze historical data and create new fraud models based on risky behavior that occurred in the past.
So they bought a lot of software, a ton of hardware, and hired PhDs to help them analyze data and build fraud models.
Initially, they were very successful. They built neural networks and used advanced statistics to profile risky behaviors. They coded what they learned into logical models that classified behaviors, transactions, and groups of transactions into risk groups where they could be processed according to policy. A couple of things happened to thwart this approach.
First, the internet happened. It became very easy (and commercially imperative) to open accounts, collect data, and perform transactions quickly. Fraudsters adopted these new technologies and used them to perpetuate new types of fraud.
Second, the wonky PhDs charged with building and maintaining the models became utterly overwhelmed. Both with the amount of new data available, and the rapid evolution of fraud. Since they were relying on historical data to build models – and it took 4-6 months minimum to implement a model – a new fraud model was obsolete the day it went live. Which leads us to. . .
Third Generation Payments Fraud Approach
Have you ever seen a three year-old play whack-a-mole? Their reflexes are still developing, and there’s often a delay of about a second between the mole popping up and the kid’s reaction. By then, the mole has retired into the innards of the machine. The kid gets frustrated pretty quickly – especially if he’s just seen his six year-old brother conquer the game and run off with his two dozen prize tickets.
This is how I imagine those still using the second generation approach today feeling. Except they’re trying to whack a mole that popped up six months ago. It is supremely frustrating, ineffective, and expensive.
So what’s the third generation approach? It’s revolutionary. And like most revolutions, it involves a significant cultural change. Here’s the scoop:
Democratizing the Model
Don’t throw your data scientist out the door yet. Historical data is useful and can help you build your baseline model. However, as you’re probably aware, past results don’t guarantee future performance.
Once the model has been built, it should evolve and be maintained by your analysts – those who live in your data every day and see the funky new things as they happen. Empowering them to define these behaviors and build them into the model gives you the ability to instantly inoculate your operations to the scam ‘o the moment.
Utilize a Cognitive Approach
Many second generation systems rely on external data – data from other companies in the industry – to build “consortium” fraud models. Sure, your data is included, but it’s mixed in with a bunch of other companies. The model is built to accommodate what’s typically seen in the industry. If your business is typical, then this probably works.
In our experience, as today’s financial companies continue to evolve, release new products, pursue new channels, etc., they become anything but typical. Why not concentrate on the fraud and behaviors that are relevant to YOUR company? The cognitive approach focuses on the challenges that are relevant to your business.
Protect Your Channels
Whether you’re an eCommerce acquirer, payment gateway, or online payments app, there are unique things that you need to do to secure your channels. New technology will always create pathways for fraudsters to exploit your system. You need to find those paths and shut ’em down.
A common point of vulnerability we see is the inability to secure the identity of a counter party – especially in transactions occurring over the internet. A number of things can be done to validate identities including device fingerprinting/intelligence, IP/ISP profiling, and link analysis. This is another area where “industry standard” just won’t do. Your business is unique, and your risk mitigation strategy in this area should fit your business.
OK – final note here – I mentioned that migrating to a third generation approach was somewhat of a revolution. That can be scary. But the good news: Revolutions also happen fairly quickly, and no exception here. The third generation platform we work with (IBM Safer Payments) tends to be implemented in months vs. years for second gen solutions. They also are able to re purpose much of the modeling work you’ve already done. And the people who would manage the model going forward are already working for you.
If you’re curious about third-generation payment screening technology and would like to know how it can benefit your organization, please give us a ring!