Fighting fraud with tech

The technological progress of retail has created a wealth of opportunities for criminals. From credit card fraud to the theft of passwords, they have had a field day for years at significant cost to retailers, and the customer. Ralf Gladis, CEO, Computop explains how to fight back with technology

While technology has enabled crime, it also makes fighting it more effective. Developers of fraud-detection software, for example, claim they can detect fraud attempts on credit cards faster than an airbag inflates.

For retailers, there’s an important balance to be struck between defending themselves against fraudsters and ensuring they don’t scare away customers. Just because someone is behaving unexpectedly, doesn’t mean they’re a criminal.

The rule-based systems that were the backbone of automated fraud prevention for years, such as the assumption that the same credit card could not be used in two distant locations within a short time, therefore raising suspicions, no longer work today. In globalised eCommerce, a consumer can quickly go on a virtual shopping spree through the world’s cities during their lunch break, making multiple purchases without raising any red flags.

Inevitably, retailers have become more likely to reject a purchase if their systems suspect fraud, but there is a danger that the value of rejected purchases will be significantly higher than fraud-related losses, leaving them not only with a lost sale, but rejecting a customer who is unlikely to return.

The same conundrum applies when it comes to ‘friendly fraud’ cases, in which a customer claims that a credit card payment has been made without their authorisation, sometimes because they have forgotten a purchase, or because they don’t recognise the trading name. Or when they want to return an item to get their money back, knowing that they are giving false information to secure the refund. Every one of these incidents is technically fraud, but the fact many unjustified payment claims made in error go unchallenged.

The argument for more sophisticated detection tools that can make sense of buyer behaviour is, therefore, strong.

Solutions: the changing face of prevention

Big data

It doesn’t matter to the retail bottom line how the plunder takes place, it is vital to intercept it whether it’s a genuine customer or a criminal, and the answer is by using big data. In large amounts of data, modern analytical tools can detect hidden patterns that would never be noticed at the level of an individual retailer.  This is where payment service providers, banks and credit card organisations come into their own. They can scan the data stream on a huge scale and offer fraud prevention as an extra service to their customers.

Machine learning

The fight against eCommerce payment fraud has much in common with defending against cybercrime. Criminals will develop new fraud patterns in response to changing customer behaviour, or to combat new detection techniques, so it’s never possible to deliver 100% protection against fraud. However, machine learning is providing new insights and observations based on in-built self-learning algorithms that can recognise clean, categorized data, and filter out deviating patterns. If recurring patterns emerge that do not correspond to expectations, this can mean one of two things: the habits of consumers are changing or there’s a new attack vector.

Behavioural analysis and customer transparency

If suspicious activity is detected, appropriate rules can be applied, for example, recommending a manual check or blocking the customer with a request to contact customer service. The tools used in the live monitoring of transactions also include behavioural analysis. Characteristic patterns are assigned to customers, retailers, user accounts, and devices. The respective profiles are constantly updated, allowing a prediction of future behaviour to be made at any time, which can be compared with actual behaviour.

Profiles can store information on when and how often addresses or passwords are changed or replacement cards requested. The financial data recorded covers typical shopping activity, including times of day, locations, or whether a customer pays by card only above certain amounts. And as well as analysing one customer’s behaviour, a comparison with the typical behaviours of other customers is also possible.

Ideally, retailers would have total customer transparency. The better the system knows the person, the harder it is for a criminal to slip into their skin. However, although criminals themselves use state-of-the-art data analysis to perpetrate their crimes, for retailers this level of detail and complexity is at odds with the spirit and letter of GDPR. The answer to this is to separate the analysis from the person. Again, technology provides the fix: the data is anonymised, but it still provides the insight.

An incentive to prevent fraud: PSD2

So, arming themselves against unfriendly and friendly fraudsters is important for retailers, who will be aware that they need to implement Strong Customer Authentication (SCA), the standard developed under the Payment Services Directive (PSD2) to enhance the security of credit and debit card payments.  This is because the greater the chance of being targeted by criminals, the greater the retailer’s legal responsibility to prevent it. In future, online payments will be subject to a transaction risk analysis (TRA). The threshold values set for this will determine how strict the requirements are that are placed on the authentication of customers. Those who demonstrably have no significant problem with fraud attempts may do business without strong authentication, which many retailers still see as a deterrent to conversion.

Fraud is increasing in scale and complexity, and the focus has shifted online with the damage spread over billions of small incidents. These are rarely worth the effort of consistent criminal prosecution, but they represent a significant cost to customers and retailers.  

The onus is on retailers, banks and payment service providers to get to grips with the problem. Developments in AI and data collection — the ability to mine and analyse data amassed at speed and scale —make it easier to counter-attack. Technology is providing solutions for the problems it creates, and while fraud (just like other crimes) can never be eradicated, it can be effectively managed.

Advances such as biometric authentication via a smartphone offer the opportunity to make payment easier, faster and more secure. For companies that can keep the fraudsters in check there’s a double advantage: a simpler and safer check-out experience for the customer and greater profits.