The complex faces of risk management and fraud
To respond to some of these challenges, we have released our 7th edition of the Web Fraud Prevention, Identity Verification & Authentication Guide to provide payment and fraud and risk management professionals with a series of insightful perspectives from industry associations and leading market players on key aspects of the global digital identity, transactional and web fraud detection space.
The guide is structured in three parts; the first part focuses on presenting the industry, with its most acute problems, but also shares some best practices from industry leading players on how to tackle them. With the advent of digitalisation and the use of smartphones, business and fraud coexist globally, both seen as profitable activities, involving large masses of customers. The surge in demand for many goods and services has enabled not only businesses’ profits to soar but also fraudsters to capitalize on this growth. Bad actors are tricking retailers/merchants/banks by hiding beneath large transaction volumes and exploiting the fact that many products and services providers are willing to accept a greater degree of risk in order to approve more orders.
Key challenges for businesses
One of the biggest challenges in the fraud detection space for retailers/merchants is that for consumers, a transaction needs to happen in the blink of an eye, and therefore fraud controls should be invisible for them. However, fraud attacks are becoming more sophisticated, with fraudsters having access to the latest technology and sophisticated tools. Therefore, what is really needed? A fraud management solution can track the customer’s behavioural patterns (behavioural profiling) and instantly detect and report any signs of fraud, triggering a step up authentication to mitigate the potential risk (risk-based authentication).
Similarly, when it comes to financial institutions (FIs), FIs are under intense competitive pressure to make the banking experience easier and frictionless (while regulators in Europe appear to be taking the industry in a different direction, thanks to the second Payment Services Directive’s requirement for Strong Customer Authentication).
The faceless nature of the online and mobile channels makes authentication hard, however, the large amounts of data that have been breached in recent years combined with fraudsters’ use of phishing, social engineering, and malware make authentication much more difficult. As a result, some of the top threats for 2018 in ecommerce and banking are account takeover and new account applications, according to Aite[MC1] .
For Europe especially, but also for the US, Canada and Australia, in 2018, financial discussions revolved around Open Banking initiatives. The concept of open banking promises users greater control over their financial data; however, it is not without risks, and its success is tied to consumer confidence when it comes to the security and privacy of their information.
At the moment, businesses have become incredibly dependent on a network of systems to manage, store, and transmit information such as financial accounts, personally identifiable information, intellectual property, transaction records, etc. Within this web, authentication, validation and verification have turned out to be central to the ability of these businesses to effectively secure access to consumer-facing digital channels and the systems that underpin their operations.
The right tools for fighting fraud
The second part of our Web Fraud Prevention, Identity Verification & Authentication Guide 2018/2019 focuses on mapping the key players in the fraud detection, identity verification and online authentication space. The chapter aims to create an accurate picture of what the fraud detection, identity verification and online authentication offerings look like, and it displays the key players of the industry together with their main capabilities. Depicting the most important features of each company is part of our goal of helping merchants, banks, fintechs and payment service providers to grasp the current market opportunities and to use them according to their own needs.
The whole range of capabilities is designed to address the pain points that organizations in the payments space are struggling to remove. To do so, security and risk management leaders involved in online fraud detection have started using machine-learning analytics, cloud-based deployment options, artificial intelligence, behavioural analytics, and massive global data networks.
Such technologies generate real-time insights into the nuanced patterns of fraud to enable businesses to spot and fight fraud. These patterns are based on geography, industry, time of day, time of year, and over 15,000 other signals. Fraud management specialists/vendors have developed networks that analyse millions of transactions in real time across billions of devices.
Finally, the third part of our Web Fraud Prevention guide, the Company Profiles section, offers insights into the capabilities fraud prevention companies offer businesses in order to spot fraudulent attacks, stop them and prevent them from happening.
Obviously, we would like to express our appreciation to the Merchant Risk Council and Holland Fintech — our endorsement partners who have constantly supported us — and also to our thought leaders, participating organisations and top industry players that contributed to this edition, enriching it with valuable insights and, thus, joining us in our constant endeavour to depict an insightful picture of the industry.
Businesses may think they understand fraud, but the reality is far more complex, and this lack of insight could lead to guessing, incorrect conclusions, and bad decisions. Premises such as the fraudsters as geeky guys, conducting their activities at night in the basements, and living somewhere in Eastern Europe, or that ATOs are relatively low profile events could shape businesses’ fraud-fighting operations from top to bottom. Moreover, these assumptions help determine how analysts set up rules, how many people the fraud team hires and staffs on a given day, and so on.
Therefore, security and risk management leaders responsible for fraud prevention and payment security should align with cross-organizational groups (security, identity and access management, credit/underwriting) to detect high-risk or anomalous activity and identity and tap into technologies that enable fighting against these threats. And if we consider the large amounts of harvested data, the capability of analysing and connecting data across channels is vital for a strong defence.