Using technology to stay ahead and manage payment fraud

man with mask at laptop

Share this post

With two-thirds of businesses struggling to combat fraud, The Payments Association examines how data, artificial intelligence and verification tools can be used to mitigate the risks.

Almost two-thirds (64%) of global business leaders have found it increasingly difficult to combat fraud since the Coronavirus pandemic, according to research conducted by Stripe. This is, in part, due to the creation of thousands of new e-commerce businesses, which in turn have provided ample opportunities for fraudsters.

Tactics used to carry out payment fraud have also become more sophisticated as technology has evolved. For example, there has been a growth in automated bot attacks – the method of choice for testing stolen identity credentials.

Fraudsters have taken advantage of customers move to remote banking during the pandemic. According to a report by UK Finance, losses arising from internet banking fraud reached £111.8m in 2019. In 2020, that number increased by 43% to £159.7m in losses. As a result, companies are struggling to keep pace with the evolving online methods, volume and tools used by scammers.

Therefore, the “next evolution” in fraud management should focus on “richer data to inform fraud models”, says Will Megson, product lead for Stripe Radar. “The tools and technology to gather this information are available today, but they are often in siloed, disparate systems; businesses may have separate tools for identity verification and biometrics, for example.”

Leveraging data to consolidate information is a key step to making fraud management systems for effective. Colin Neil, UK managing director at Adyen, says: “Businesses that make use of in-built risk management systems will benefit from trend data from across the whole platform. This helps detect and mitigate fraud, as well as assisting in handling disputes and chargebacks.”

As fraudsters increasingly utilise data for their attacks, companies must do the same to combat scams. Card testing, a tool used by scammers to obtain long lists of stolen credit card data, has been a significant headache for companies.

Card testing enables fraudsters to make thousands of purchases over a very short time period to check if the cards are still active. The attacks can negatively impact businesses in a number of ways, including higher payment processing costs, failure risks, or immobilising their websites under heavy traffic.

Research conducted by Stripe illustrates that card testing has increased significantly, with 40% more businesses exposed to such attacks today compared to before the pandemic.

Artificial intelligence making fraud decisions

Machine learning, a subset of artificial intelligence, has emerged as a key tool to combat fraudulent transactions. It has the advantage of processing data at rapid speed and identifying suspicious patterns.

More advanced AI used in payment fraud management can take various data points and make contribution to decisions, explains Sunny Thakkar, head of global merchant fraud and exemptions products at FIS.

“Artificial machine learning is super important because with the amount of information we need to infer, a machine can make those decisions within milliseconds. Whereas humans write rules to try and keep up with the trends, the AI can automatically start to figure out these trends.”

For example, AI machine learning can triangulate data such as email address, IP address and physical address to see if there are any red flags in a given transaction.

“It makes us a lot more vigilant in terms of finding fraud that’s more advanced and moving a lot more rapidly than we would with traditional fraud management,” adds Thakkar.

Mastercard has been using AI and behavioural technology solutions to assess data. This includes behaviour such as “how you hold your phone or how fast you type or swipe” says Ian Morris, director communications, C&I at Mastercard. “It acts in real time to detect when devices are compromised and acts quickly to prevent fraud.”

Identification and verification

Additional customer verification and two-factor authentication has also been one of the widely used solutions against payment fraud. Asking for customer information such as names and email addresses helps verify their legitimacy and gives a business more evidence in the case of a dispute.

Two-factor authentication adds another layer of security to a transaction, but applying it dynamically will help guard against unnecessary friction and lost revenue.

However, challenges remain in correctly identifying the cardholder. “It’s a constant arms race when it comes to both technology and strategy, with everyone looking to beat existing systems on their side,” says Gergo Varga, product evangelist at Seon. “Fraudsters are also increasingly sharing their methods and knowledge, as well as renting out their services: Fraud-as-a-Service is a reality today.”

Another fraud management tool used as part of customer verification is address verification service (AVS). However, this method can lead to a lot of legitimate transactions being blocked.

Additionally, “AVS really only works in three countries, which is the UK, the US and Canada”, claims Ed Whitehead, managing director EMEA at Signified.

“If you’re using an AVS filter, and you’re shopping for a Christmas gift to send to your brother who lives in France, suddenly that AVS filter is blocking a good order,” says Whitehead. He explains that companies should remove the reliance on rules-based data points and actually look at the transaction as a whole. Capturing large data points will allow companies to have supporting evidence to be able to assure a gateway (or an internal merchant) that this is a good transaction.

“It is all about the ability to process your data, understand that feedback loop automatically and iterate and improve the outcomes each time,” adds Whitehead.

While payment firms and banks can feel as if they are playing catch up to the tactics of fraudsters, the ability to accumulate data points and use them for effective decision making will level the playing field. Investing in verification tools, AI or machine learning might be seen as a significant upfront cost; however, it could potentially, save companies thousands of pounds – and more importantly, customer trust – in the future.

More To Explore

Membership

Merchant Community Membership

Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.

Welcome

Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?