Fraud prevention technology is much faster and more effective than it was several years ago. What fraud prevention tools do you need to keep your business and your customers’ data safe?
With a growing number of businesses moving to the internet, we are seeing more fraudulent activity. Fraudsters are getting more sophisticated with their attacks, so merchants must pay greater attention to fraud prevention tools.
The increasing amount of available data generates new opportunities to make fraud detection even more accurate than we have today. The development of artificial intelligence, machine learning, and similar techniques gives merchants and payment companies the ability to stay a few steps ahead of the fraudsters. With the right fraud management techniques in place, you can quickly spot behavior that raises a red flag.
A single tool is not enough to defend your business. You need a multilevel approach, so below you’ll find a list of the most important fraud protection tools you should consider.
Geolocation
With geolocation, you can spot the customer based on the IP address and the device’s location connected to their order, so the system informs you whether it’s a country that’s considered high risk. It provides helpful data in the fraud scoring process, so geolocation is a helpful tool, but only if used properly.
You need to remember that the client could make a purchase while traveling abroad, so anti-fraud filters which are too strict can reject a legitimate customer. Also, fraudsters can use proxies to change their IP address, which makes it more difficult to trace their location. This is why you may need proxy piercing technology that will help you spot a proxy address and identify the customer’s real location.
Check your business orders closely—monitor them before shipping and react quickly when you notice repeated order attempts made on the same card.
Address Verification Service
Address Verification Service (AVS) is used besides CVV/CVC to verify whether a purchaser is the card’s owner. It’s a tool that examines the billing information provided by the customer during checkout. If the address entered by the customer doesn’t match the one on file with the card issuer, it’s another red flag.
However, a legitimate customer could make a typo while providing billing information or choose a different delivery address. Another concern is that a fraudster also might be able to provide a valid address.
Blacklisting
Blacklisting helps to track and record the users that show awkward tendencies. You can act effectively against fraudsters and exclude suspicious users by location, physical address, IP address, credit card details, email address, etc.
When a customer is blacklisted, the next time an order is placed from the same email or IP address, the transaction is automatically declined. It seems like an effective solution, but blacklists may also block legitimate customers. According to Riskified, 40-70% of declined orders are legitimate and should have been approved. So, blacklists work well to block orders and filter out fraudsters, but they also increase false declines.
Moreover, fraudsters may use methods that “fool” the blacklists. For instance, they constantly change the details they provide when placing orders online.
3D Secure Authentication
Technically, 3D Secure (Three Domain Secure) is a messaging protocol that involves three domains, such as bank, technology that processes the transaction, and the issuing bank.
3D Secure is an additional security layer for card-not-present transactions. The system is used to authenticate cardholder information and the first version usually requests a static password or PIN. Plus, the liability on every transaction that is successfully verified is shifted from a merchant to the issuing bank.
Introducing 3D Secure to the market has significantly improved online shopping security, but merchants were struggling with a drop in conversion because it negatively impacted the user experience. But now, 3D Secure is getting a makeover.
Issuers receive much more data on each card transaction than in version 1 to provide a seamless payment flow for cardholders. It shortens transaction times and expands authorization rates, which simplifies the customer experience and eliminates redirects. The newer system usually requests tokens or biometrics to authenticate cardholder information, which can decrease the number of fraudulent attempts.
Fraud Scoring
Fraud scoring is based on multiple fraud indicators that are used to generate a score that shows the amount of risk for each transaction. The most common factors included in the scoring process are location, industry, sales channel, or product category.
A scoring example
To receive the most accurate scores, you should focus on a manual review to train the model during the first 30 days. After a month, you can examine what score threshold makes sense for automation. Typically, it starts with blocking when a score is higher or equal to 95 and accept when a score is lower or equal to 20. Then you can test it for 2-3 weeks, and if the results look good, you can increase thresholds, e.g. block when score>=85 and accept score≤30.
The process continues until the merchant reaches a comfortable, steady-state level. However, it’s better to leave it to professionals.
Merchants can use it to automate the anti-fraud process to reject transactions with too high a score, but it’s not always 100% effective, as you can reject a legitimate customer.
Machine Learning
Machine learning is used to teach computers how to act in certain scenarios and how to perform complex tasks, so that machines can predict future outcomes. Of course, it takes time.
The more data that is collected across historical transactions of many clients and industries, the better precision in fraud detecting. In all, it comes with lower costs by minimizing the expenses of manual reviews. But note that a machine learning approach includes manual reviews and it’s not going to change quickly. Even the most advanced machines can’t completely replace humans when it comes to making effective decisions.
This is why machine learning is used in fraud management. Fraudsters are launching more complex attacks than ever before, so merchants need a strong system that detects suspicious transactions. The technique uses historical and live data to create patterns for customers’ behavior and then to evaluate every transaction and make accurate fraud predictions. It allows a look at more granular information a human being might miss when checking transactions manually.
The technique, however, is not perfect, but in many cases could solve lots of problems. The main concern is that sometimes genuine orders may be rejected because they aren’t tailored to the typical behavior pattern. Also, keep in mind that machine learning is based on input data which has to be relevant to identify a suspicious transaction. When we ‘feed’ a computer with inappropriate data, it learns wrong things which may cause irrelevant fraud scores.
Basic machine learning solutions as we know them are inaccurate, as they slowly adapt to new fraud patterns that spring up like mushrooms. That’s why machine learning should be based on a proper set of rules that can filter out the fraudulent events meeting specific criteria. Such filters adjust to specific business models and traffic, which is more accurate than static filters based on well-known patterns and is much faster to adapt to new fraud patterns in real-time.
Artificial Intelligence combined with Business Intelligence
Solutions based on artificial intelligence help you capture data from a customer’s interaction on your website, so you can gather valuable information that you can use in the future to profile your offer better. This means you can have information about purchase likelihood, customer lifespan, and how likely it is that a certain customer is willing to do a chargeback.
The more you know about your customers, the better preventive actions you can take. More data means more information means better business value.
Biometrics
Biometric verification is gaining in popularity and is successfully used by mobile payment platforms. It’s also widely used by online merchants and payment platforms because of the need for strong customer authentication based on PSD2.
The technique is used to strengthen identity matching more effectively than that offered by password, PIN, or card-secured systems. So, the user uses a passcode or thumbprint to unlock the device and then provides another ID to authorize a purchase. Mobile transactions are also tokenized.
Device Fingerprinting
Device fingerprinting is a technique used to identify purchases based on the device used during the transaction. The information is gathered based on the hardware and software installed on a device that is used to visit your site.
Such a solution helps to block devices associated with suspicious activity and anomalies at the device level to detect high-risk login activity. The information helps you determine whether the transaction should be completed, declined or challenged with extra authentication.
Velocity Checking
Velocity checks are used to identify fraud patterns in payment transactions by monitoring each transaction. If the system spots repeated purchases from the same customer within a short period (for instance, the last 24 hours), the transactions will be flagged as suspicious.
The checks are made up of three or more variables and can be based on certain data elements, such as IP address, device ID, credit card number, payment method, billing address, etc.
One thing is certain: fraud prevention must constantly evolve
Fraud management is an ongoing process that involves monitoring, analysis, detection, and decisions to continually learn from fraud cases.
Today, fraud detection requires a comprehensive approach to analyzed data to make more accurate detection of suspicious behavior. There are various fraud cases, and they are not originated from the same source. That’s why you should use versatile tools and apply multilevel security to fight back effectively.
Search for technology that is able to learn from complex data patterns and uncover new schemes to accurately spot and flag any unusual behavior and detect subtle anomalies—one that combines machine learning methods with a number of proven techniques. Ask your payment processor whether they provide a versatile mix of features to collect and analyze the data, so you can rest assured that your business is in good hands.
The thing is to find a reasonable balance between fraud detection and customer experience. With AI-based solutions and a mix of proper fraud prevention tools, it’s much easier to spot fraud attempts accurately without interrupting sales or declining genuine transactions.