Predicting payment fraud: The power of real time analytics

SAS Fraud Management equips Nets with unmatched capabilities to predict and prevent fraud

Global digital payment transactions are projected to reach US$11.5 trillion in 2024 – that’s $22 million processed every minute, 24 hours a day, seven days a week. That’s a lot of activity to camouflage fraud. Fraudsters thrive in chaos. In fact, they rely on it.

Nets, part of Nexi Group, is one of Europe’s largest digital payment services providers. It serves 740,000 merchants via point-of-sale terminals, e-commerce and payment processing, and provides 250 banks and other card issuers with card processing, fraud and dispute services, and data analytics.

The exponential growth in online shopping in recent years has had mixed effects. Global e-commerce sales reached $4.2 trillion in 2020 and are projected to nearly double to $8 trillion by 2027. However, this growth is accompanied by a significant increase in fraud, with global merchant losses from online payment fraud predicted to exceed $362 billion from 2023 to 2028.

Payment fraud has become increasingly sophisticated. As quickly as card user safeguards are designed, fraudsters find ways to subvert them. They’re exploiting weaknesses in two-factor and multi-factor authentication systems and using social engineering techniques such as phishing and smishing attacks to obtain authentication details and then pretexting to trick users into providing their payment tokens or other secure information.

“In the past, we could trust that payments were secure when they were done with these secure methods or tokens,” says Jukka-Pekka Kokkonen, Head of Fraud and Dispute at Nexi Group. “But now we are seeing customers give their identification and authentication methods to fraudsters, and then we have very limited methods to stop the fraud."

This is a growing global challenge. Fraudsters are continually evolving their tactics, so banks and payment service providers (PSPs) like Nets must also adapt their responses to more accurately pinpoint unusual transactions.

Stopping fraud in mere seconds

Banks and PSPs get less than the blink of an eye to stop fraudulent transactions and protect customers.

“The speed of change, the attack vectors and fraud patterns are changing more often than in the past, and that can be a challenge,” Kokkonen explains. “So we are using new data points: We’re using 3DS data, we are looking into crypto data and we are trying to find token data. With SAS Fraud Management, we can process massive amounts of data to identify unusual patterns and sift the fraudulent transactions from the authentic ones – all in real time.”

With SAS, Nets simplifies data integration, enabling it to integrate its own internal data with that of banks as well as third parties to create better predictive modeling. The data is collected in a single solution to give Nets the agility to respond faster to new threats as they arise.

“Because of the nature of this battle, it’s critical to constantly monitor fraud detection performance,” Kokkonen says. “The SAS solution provides a wealth of up-to-date information about the performance of our fraud defenses and allows us to adapt as needed to battle changing threats in different regions of the world.”

Nets is using these adaptive, real-time fraud detection systems for payment cards, educating customers on the perils of sharing authentication credentials and communicating in real time with customers to help them avoid fraud attempts.

“Issuers can also help themselves – for instance, when they’re doing token enrollments, they should monitor for recognizable patterns such as duplicate phone numbers across accounts,” Kokkonen explains. “We are helping our customers recognize those discrepancies and run other fraud-prevention applications in real time using SAS Fraud Management.”

Cumulatively, these efforts are helping Nets protect customers.

Real-time fraud prevention paired with human reasoning

Fraud detection systems have milliseconds to assess risk and identify suspicious activity – otherwise organizations will be facing the difficult task of clawing back fraudulent payments. Nets uses two complementary models, a SAS model and an in-house model, to identify anomalies. In real time, the models measure every single transaction against existing customer data, including a customer’s typical spending patterns, geolocation data and device data. This additional level of profiling reduces false positives that can hurt customer relationships and false negatives that can reduce Nets and its clients’ profitability.

When suspicious activity is detected that is scored as high-risk, it is stopped immediately. Then an alert is routed to an agent for immediate review. “SAS Fraud Management makes it easy for us to prevent highly suspicious transactions,” Kokkonen says. “When transactions are flagged as high-risk, we are almost sure they are fraudulent, so we stop them before they even happen. And we have our agents look at any transactions that are medium- or low-risk within one minute of the alert firing.”

“We have integrations to trigger two-way SMS, so the customer will get a notification that there is a suspicious transaction and we want them to contact us to confirm or deny it,” Kokkonen explains.

AI fuels the next round of cat and mouse

Fraud patterns are constantly changing, so Nets turned to AI to improve its fraud modeling. Using its robust dataset, Nets began identifying new ways to spot and stop fraud.

“Fraudsters are starting to use AI and we are constantly trying to identify new AI and GenAI approaches to improve our model predictions. The advanced methods and tools are using our transaction and session data. We are now also considering using third party data to improve the model prediction,” Kokkonen confides. “We will in the future – in the very near future – start to test how to more precisely apply the new and advanced methods to defend our customers from AI fraud.”

Unlike traditional methods of fraud, which rely on breaking through security using technology, social engineering exploits human weaknesses. AI and generative AI will continue to improve fraudsters’ ability to apply more convincing social engineering techniques.

“We need to find ways of recognizing those patterns and to validate the identity of the card holders,” Kokkonen says. “It’s possible that fraud will move earlier – to the credit application phase. Fraudsters are also using stolen identities to get a loan and then transfer that money, launder the money or get it into their hands. We are working to understand those connections as well.”

Kokkonen continues, “There are two sides to AI – it can help fraudsters improve their skills, but it will also help us catch them. The cat-and-mouse game will continue. They will be using AI to test our fraud rules, models and performance, and find the thresholds we are currently using. So more than ever, we need to be able to change the rules and make the thresholds change too.”