Strengthen your payment fraud defenses with stronger authentication
Diana Rothfuss, Senior Product Marketing Manager, SAS Fraud and Security Intelligence Practice
The rapid growth of digital wallets from Google, Apple, Samsung, PayPal and Amazon, as well as payment applications, has ushered in new payment fraud threats to consumers and organizations. Digital payment fraud attacks are becoming increasingly sophisticated, thorough and devastating. Single ransomware attacks can cripple organizations, while fraudsters manage to move billions of dollars between bank accounts every day.
But according to PwC’s Global Economic Crime and Fraud Survey, 34 percent of respondents said their organization’s use of technology to combat fraud wasn’t effective because it was producing too many false positives on fraud alerts. Now more than ever, it’s critical – and more complex – to authenticate users.
Done right, the use of innovative technologies such as artificial intelligence techniques (machine learning and predictive analytics) to combat fraud is a viable and effective solution. Adopting these techniques allows organizations to protect their customers’ assets while reducing false positives – and the resulting customer friction. Unfortunately, most companies have yet to adopt them.
Payments without borders
Cashless transaction fraud knows no borders. With digital payments completed in just a few seconds, there's less time than ever to monitor for fraud on transactions happening simultaneously across multiple channels and countries. To respond, financial institutions should adopt a comprehensive risk mitigation approach encompassing response, detection, prevention, assessment and management.
Authenticating your customers
How can you certify a user’s identity without causing delay in the convenience consumers are seeking? The answer is stronger authentication, not more authentication. Here are four ways to strengthen your authentication defenses:
- 3D Secure authentication and security protocol, becoming more widely adopted by online merchants, helps protect online purchases made with debit and credit cards.
- One-time passwords generated from a standalone application, device or mobile phone strengthen the “what you know” element of authentication.
- Biometric security measures recognize something unique to the user, such as eyes, voice or fingerprint – to take the “what you have” dimension of authentication to a new level and prevent unauthorized access to mobile payment devices.
- Tokenization substitutes a sensitive data element in the transaction with a nonsensitive equivalent, a token that has no extrinsic or exploitable meaning or value.
Holistic customer views using data and intelligence across products and challenges are becoming essential to understand and combat varied fraud challenges. Diana Rothfuss Senior Product Marketing Manager, Fraud and Security Intelligence SAS
Fraud detection pays off
Given the extent of legacy systems in many organizations, implementing these new measures could be a difficult proposition. Fraud managers are very much aware of the need to balance fraud losses with customer experience and operational overhead. Business managers, on the other hand, often underestimate or fail to appreciate the fraud risks and become carried away with the excitement of a new product or service launch. The temptation in the rush to market is to remove or scale down some of the fraud controls.
While the financial costs, implementation time and changes may seem overwhelming, organizations must keep in mind that the reduction in fraud, plus operational and IT cost savings, will surely be worth the investment. The savings not only boosts shareholder value, but can also be reinvested into new products and offerings or other business initiatives.
For a typical enterprise, the goal should be threefold:
- Low fraud losses that are comparable to or better than your peers.
- A high level of customer service (frictionless access, rare false alerts).
- Optimal operational efficiency and effectiveness in fraud processing.
Steps to get you started
And here are four ways to help you fight back:
- Determine your organization’s fraud risk appetite. Once you articulate your objectives, you can set measurement criteria to monitor performance against them.
- Put the right people and policies in place. Teams require people who understand data and analytics but are also versed in investigative techniques and technologies. You also need fraud policies to set a minimum standard for the end-to-end fraud prevention process – including customer authentication and transaction monitoring.
- Get ahead of the regulators on authentication. Mandates for authentication were first put in place in India and Singapore, and the European Central Bank (ECB) is contemplating a requirement that all e-commerce transactions be authenticated.
- Implement strong anti-fraud tools and technology. Balancing your priorities – the best customer service, the lowest fraud rates among peer banks and optimal operational overhead – requires analytics-driven tools and technologies.
Payment providers are always seeking that optimal balance between reducing the false positives that can cause unnecessary customer friction and the false negatives that can lead to financial loss. Getting it right requires analytics – the predictive ability to detect anomalies that represent potential risks – while the customer is waiting.
Recommended reading
- Payment fraud evolves fast – can we stay ahead?Payment fraud happens when a criminal steals a person’s private payment information, then uses it for an illegal transaction. As payment trends evolve, so do the fraudsters. Banks and PSPs can fight back with advanced analytics techniques that adapt quickly to spot anomalies in behavior.
- What do drones, AI and proactive policing have in common?Law enforcement and public safety agencies must wrangle diverse data sets – such as data from drones – in their proactive policing operations. To be most effective, they need modern tools that support AI techniques like machine learning, computer vision and natural language processing.
- Taking pre-emptive action to stem the tide of VAT fraud lossesEU countries lost an estimated €159.5 billion in VAT revenues to VAT fraud in 2014. The solution? Hybrid fraud analytics technology.
Ready to subscribe to Insights now?