Predicting payment fraud: The power of real time analytics

SAS Fraud Management equips Nets with unmatched capabilities to predict and prevent fraud

Global digital payment transactions are projected to reach US$11.5 trillion in 2024 – that’s $22 million processed every minute, 24 hours a day, seven days a week. That’s a lot of activity to camouflage fraud. Fraudsters thrive in chaos. In fact, they rely on it.

Nets, part of Nexi Group, is one of Europe’s largest digital payment services providers. It serves 740,000 merchants via point-of-sale terminals, e-commerce and payment processing, and provides 250 banks and other card issuers with card processing, fraud and dispute services, and data analytics.

The exponential growth in online shopping in recent years has had mixed effects. Global e-commerce sales reached $4.2 trillion in 2020 and are projected to nearly double to $8 trillion by 2027. However, this growth is accompanied by a significant increase in fraud, with global merchant losses from online payment fraud predicted to exceed $362 billion from 2023 to 2028.

Payment fraud has become increasingly sophisticated. As quickly as card user safeguards are designed, fraudsters find ways to subvert them. They’re exploiting weaknesses in two-factor and multi-factor authentication systems and using social engineering techniques such as phishing and smishing attacks to obtain authentication details and then pretexting to trick users into providing their payment tokens or other secure information.

“In the past, we could trust that payments were secure when they were done with these secure methods or tokens,” says Jukka-Pekka Kokkonen, Head of Fraud and Dispute at Nexi Group. “But now we are seeing customers give their identification and authentication methods to fraudsters, and then we have very limited methods to stop the fraud."

This is a growing global challenge. Fraudsters are continually evolving their tactics, so banks and payment service providers (PSPs) like Nets must also adapt their responses to more accurately pinpoint unusual transactions.

Finding fraud faster

Payment card fraud is by no means a victimless crime. Besides the losses for consumers, merchants and banks, the proceeds from digital card fraud are known to finance other criminal activity, such as human and drug trafficking.

“When you are combatting payment card fraud, you are essentially in an arms race with cybercriminals,” says Jeppe Kirkegaard Folling, Vice President of Fraud and Disputes at Nets. “Their incentive to find new avenues to trick consumers or use stolen personal data is strong, so we must be even more innovative and diligent than they are.”

Folling and his team are continually working to optimize the performance of Nets’ real-time fraud platform, which is based on SAS payment fraud solutions.

SAS Fraud Management provides enterprisewide fraud detection on a single technology platform, covering multiple business lines and channels as well as real-time analytics execution and decisioning capabilities. SAS Fraud Management can be deployed on premise, via the cloud or delivered as Software-as-a-Service.

Real-time fraud prevention paired with human reasoning

Fraud detection systems have milliseconds to assess risk and identify suspicious activity – otherwise organizations will be facing the difficult task of clawing back fraudulent payments. Nets uses two complementary models, a SAS model and an in-house model, to identify anomalies. In real time, the models measure every single transaction against existing customer data, including a customer’s typical spending patterns, geolocation data and device data. This additional level of profiling reduces false positives that can hurt customer relationships and false negatives that can reduce Nets and its clients’ profitability.

When suspicious activity is detected that is scored as high-risk, it is stopped immediately. Then an alert is routed to an agent for immediate review. “SAS Fraud Management makes it easy for us to prevent highly suspicious transactions,” Kokkonen says. “When transactions are flagged as high-risk, we are almost sure they are fraudulent, so we stop them before they even happen. And we have our agents look at any transactions that are medium- or low-risk within one minute of the alert firing.”

“We have integrations to trigger two-way SMS, so the customer will get a notification that there is a suspicious transaction and we want them to contact us to confirm or deny it,” Kokkonen explains.

AI fuels the next round of cat and mouse

Fraud patterns are constantly changing, so Nets turned to AI to improve its fraud modeling. Using its robust dataset, Nets began identifying new ways to spot and stop fraud.

“Fraudsters are starting to use AI and we are constantly trying to identify new AI and GenAI approaches to improve our model predictions. The advanced methods and tools are using our transaction and session data. We are now also considering using third party data to improve the model prediction,” Kokkonen confides. “We will in the future – in the very near future – start to test how to more precisely apply the new and advanced methods to defend our customers from AI fraud.”

Unlike traditional methods of fraud, which rely on breaking through security using technology, social engineering exploits human weaknesses. AI and generative AI will continue to improve fraudsters’ ability to apply more convincing social engineering techniques.

“We need to find ways of recognizing those patterns and to validate the identity of the card holders,” Kokkonen says. “It’s possible that fraud will move earlier – to the credit application phase. Fraudsters are also using stolen identities to get a loan and then transfer that money, launder the money or get it into their hands. We are working to understand those connections as well.”

Kokkonen continues, “There are two sides to AI – it can help fraudsters improve their skills, but it will also help us catch them. The cat-and-mouse game will continue. They will be using AI to test our fraud rules, models and performance, and find the thresholds we are currently using. So more than ever, we need to be able to change the rules and make the thresholds change too.”