Machine learning against online fraud: the advantage of a risk-based approach

The increasing popularity of online shopping is creating new security risks in the transaction process. Data theft and payment fraud are issues that consumers and merchants alike fear. If we look at the current status of online fraud, we see that data breaches still represent a prevalent issue. Moreover, according to a research by the Identity Theft Resource Center and CyberScout, 791 data leaks were reported from large companies in the US from January to June 2017, with criminals stealing credit card information amongst other things. This represents an increase of 29% over the first half of 2016 and exceeded the 781 cases reported for the full year 2015 in just six months. Other studies confirm the trend: according to information service provider Experian, the number of data leaks in ecommerce increased by 56% in 2017 compared to 2016.

Risk-based instead of rule-based

In the fight against fraud, payment service providers (PSPs) must have better tools at their disposal than ever before. Rule-based fraud prevention is replaced by risk-based fraud prevention. The difference: previous procedures allowed the risk assessment to be based on certain rules according to which a transaction was approved or rejected. The criteria were, for example, in which country the buyer uses a credit card, whether the device with which he pays online is unknown to the system, whether he uses the card several times at short intervals, and whether he exceeds a certain amount of money when paying. In practice, many other rules apply but, despite their complexity, they do not protect against fraud as effectively as the machine learning method does.

The new generation of risk management that has been used at Computop since the end of October 2018 is not only more flexible than before, but also more secure and efficient. The new Fraud Score Engine uses machine learning to automatically optimise fraud prevention and it eliminates the need for manual intervention. The algorithm behind the risk cost calculation learns with each transaction and improves the accuracy of the risk assessment accordingly. If buyer behaviour changes and new fraud scenarios emerge, it adapts. A concrete example illustrates this method:

Previously, the retailer made a yes/no decision in which various factors were queried, for example: ‘If a transaction exceeds the amount X and is made in country Y, it is rejected.’ On the other hand, an intelligent fraud scoring engine calculates probabilities: ‘What proportion of all fraud cases recorded to date deal with amounts greater than EUR 500, and what percentage of successful, clean payments is greater than EUR 500?’ This results in a data record that the system uses to calculate the probability of fraud. This method is much more accurate than the rule-based approach and can be applied to all parameters (payment location, device used, etc) that also use rule-based fraud prevention. The accuracy of the calculation improves with every payment transaction because, based on the empirical values from past transactions, the precision of the probability calculation for each individual parameter increases, thus the quality of the overall statement increases as well. Essentially, this is the greatest benefit of risk-based fraud prevention.

Adaptable, fast and flexible

Combined with all the risk factors taken into account – such as transaction duration, correspondence between invoice and delivery address, use of an anonymisation service, and many more –, the engine calculates a score value within fractions of a second, which represents the basis for the decision, as to whether the transaction should be submitted to the card-issuing bank for protection via 3-D Secure.

If the risk factors regarding fraud represent less than a certain value, the system does not perform an additional query. In the case of a medium value, the bank either uses its own checking system to relieve the customer of entering a password or it requests the password directly. If the 3-D Secure procedure is used, the bank also takes over the liability risk from the merchant. If the score is clearly within the red range, the transaction is rejected directly.

The risk-based method fundamentally changes fraud prevention. Until now, rule creation was a manual process based on individual traders. The automation now increases flexibility and it is able to drive double-track. On the one hand, this approach assesses the risk-based on trader-specific transaction characteristics, and on the other hand, it uses the entirety of all anonymous transactions of the PSP for forecasts.

Therefore, each transaction is protected the best possible way, on the basis of the past, and subsequently contributes to further optimisation. In principle, PSPs include both successful transactions and chargebacks from the acquirer’s settlement files in their risk analysis. Machine learning enables the scoring engine to move away from the purely manual adaptation to new threats, that has been adopted, so far, by organisations. This was time-consuming, inaccurate, and inflexible.

With machine learning, the reaction speed to fraudulent actions increases, as the retailer can rely not only on his own transaction data but also on risk assessments from Computop’s past payment transactions – thus, on a significantly higher overall population. The combination of machine learning and rule-based risk prevention offers the best possible protection, with experienced experts monitoring the process and providing the artificial intelligence with the context it needs, to develop further and work with the right assumptions.

This editorial was first published in the The Web Fraud Prevention, Identity Verification & Authentication Guide 2018-2019, which offers a complete overview of the latest trends into digital onboarding and fraud mitigation.

About Ralf Gladis

Ralf Gladis is the Co-Founder and CEO of the international payment service provider Computop – the payment people. In addition, Ralf acts as non-executive Director at Computop, Inc in New York. He is also responsible for the international expansion and strategic planning at Computop.

About Computop

Computop offers local and innovative omnichannel solutions for payment processing and fraud prevention around the world. For ecommerce, at POS and on mobile devices, retailers and service providers can choose from over 350 payment methods. Computop, a global player with locations in Germany, China, the UK and the USA processes transactions for more than 16,000 retailers annually, with a combined value of USD 34 billion.