Voice of the Industry

The lay of the fraud land: Q&A Session with merchants - Series III

Friday 28 January 2022 10:59 CET | Editor: Simona Negru | Voice of the industry

As we found out what fraud trends are on the rise and the pandemic's influence on the level of fraud, it is now time to discover the best practices in fighting bad actors. Here is the third and final question in our Q&A session with merchants.

What are the technologies and developments you consider most promising to outsmart fraudsters, while trusting the legit customers?

Cristián Barros, Head of Fraud Prevention at Cornershop by Uber

Fraudsters are getting more sophisticated, using advanced technologies. Therefore, there is a strong need for fraud managers to utilise similar or even more advanced tools to be one step ahead without adding friction to the checkout flow. Technologies such as graph tools and fraud detection using in-house machine learning models are becoming more common. The sector should expect to see further partnerships with third-party providers that offer access to a broader spectrum of information to feed their models. Besides this, there is still a strong need for merchants to fight the issue, and having alert groups with merchants, issuers, and fraud prevention providers on messaging platforms can also help reduce the impact of fraud attacks.

Pamela Cronin, Senior Payment and Fraud Manager at Insparx

There are many products and fraud prevention tools available to merchants, which can help to outsmart and deter fraudsters. Machine learning models are a useful tool in order to detect fraudsters, however they constantly require updates in order to keep up with the fraudsters’ ever-changing methods. In the fraud industry, it is always a game of cat-and-mouse. In the future I think there will be more requirements for AI and digital fingerprinting in order to detect fraud.

The ability to be able to detect bots and sweatshops is also important, particularly in the dating industry. By applying friction to those which are suspicious can prevent fraud and the idea to make it less economical for fraudsters to target platforms will bring benefit in the future.

Stephan Spijkers, Co-Founder at PIMVendors

For a large part, the direct integration of multiple existing antifraud technologies into a broader range of payment platforms is promising. Personalisation and using all prior customer data (IP address and changes, cookies, machine info) to detect account takeovers or odd behaviour, and combining this data automatically and in a smart way is on the rise as well.

Ravi Purohit, Associate Director, Products at Rakuten

Companies can adopt strong authentication, risk-based profiling, and remote access management policies to address these challenges.

Strong authentication involves adopting at least two out of the three factors from:

  1. knowledge (something the customer knows like a PIN, password, or challenge answer);

  2. possession (the customer owns this, e.g. cell phones, hardware keys, or cards); 

  3. inherence (a customer’s biometric marker such as a fingerprint or voice authentication).

Risk-based profiling can be a great tool to get the right balance of trusting the legit customers yet flagging any potential fraudulent attempt. To enable this, companies can use the data history of a customer’s device fingerprint, browsing pattern, time zone, geography, purchase history, cart values, and other behavioural patterns to determine the risk profiling scenario. If all things are consistent, then the customer journey can be made quite smooth. However, if there are inconsistencies, then machine learning algorithms can flag the pattern asking for additional authentication.

Companies need to educate employees about phishing attacks regularly, implement DMARC policies, adopt multi-factor authentication for VPN access, leverage IP address whitelisting, and limit remote desktop protocol access to avoid business email compromise frauds.

Juan Pablo Ortega, Co-Founder at Rappi

There are two different ones in my opinion:

  1. Machine learning models: as computer power increases, companies are being able to create complex machine learning models that have thousands of variables. These variables include things like how fast a user is typing, their orthography or even the position of the phone being used. Every time a fraudster is identified, this model becomes more accurate and is able to predict fraud faster.

      2. Biometric authentication: there are companies working on the ability to authenticate a customer using a selfie or a picture of their fingers. This kind of technology will eliminate any way for fraudsters to use another person’s payment method or account.

Elena Chen Michaeli Fraud Fighter at Shutterstock and MRC Education Committee Member at Merchant Risk Council

Fraud patterns are not unique to each industry, but they are unique in the way they are executed. Every industry and entity is susceptible to account takeovers, so nobody is immune. However, the information fraudsters need to access an account varies by industry and even between different entities within a given vertical.

The best fraud detection tools include those that integrate machine learning and analytics capabilities that are appropriate for your business along with fraud prevention tools that will obstruct and help detect suspicious activities.

Nevertheless, I believe it is extremely important not to disregard the manual rules when catching the various fraudulent methods that are constantly evolving. This is an important issue when it comes to preventing as many false positives as possible to ensure a splendid customer experience for legitimate clients. It boils down to what a company offers, how it develops it technologically, how policies are applied, and how they are enforced. We need to bear in mind that the easier it is to exploit, the more fraudulent activity we will see.

Yassamine Taghilou, Anti-Fraud Manager at Vestiaire Collective

I believe machine learning and artificial intelligence can outsmart humans when handling lots of data, and they can be trained per geo-segments and countries with consumer psychology of online shopping. Cultural heritage affects attitudes toward fraud, as we can see common indicators between fraudsters from the same segments and they have their own fraud trends and behaviours to commit a fraudulent action. Therefore, appropriate data-tracking to get real-time data about users’ behaviours can be used to leverage machine learning to deploy an accurate risk score in every level of user journey in the ecommerce platform. Business teams can help with updating the data by getting info regarding new markets and marketing events (distribution of vouchers, promos etc.).

Moreover, graph analytics can help detect rings of clients interconnected across personally identifiable information such as an address, a phone number, a date of birth, an IP address etc.

Fraud should be also prevented in each department by a regularly updated risk assessment and a framework used to conduct the culture of anti-fraud in different departments by detecting the present opportunities and staying ahead of fraudsters.

At Vestiaire Collective we have fraud governance, which involves scheduling monthly risk-fraud committee meetings and calculating the likelihood and different potential business, reputational, and legal impacts in each segment where fraud can be committed in our organisation.

Elena Emelyanova, Senior Payments and Fraud Manager at Wargaming.net

There is no such technology that may outsmart fraudsters and will never be, because any new technology or development aiming to fight fraud is already or will be immediately used by fraudsters. Moreover, it is not us, fraud fighters, who are trying to outsmart them, but they – those who are scamming our products. We are just following their trends to prevent their negative actions further. It’s a kind of back-and-forth game without the end, which, in reality, encourages both sides to create new technologies and develop security space. 

Most ML-based services that exist now on the market are definitely effective, as they may at least be very close to almost outsmarting fraudsters. But these services are never good enough not to block a single legit customer, which means there is still room for improvement. There is also a huge potential capacity in biometrics development, and I hope this will be the next step in improving the ecommerce protection shield.

Omer Shatzky, Head of Billing & Payments at Wix 

  1. Trustworthy networks of known good and bad users in the ecosystem (consortium of many merchants);
  2. Multilevel user profiling taking into account user identity/identity verification liveness check, behavioural data and purchasing history. At Wix Payments, we see the users from different angles for example, as a Wix user building a site, a premium user buying a plan and a domain, a processing merchant using Wix Payments going through the KYC/KYB etc.;


      3. Machine learning and anomaly detection that is based on a wider set of data points coming from the platform  standpoint like the business blocks you’re using at Wix (inventory, CRM, marketing) and not just the payment data; d. Wider adoption of secure payments options like Apple Pay, Google Pay etc.

This editorial is part of the The Fraud Prevention in Ecommerce Report 2021/2022, the ultimate source of knowledge that delves into the evolutionary trail of the payments fraud ecosystem, revealing the most effective security methods for businesses to win the battle against bad actors.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: fraud prevention, merchants, bot attacks, online authentication, machine learning, artificial intelligence
Categories: Fraud & Financial Crime
Countries: World
This article is part of category

Fraud & Financial Crime