Why collaboration is key in the fight against fraud

The fraud prevention industry has seen unprecedented growth in recent years with a market expected to reach USD 42.6 billion by 2023. A growing number of human and technological resources including more than 250 start-ups and over a dozen major corporations joining the fray alongside renewed fervour by regulators – all of which runs parallel with the relentless evolution of fraud schemes. Nevertheless, the increasing number of anti-fraud resources does not necessarily mean that we are winning the war.

Cybercriminals are connecting, what about us?

There are a lot of reasons for anti-fraud professionals to be vigilant in the years to come. On the whole, card-not-present fraud continues being the most pressing payments fraud issue in the US and will remain a key threat for the EU Member States – as reported by Europol in their newly released 2018 Internet Organised Crime Threat Assessment (IOCTA). What drives the lifting ships of fraudsters and their increased level of sophistication is the rising tide of ecommerce sales, increased money flows, the mobile payments boom, constant data breaches and the emergence of new ecommerce merchants. Even though several traditional sectors like transport and retail remain key targets, we are confronted with new business models that are associated with higher levels of complication and vulnerability. Cryptocurrency is one of them. Money launderers are constantly finding new ways to abuse decentralised exchanges in their operation to avoid any Know Your Customer requirements. Regulators are increasingly coming to terms with this threat and are drafting new laws while becoming more forceful in their enforcement. At the same time, the credit card associations are taking action with new rules concerning cryptocurrency activities.

It is worth noting that cybercriminals tend to unite on online criminal forums known as Darknet markets to avoid surface net traceability. Despite the law enforcement agencies’ effort to take down three of the largest Darknet markets (AlphaBay, Hansa and RAMP) in 2017, we all know that criminals will soon migrate towards newly-established markets or to entirely new platforms such as encrypted communications apps. The reason? They need to communicate, to exchange information and to alert each other of potential law enforcement action.

Cybercriminals engage in the dark to get stronger and react faster. What about us – all of those who work on the other side – how strong is our network?

There is a lot of unused information out there

The battle against fraud sees the involvement of various parties including issuers, acquirers, processors, card schemes, service providers and merchants, each of whom plays a different but equally important role. As a result, each party possesses its own set of valuable data. More data translates into better risk assessment. Information is an essential tool against fraud, and we all know that multiple perspectives are crucial in understanding any one issue. This also holds true for handling ecommerce fraud.

Unfortunately, the collaboration mechanisms do not work as they ideally should. Existing legislation doesn’t fully cultivate a collaborative approach. Instead, each party is either trying to pass the fraud liability to a different party downstream or hold the fraud information for their own benefit. Some might want to share their fraud insights but lack access to a reliable community. For instance, Worldpay has found that many merchants collect data to enable real-time risk assessment, and 58% of these merchants know there’s lots of useful customer information within their business that’s not being used to fight fraud. These merchants felt strongly that they could do more to prevent fraud. If there’s so much unused potential inside one organisation, it seems safe to say that the problem only gets worse on the macro level.

It seems that the fundamental step of connecting the dots to complete the anti-fraud picture is missing. In a long-term vision, preventing and combating fraud needs a shared commitment from all. It is something that requires teamwork.

Going beyond data sharing – with education

While data sharing among anti-fraud institutions is crucial, the education of personnel who operationalise this information is decisive. Someone might think that artificial intelligence, machine learning and automated tools can replace humans in data analysis and decision making, but due to the highly flexible adversaries we face, the future of merchant underwriting still involves humans as well as machines.

The question is: How do you become an anti-fraud professional? The reality is that apart from some online courses, and efforts by organisations like the ACFE, there are very few institutionalised options that set someone on the path of becoming an anti-fraud professional, especially in the acquiring space. This is not surprising: ecommerce fraud is a novel field and the slow-moving academia is ill-equipped to teach you when the landscape is changing so fast. Even international law often lags behind the realities in the fraud space.

What is important for any risk expert is to stay curious, informed and get educated continuously so as not to be left behind in the dust. How do you do that? Join relevant trade organisations, follow payments news, attend events or training courses – there are many ways to do this.

Building a community

The key to education is not to remain atomised individuals, all with a good understanding of the problem but isolated from one another. We have to stay engaged in a community of peers, actively share experiences and continue to improve our know-how.

As an industry, we have to build institutions that can facilitate this kind of community-building. This means not only establishing educational programs open for everyone. It also means conferences that aren’t solely dominated by sales pitches and sleek marketing presentations, but the genuine desire to share knowledge and work together.

There have been some venues recently that have started to implement this philosophy more effectively – like Mastercard’s Global Risk Leadership Conferences, Visa’s Global Security Summits, or the conferences of the Electronic Transactions Association and the Merchant Acquirers’ Committee. At Web Shield, we are hoping to contribute to this positive development with our own RiskConnect conference, aimed at bringing together professionals from around the globe.

About Christian Chmiel

Christian A. Chmiel, the CEO and founder of Web Shield, is responsible for the development and implementation of investigation techniques to identify fraudulent or brand-damaging online merchants. He is also a lecturer at the Web Shield Academy and published several books in the fields of fraud, investigations and accounting.

About Web Shield

Web Shield equips the payments industry with tools that protect businesses from merchants involved in illegal or non-compliant activities. Their highly precise solutions provide acquirers, PSPs and other financial organisations with the information they need to make valuable decisions about prospective clients, and alert them when existing clients behave dubiously. With Web Shield, you keep your business out of risky situations, saving time and money.