From Europe to US: addressing cross-border fraud with fraud prevention technology

Risk Ident was formed in June 2012 to help fight online fraud within the Otto Group. How has the company changed since its early days?

As a company within the Otto Group, one of Europe’s largest ecommerce merchants, Risk Ident has plenty of experience with ecommerce. The evolving online fraud landscape helped us to realize in a short period of time that our internal solutions, initially developed for the Otto Group, were useful to other online fraud applications as well. Therefore, we found the opportunity to start working with larger companies as customers, focusing mainly on ecommerce, telecom and financial services. The knowledge exchange and long-time collaboration with our market leading customers help us solve particularly complex problems.

Naturally, we have been constantly seeking growth. Similar to many growing companies, we have experienced the shift from having a small group of people figuring out a customer problem to now having a secure funding base and dedicated technical, engineered and scientific teams formed by experts that put their skills together to solve the unique problems that many large enterprises face.

We currently have an office in Germany and recently we expanded in the United States, keeping our focus on hiring experts in data science and engineering as well.

What triggered your decision to expand business operations in the US?

Online fraud is not limited to a specific region, and at this point, cross-border fraud is painfully felt worldwide. In our cross-border experience with fraud prevention technology and profound domain knowledge, we have been handling millions of transactions and processing data to help merchants in the US and of course globally.

Our business focus is serving large enterprise customers and locating us in the US gives us access to many enterprises, given the large market. In addition, within the Otto Group, we have kept a close relationship with the MIT and we will maintain it, especially as we opened up our new US headquarters at the Cambridge Innovation Center (CIC) near Massachusetts.

What are the key fraud challenges for the European ecommerce market and what emergent trends have you detected so far? Do you anticipate they will be different in the US?

We see a significant increase in fraudsters’ sophistication in both Europe and the US. There are many organized models looking for vulnerabilities in merchants’ defenses, and fraudsters continue to exploit these vulnerabilities. Presently, many companies are starting to use machine learning for fraud detection and prevention and fraudsters are fighting back with sophisticated machine learning algorithms, which put merchants at risk. In other words, merchants need to fight fire with fire and have fraud pattern detection that is as more sophisticated than the fraudsters.

For example, it’s not difficult to purchase records from the dark web in bulk, and data breaches continue to increase at a significant scale in almost all regions and industries. Therefore, chances are high of having compromised information at the consumer level, which means more data available for fraudsters to utilize and test in different ways. We also see examples of low value fraud, where a payment testing mechanism is used to see if card payment methods are valid before being used on higher value fraud. At the same time, we see examples of high value merchants that do not experience a high number of chargebacks. However, as soon as a vulnerability is exploited, the situation may change dramatically. For example, in the absence of a fraud prevention team that may traditionally operate five days a week during business hours, a vulnerability may be exploited on Friday night and by Monday, that company may register a major loss. These trends continue to emerge at a global level and our machine learning solutions spot the patterns indicative of this behaviour.

In the US, the introduction of EMV chip card pushed significant amounts of fraud online, making many standard protection models no longer as effective. Therefore, we feel our experience in the European environment will be a big benefit to our protection model in the US, especially since the European card present market is generally seen as more protective and requires strong online protections.

Machine learning is a hot topic these days. What is your take on this as a solution?

Machine learning can be extremely powerful for fighting fraud when used properly and with the correct data sets and used in the correct application. Machine learning is like the brain - if you feed it with healthy food, in this case the equivalent of good data, you are likely to bring out good results; if you feed it junk food, such as too much irrelevant data, then you often lack the precision that you need (too many false positives or insufficient chargeback reduction). Our product suite is a machine learning core, trained with features that have come from the data. Our solution helps reduce the grey area between the ‘accept’ and the ‘reject’ categories by providing the breakdown of feature riskiness. We also believe that at this point in time, machine learning will not eliminate the human intervention completely, however, we have evidence that machine learning is capable of setting patterns that humans simply cannot.

Europe is known for its tight data privacy laws. How will that impact your operations in the US, or will it?

In Europe, we have relatively tight data privacy standards, which forces us to build smarter software to predict fraud often using smaller data sets. Data is becoming the key to everything and finding ways to connect the data requires the smart use of machines in addition to human intervention. As we expand in the US the workable data volume will increase and, combined with our smart machines, should produce superior results.

The GDPR and PSD2 are two European laws that are currently changing and will require changes in the US merchant operations. Our European privacy experience is a key benefit for us in this matter and we can support US merchants operating internationally, also helped by the fact that merchant-to-merchant data sharing requirements are slightly looser in some cases in the US.

Looking towards the future, what changes and opportunities will the payments landscape bring for fraud prevention specialists?

The manner that people are ordering goods or doing transactions is changing – more mobile transactions, for example. This leads to several long-term challenges, especially predicting how the transactions will change and the required investment for both processing and fraud prevention. This shift in customer behaviour will also create more competition within not only the ecommerce merchants but also with the service providers and vendors as well. Behavioral analytics and biometrics will likely become more prevalent as “fingerprint” data, for example, yet not everyone will keep pace as the market shifts.

We see many merchants that have historically had a reliable and repeatable customer base – now many merchants are seeing sales comprised of more new customers that they are used to. This pattern follows the overall global trends, however, it doesn’t match many merchant trends, which only makes new customers more difficult to evaluate. Looking towards frictionless transactions, looking towards voice technologies like Amazon Echo and Alexa, we realize that the current fraud prevention methods should change. Vendors have to take into account that orders with less friction lead to a change of mechanism. The number of customers increases and this is truly challenging for fraud prevention specialists.

The types of transactions must be evaluated and properly considered by the merchant, and the technology vendors should also monitor the regulatory changes like GDPR or PSD2 and they should be able to consult their customers as well. Needless to say, ecommerce is a rapidly growing business, and so is the online fraud business, which has increased both opportunities and threats for merchants, technology vendors, and fraudsters alike.

About Dustin Clinard 

Prior to Risk Ident, Dustin has held senior leadership roles in the services, manufacturing, and engineering industries. At present, Dustin leads Risk Ident’s business expansion in the United States and is responsible for all US-based customers, products, and services. As Managing Director, he gets the best of both worlds – working with an all-star team and working on very interesting fraud problems.

About Risk Ident

Risk Ident is a software provider that offers leading anti-fraud solutions to large companies within the e-commerce, telecommunications and financial sector. The company specializes in writing scalable software products based on supervised machine learning algorithms. Uses cases include payment fraud, account takeovers, identity theft and fraud within consumer lending. RISK IDENT was founded in 2012 by Roberto Valerio. Key investor is Otto Group, Europe’s second largest ecommerce vendor. The company headquarters are in Hamburg, Germany.