When I started out, the technical barrier to entry for fraudsters was high. Flash forward to today and there are avenues to commit fraud that require no technical know-how – fraudsters don’t even need to get on the dark net and buy credentials. Granted, that means a lot of green fraudsters rather than criminal masterminds, but the story for a lot of merchants is death by a thousand cuts: plenty of minor actors doing bad things that add up to a major problem.
The rationalisation for committing fraud has changed too. If someone knows they can claim they didn’t make a purchase and the bank won’t ask any questions, then it may become the norm. That moral grey zone combined with financial hardship makes it easier for people to digest getting involved with friendly fraud.
Firstly, they are talking about fraud prevention. Some organisations that never had a dedicated fraud team before built one in the last decade. Previously, in some instances even the existing fraud teams didn’t really interact with the broader organisation.
Currently, we are seeing that most work closely with customer service, digital experience, payments, treasury, IT, and security to manage risk. As well as being confined to one team, the information those teams had access to was historically siloed to their own business.
Today, merchants are using external resources to broaden their perspective and stay informed. That might be third-party providers, networking events, trade associations, consultancies, or peers they have good working relationships with.
Firstly, we need to make the clear distinction between AI and ML, as many confuse the two and wrongfully tag something as AI when they really mean ML. Similarly, people who five years ago called something ML were talking about predictive model indices. However, ML will be the future of both fraud and fraud prevention. Artificial intelligence encompasses the idea of a machine that can eventually mimic human intelligence, whereas the process of machine learning implies teaching a machine how to perform a certain task and provide accurate results by identifying patterns.
The days of someone writing a script and leaving it unattended are over. Even rule sets are largely legacy technology today. Now, a merchant needs a robust solution that is managed constantly. Within the next five years, we can expect to see ML models fighting other ML models in the fraud space, with people acting as their caretakers.
The biggest challenge is convincing an organisation that change is worth the investment, especially when the potential ROI is speculative.
Another one is balancing risk and the customer experience while making sure the size of the hammer fits the nail you’re striking at. Many of the merchant teams we work with wouldn’t even want a customer to know that something had changed in their payment flow. But there are times when they must ask for additional information, so it is extremely important that merchants understand the utility of each data point they are collecting to be able to propose friction-reducing initiatives too.
One is getting an idea of others’ KPIs within the industry, and whether you fall within them. People often talk at conferences about KPIs that seem too high to me, but that they have accepted as a cost of doing business.
The second is planning for the future. If you’re hearing about new fraud attacks and thinking about your own infrastructure, would you have confidence that your systems could mitigate the same attack, or at least know it was happening? Chargebacks are easy to see – the networks will flag those to you – but with some fraud types you may not know you have a problem until you turn over the right rock.
Firstly, identify your unique fraud environment and work with your partners to target it. When I worked in telecoms, the main attack vectors for fraud were ID fraud and business fraud. In contrast, in the quick service restaurant (QSR) sector, it was primarily related to USD 25 gift cards. Those are two entirely different fraud worlds to operate in.
Then, you need to assess how your tools relate to those use cases. Many vendors out there are very eager to hear merchant feedback about their products and willing to add things to their roadmaps. If their incentives are not aligned with your own approach, then it’s time to work with them more closely.
Finally, don’t forget that every ‘thank you’ to an AI assistant keeps SkyNet at bay for another month.
This editorial piece was first published in The Paypers' Fraud Prevention in Ecommerce Report 2024-2025, the ultimate source of knowledge that taps into the ever-evolving fraud realm and helps ecommerce specialists protect their businesses with the latest fraud prevention strategies.
Justin Staskiewicz, CMSPI’s Director of Fraud Solutions, brings over a decade of expertise in fraud prevention and leadership in payment acceptance and fraud solutions for global merchants. His experience spans a wide range of industries, from small-ticket and quick-service restaurants to large telecommunications companies. Justin’s extensive background includes a variety of merchant applications and fraud prevention categories across global markets, digital experiences, franchisee models, and retail environments.
CMSPI partners with hundreds of Global 500 merchants to save them millions every year. Leveraging the combination of specialist expertise and the CMSPI Platform, CMSPI helps merchants harness the power of data to maximise payments supply chain performance and increase the profitability of every transaction. CMSPI delivers Smarter Payments Intelligence that keeps merchants ahead of the curve.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now