Other parts of this series:
In the previous blog in this series, we looked at the challenge of authentication as it relates to Card Not Present (CNP) fraud. The detection of fraud is a closely related challenge facing merchants and issuers.
Most fraud detection solutions combine a range of data components to form a connected view of both genuine and fraudulent payments to decide on the likelihood of a transaction being fraudulent. Increasingly, this view should consider IP address, geolocation, device identification, “BIN” data, global latitude/longitude, historic transaction patterns and the actual transaction information. In practice this means that merchants and issuers deploy analytically-based responses which use internal and external data to apply a set of business rules or analytical algorithms to detect fraud. Leading organizations are using machine learning and moving away from business rules to improve fraud detection and reduce customer friction.
Where rules are used, it is common for them to be combined – as solutions typically have a limit on the number of business rules — which can lead to a dependency on a small team of experts who can maintain the complex rules. Each rule should have specific parameters, and each parameter a value. This allows the rule to be modified quickly without re-writing the business rule code.
Issuers assess fraud risk at the point of authorizing the payment, typically after authentication and validation of available funds, with merchants applying after the issuer has authorized the payment.
Merchants can sequence their fraud assessment anywhere in the customer journey, with most traditional merchants choosing to assess fraud risks after checkout and before goods leave the premises. Real-time delivery merchants (those selling content, downloads and the like) assess fraud risks at check-out. The value of the goods to the merchant, chargeback fees and risk of suspension and/or termination (typically where fraud is greater than one percent of turnover) are important factors in deciding what transactions should or should not be screened for fraud.
Good results can be achieved from business rules if rule values are changed intraday in response to real-time fraud outcomes and genuine spending patterns. For example, leading organizations who are unable to move from business rules can use machine learning to review rule values at the individual merchant or customer segment level two to three times per day in response to genuine spend and fraud patterns.
Rule parameters, segmentation, or new rules, should be refreshed in response to changing fraud attack over time and are usually tested retrospectively before deployment to evaluate effectiveness. Effectiveness is usually assessed in terms of false positives (alerts which are falsely raised) and false negatives (the frauds which are missed). For lower value CNP transactions (typically less than $300) false positives of 10% – 25% are common. The “right effectiveness” is determined by balancing competing factors including:
Increasing profitable growth
- Confidently entering new markets
- Confidently launching new products
- Winning new customers and retaining existing customers
Improving operational efficiency
- Driving operational synergies across products or gaining a single view of the client
- Enhancing alignment of people, process and IT
- Equipping teams with multi-faceted skills required to counter the dynamic nature of fraud
Increasing fraud prevention
- Responding in real time to accelerating fraud threats
- Unifying legacy platforms for a holistic point of view on fraud risk
- Effectively detecting and countering advanced schemes
Enhancing the customer experience
- Lowering false positive alerts
- Competing to protect the customer
- Delivering an automated, consistent fraud risk prevention experience
The new generation of fraud analytics tools and approaches can ingest every kind of signal from a range of data components, no matter the channel or the use case. In the next blog in this series, we will look at the use of machine learning and the move away from business rules to improve fraud outcomes.