In the last several articles, we have covered numerous examples of how data can be leveraged in order to identify and monitor losses incurred by fraud. We also covered various data points associated with different fraudulent methods that occur at different points along the customer experience journey.
In this article, we will move on to the third step in the overall development process; Automation.
How does automating fraud prevention work?
In it’s most simple form, automating fraud prevention does exactly what you would think. It replaces manual review and analysis with software-driven analysis, resulting in higher volume and lower man hours. That being said, the majority of service providers you will encounter in this space have taken this simple concept and expanded on it by introducing different elements in the mix.
I’ve outlined the 2 common examples below
Expanded data sets
By now, I would expect that you have caught on to the overall value of data. Data provides clarity. The more data that is available to an analyst, the clearer the solution becomes.
Service providers know this and therefore work with the frameworks that I mentioned in the previous article. The most common sets of data are; Proprietary (in-house) data, Merchant network data, and global data.
In addition to simply automating the processes developed by fraud prevention agents, service providers also seek to expand their own data sources, allowing their clients / customers the ability to access and cross-reference data from all over the world.
Analytics are ran on these various sets of information and result in the identification of emerging trends (such as the friendly fraud spike of 2020/2021), new methods (such as the rise of ATO’s), and more.
Machine Learning (ML) / Artificial Intelligence (AI)
How might expansive data and process automation be improved? The answer is AI/ML.
By introducing a third dimension of automation into the mix, service providers effectively link historical data and current processes with a new set of data, sprung forth by the operation itself.
As the software runs and performance is monitored, these flows are documented and analyzed, which allows for fluid changes to be made in the determination process that they handle. This is the answer to the insufficiency reported by “rules-based” systems of the past.
There is new technology being developed all the time that introduces new and exciting ways to mitigate and prevent fraud.
Now, let’s focus on how these solution tie into your operation and how to decide what you need.
What fraud prevention solution is right for me?
The one with the best marketing campaign and coolest logo, right? No.
Everything that we have gone over in this series of articles will help in providing you with an answer that relates directly to the needs of your operation.
Identifying Vulnerabilities
During the first step, we identified the various processes in an operation that a fraudster might target. Transactions, requests for changes to established accounts, shipping address adjustments, assigning authorized users to accounts, taking advantage of billing cycles or deferred payment arrangements, …the list goes on.
Data and Monitoring
Next, we implemented data and monitoring with the intention of identifying the various ways that a fraudster might be attacking the operation. From the moment a user first interacts with your site or app, all the way to the resolution of a potential chargeback, the data is there. We need only to monitor it and it will reveal what processes need to implemented.
Keep in mind that this process will be continually evolving as operations continue.
Marketing campaigns that expand the footprint of a brand are not limited to good customers. A successful campaign will also perk up the ears of fraudsters.
As the data shows new methods breaking through the defenses, new processes must be employed.
Losses -> Budget
Finally, the tracking of the overall affect of fraud, cost of man hours and limitations of manual analysis will provide you with the cost of handling fraud in-house. This amount will be different for everyone, but should provide an objective picture of the cost of fraud in a system.
This is where the research begins.
A Theoretical Case Study
A quick search on google and you will be quick to realize that there are countless service providers who appear as results for the term “Fraud Prevention”.
Let’s look at an example of how a company might automate an in-house fraud prevention strategy for an e-commerce merchant, dealing with age-restricted products. For this example, let’s think about the Vape industry.
The components of the Customer Experience Journey are:
Account Creation -> Cart Building -> Checkout a: Age Verification -> Checkout B: Payment -> Shipment -> Delivery -> Chargeback Potential.
The fraud prevention processes are:
ID Validation -> Transaction Analysis (leveraging in-house data) -> Social Engineering Prevention (via Customer Service) -> Chargeback Representment Processing
The merchant could spend hours and hours hearing about the various ways that a service might be leveraged in their sales flow. Device fingerprinting could be leveraged from the moment a user lands on the page. The log-in could be reinforced with biometrics. The verification of the ID could be done against a global data lake that cross references real ID information against the image using Optical Character Recognition. Payment information could be verified across a merchant network to verify this purchase against the history of the account to find similarities. The prevention of social engineering could be automated through the use of expansive Personal Identity Information (PII). Finally, the chargebacks could be handled and automated by a company that has relationships with processors and touts high success rates for their representment cases.
Each and every statement above is accurate and valuable. However, not every one is necessary for each and every strategy.
Consider the pieces of data that are being leveraged at each touchpoint and it will be clear that expansive PII can be utilized to support the preventative measures at each step.
For this isolated example, a single service provider could:
- Associate an IP Address and geolocation for a user that accesses the website/ app.
- Associate historic data relevant to information provided during the account creation process
- Verify the ID against historical data (with a quick reference for security features used state-by-state
- Support the accurate determinations resulting from requests made to the customer service team, effectively reducing the exposure to social engineering
- Support the creation of winning chargeback representments for Friendly Fraud by leveraging social media information
In addition to identifying a service provider that meets your needs, there are extremely strategic partnerships that have been established in order to provide a holistic approach to fraud prevention. These partnerships allow for merchants to have access to many aspects of fraud prevention without the high costs that come with piecing two or three providers.
In this series:
Part 1: How to Create a Card Not Present Payment Processing Strategy
Part 2: How Fraud Analysts Can Review E-commerce Transactions Accurately
Part 3: How to Create an Omnichannel Fraud Prevention Strategy
Part 4: How to Use a Data Lake in your Card Not Present Fraud Prevention Strategy
This article has been contributed by Alex Hall, a former fraudster who spent ten years successfully operating in the Las Vegas fraud scene. Today, he is the Principal at Dispute Defense Consulting, a Full-Spectrum Fraud Mitigation Consulting agency, with an aim to assist merchants to build a comprehensive defense against fraud throughout many aspects of their system.