Experts from Featurespace, TSYS a Global Payments Company, Mastercard, and Worldpay from FIS share their predictions for future fraud and money laundering typologies
Scaling for value added services
In part three of this blog series, our experts explained the technology requirements for a fraud and financial crime solution to underpin value added services.
- Dave Excell, Founder at Featurespace
- Dondi Black, SVP, Chief Product Officer at TSYS
- Liam Cooney, Vice President at Mastercard
- Mina Khattak, Director, Crypto & Emerging Business, Worldpay from FIS
In part four, these payments powerhouses offer their insights into emerging risk trends in payments.
Excell: “What I find fascinating about fraud and financial crime is it’s constantly changing and evolving, and it’s really interesting in in the view that a lot of us have to see how those patterns shift from different geographies. Our experts represent different viewpoints into the ecosystem, issuing, acquiring and networks, and bring interesting perspectives on the nature of fraud and financial crime typologies.”
Adaptive Behavioral Analytics to combat ATO and scams
Black: “We’re seeing an increase in account takeover fraud (ATO) and we’re seeing a lot of synthetic identity as well. With real time payments, when you think about the by-product of that when all latency is removed: what’s the risk that remains? And the risk that remains is authentication. Is this person, really this person? Is it a real person? Conducting this authentication one of the things that we see certainly emerging is a lot of a lot of synthetic identity. A lot of the scams that are being perpetuated are being perpetuated to gather the information that is assembled into a synthetic identity.
Those are some of the areas that we’re certainly watching very closely. There’s not a one-size-fits-all, there never is and nobody finds the silver bullet, much as we would like to be the ones selling that silver bullet to solve all of their broader risk. There’s always a layered approach that is common, but I think the other thing that we’re talking with our clients about is, as we’ve seen new form factors emerge and new channels open up, how can they protect all of them?
The beauty, the benefit of those Adaptive Behavioural Analytics in real time is that you can actually start to pull back and start to displace some of those layered tools that you have invested in. None of us have enough capital to do everything we want to do, but this is a space that’s changing and adapting really, really quickly. And so we have to think really, smartly about how we make these investments. And so for our clients, I think we’re going to continue to see a drive and need to invest in this kind of innovation, in this kind of technology because there’s not only the better experience – it removes friction from the customer experience – but there’s also the added benefits in terms of operating efficiency. Think about it from a margin perspective: there’s the revenue gain from additional transactions, but then there’s also incredible tangible direct benefits in terms of efficiency.”
Strong Customer Authentication and Regulation
Khattak: “ATO is quite popular, and a second trend is card testing. Card testing is when a third-party actor will acquire a set of card details and test those cards to see which ones are still. Either by making small value purchases where the actual cardholder won’t notice or detect that payment, or by just simple authentications. We’ve seen that happen quite a bit in the past five years. In regions where there’s less regulatory protection, they tend to proliferate.
ATO is trending where you as a consumer can have your details saved on a particular platform. Your name, your billing address, your card details, and that account gets hacked, and the hacker will try to make fraudulent transactions assumed to be you. What we’ve seen is in regions that have where there’s regulatory protection and implement 3D Secure (3DS), like the UK and Europe, those rates are starting to lower. A cardholder will authenticate the transaction through a combination of something you are (inherence), something you know (knowledge), or something you have (possession). The issuing bank is a lot more confident that it is indeed you who is making the transaction.”
Scams targeting the weakest link
Cooney: ” ATO is a challenge, it’s tried, it’s tested, it works, But I feel more confident and comfortable that there are technologies out there today that can help address that issue. Through the interaction of Adaptive Behavioural Analytics and biometrics banks can effectively protect their channel and keep the bad actors out.
What’s the next trend that we need to worry about? What keeps me up at night, it’s scams. The reason being as more banks and service providers think about these capabilities, it’s going to shift the focus onto the next weakest point in the payments value chain, which is the consumer and the individual making the payment. And it’s a big game changer. Because with ATO the first line of defence is the financial institution or the service provider. And you can implement a strategy and it’s applicable across your entire portfolio. However, that’s really difficult when you’re trying to across consumers. And so, the first line of defence, if it’s with a consumer, is education. But it’s not a solve.
I do think that there’s room for improvement and applying technologies to help towards some of these attacks, such as building signals that indicate a consumer is on an active phone call while initiating a high value payment to a new beneficiary account. I think there’s more that can be done with the existing technologies.
How do we leverage consortium and network intelligence to develop machine learning based models that can detect those anomalous behaviours? We have really good success at doing that in leveraging some of the intelligence that we see in operating real time payment systems and across our card network to drive results. Like finding an incremental 50% of fraud that an FI can’t see with their own individual data.
Those are the things that I think keep me up at night, at the end of the day, scams impact all of us because we’re all consumers. We all have family and friends that have been either attacked or become victims of scams, and it is not going away. It’s on all of us as these industry professionals to start doing more, start collaborating more, because if we don’t the reality is the regulator, the media, the politicians are all going to force us to.”
Game changing real time analytics
Excell: “There’s been security deployed in terms of cards and payments, all the way from 3DS to EMV. All of these types of things that have actually improved the security of the mechanism, which has pushed fraudsters into other areas. And the amount of investment fraudsters will put into scams is huge. A lot of very individualized attacks against certain people to be able to go through. This is where we see the role of machine: learning and being able to identify fraud and keep ahead of the fraudsters, because the criminals are definitely investing in technology, and they have a lot of data to work from.
Black: “There’s no question about the role of machine learning. The reality is we talked about data, and we talked about technology, and it really comes down to the ability of an ecosystem player like TSYS, to bring together the issuer and the acquirer data. And to feed those models in real time. I think that’s really where the magic is going to happen.
I’ve been in this industry for 30 years and there’s been this promise of being able to pull this information together in real time and adapt it in a meaningful way, or to remove friction and push the right amount of friction at the right time, with the right context. And I really feel like we’re there. We’re seeing that actually start to be deployed, start to be adapted. We are seeing issuers as clients.
Now that we’re moving to the cloud and allowing them to actually do some of their own configuration we’re seeing some really creative use cases with our clients, where they’re looking at taking what they have proven out as they’ve embedded Foresight into their transaction fraud scenario. But they’re looking beyond that to say, identify other segments where this could be plugged in and leveraged in a dynamic way. We’re starting to see all of that value rise to the surface.
Are there other applications within other segments which we could be deploying this and embedding it? I think at the end of the day it’s pulling in all of that ecosystem of data, looking at the issuer, and the acquirer, and the channel data that’s coming in and then acting upon that. The real time Adaptive Behavioural Analytics really is a game changer. Certainly, we’re seeing that play out globally, and I know our clients would say the same thing.”