Strengthen your payment fraud defenses with stronger authentication
Diana Rothfuss, Senior Product Marketing Manager, SAS Fraud and Security Intelligence Practice
The rapid growth of digital wallets from Google, Apple, Samsung, PayPal and Amazon, as well as payment applications, has ushered in new payment fraud threats to consumers and organizations. Digital payment fraud attacks are becoming increasingly sophisticated, thorough and devastating. Single ransomware attacks can cripple organizations, while fraudsters manage to move billions of dollars between bank accounts every day.
Done right, the use of innovative technologies such as artificial intelligence techniques (machine learning and predictive analytics) to combat fraud is a viable and effective solution. Adopting these techniques allows organizations to protect their customers’ assets while reducing false positives – and the resulting customer friction. Unfortunately, most companies have yet to adopt them.
One method that's more important than ever for fraud prevention – and more complex – involves authenticating users.
Payments without borders
Cashless transaction fraud knows no borders. With digital payments completed in just a few seconds, there's less time than ever to monitor for fraud on transactions happening simultaneously across multiple channels and countries. To respond, financial institutions should adopt a comprehensive risk mitigation approach encompassing response, detection, prevention, assessment and management.
Authenticating your customers
How can you certify a user’s identity without causing delay in the convenience consumers are seeking? The answer is stronger authentication, not more authentication. Here are four ways to strengthen your authentication defenses:
- 3D Secure authentication and security protocol, becoming more widely adopted by online merchants, helps protect online purchases made with debit and credit cards.
- One-time passwords generated from a standalone application, device or mobile phone strengthen the “what you know” element of authentication.
- Biometric security measures recognize something unique to the user, such as eyes, voice or fingerprint – to take the “what you have” dimension of authentication to a new level and prevent unauthorized access to mobile payment devices.
- Tokenization substitutes a sensitive data element in the transaction with a nonsensitive equivalent, a token that has no extrinsic or exploitable meaning or value.
Holistic customer views using data and intelligence across products and challenges are becoming essential to understand and combat varied fraud challenges. Diana Rothfuss Senior Product Marketing Manager, Fraud and Security Intelligence SAS
Fraud detection pays off
Given the extent of legacy systems in many organizations, implementing these new measures could be a difficult proposition. Fraud managers are very much aware of the need to balance fraud losses with customer experience and operational overhead. Business managers, on the other hand, often underestimate or fail to appreciate the fraud risks and become carried away with the excitement of a new product or service launch. The temptation in the rush to market is to remove or scale down some of the fraud controls.
While the financial costs, implementation time and changes may seem overwhelming, organizations must keep in mind that the reduction in fraud, plus operational and IT cost savings, will surely be worth the investment. The savings not only boosts shareholder value, but can also be reinvested into new products and offerings or other business initiatives.
For a typical enterprise, the goal should be threefold:
- Low fraud losses that are comparable to or better than your peers.
- A high level of customer service (frictionless access, rare false alerts).
- Optimal operational efficiency and effectiveness in fraud processing.
Steps to get you started
And here are four ways to help you fight back:
- Determine your organization’s fraud risk appetite. Once you articulate your objectives, you can set measurement criteria to monitor performance against them.
- Put the right people and policies in place. Teams require people who understand data and analytics but are also versed in investigative techniques and technologies. You also need fraud policies to set a minimum standard for the end-to-end fraud prevention process – including customer authentication and transaction monitoring.
- Get ahead of the regulators on authentication. Mandates for authentication were first put in place in India and Singapore, and the European Central Bank (ECB) is contemplating a requirement that all e-commerce transactions be authenticated.
- Implement strong anti-fraud tools and technology. Balancing your priorities – the best customer service, the lowest fraud rates among peer banks and optimal operational overhead – requires analytics-driven tools and technologies.
Payment providers are always seeking that optimal balance between reducing the false positives that can cause unnecessary customer friction and the false negatives that can lead to financial loss. Getting it right requires analytics – the predictive ability to detect anomalies that represent potential risks – while the customer is waiting.
Recommended reading
- Know your blind spots in tax fraud preventionTax agencies sometimes miss fraud that's happening right under their noses – despite robust external fraud prevention efforts. Find out where traditional tax fraud prevention and detection efforts fall short, and how analytics can change that.
- Uncover hidden financial crime riskEscalating threats call for a financial crime risk framework that uses powerful, visual, interactive techniques to proactively identify hidden risks.
- 5 steps to sustainable GDPR complianceFollow these steps to achieve GDPR compliance by the May 2018 deadline – and get added benefits along the way.
Ready to subscribe to Insights now?