The rapid growth of digital wallets from Google, Apple, Samsung, PayPal and Amazon, as well as payment applications, has ushered in new payment fraud threats to consumers and organizations. Digital payment fraud attacks are becoming increasingly sophisticated, thorough and devastating. Single ransomware attacks can cripple organizations, while fraudsters manage to move billions of dollars between bank accounts every day.
But according to PwC’s Global Economic Crime and Fraud Survey, 34 percent of respondents said their organization’s use of technology to combat fraud wasn’t effective because it was producing too many false positives on fraud alerts. Now more than ever, it’s critical – and more complex – to authenticate users.
Done right, the use of innovative technologies such as artificial intelligence techniques (machine learning and predictive analytics) to combat fraud is a viable and effective solution. Adopting these techniques allows organizations to protect their customers’ assets while reducing false positives – and the resulting customer friction. Unfortunately, most companies have yet to adopt them.
Payments without borders
Cashless transaction fraud knows no borders. With digital payments completed in just a few seconds, there's less time than ever to monitor for fraud on transactions happening simultaneously across multiple channels and countries. To respond, financial institutions should adopt a comprehensive risk mitigation approach encompassing response, detection, prevention, assessment and management.
Authenticating your customers
How can you certify a user’s identity without causing delay in the convenience consumers are seeking? The answer is stronger authentication, not more authentication. Here are four ways to strengthen your authentication defenses:
- 3D Secure authentication and security protocol, becoming more widely adopted by online merchants, helps protect online purchases made with debit and credit cards.
- One-time passwords generated from a standalone application, device or mobile phone strengthen the “what you know” element of authentication.
- Biometric security measures recognize something unique to the user, such as eyes, voice or fingerprint – to take the “what you have” dimension of authentication to a new level and prevent unauthorized access to mobile payment devices.
- Tokenization substitutes a sensitive data element in the transaction with a nonsensitive equivalent, a token that has no extrinsic or exploitable meaning or value.
Holistic customer views using data and intelligence across products and challenges are becoming essential to understand and combat varied fraud challenges. Diana Rothfuss Senior Product Marketing Manager, Fraud and Security Intelligence SAS
Fraud detection pays off
Given the extent of legacy systems in many organizations, implementing these new measures could be a difficult proposition. Fraud managers are very much aware of the need to balance fraud losses with customer experience and operational overhead. Business managers, on the other hand, often underestimate or fail to appreciate the fraud risks and become carried away with the excitement of a new product or service launch. The temptation in the rush to market is to remove or scale down some of the fraud controls.
While the financial costs, implementation time and changes may seem overwhelming, organizations must keep in mind that the reduction in fraud, plus operational and IT cost savings, will surely be worth the investment. The savings not only boosts shareholder value, but can also be reinvested into new products and offerings or other business initiatives.
For a typical enterprise, the goal should be threefold:
- Low fraud losses that are comparable to or better than your peers.
- A high level of customer service (frictionless access, rare false alerts).
- Optimal operational efficiency and effectiveness in fraud processing.
Steps to get you started
And here are four ways to help you fight back:
- Determine your organization’s fraud risk appetite. Once you articulate your objectives, you can set measurement criteria to monitor performance against them.
- Put the right people and policies in place. Teams require people who understand data and analytics but are also versed in investigative techniques and technologies. You also need fraud policies to set a minimum standard for the end-to-end fraud prevention process – including customer authentication and transaction monitoring.
- Get ahead of the regulators on authentication. Mandates for authentication were first put in place in India and Singapore, and the European Central Bank (ECB) is contemplating a requirement that all e-commerce transactions be authenticated.
- Implement strong anti-fraud tools and technology. Balancing your priorities – the best customer service, the lowest fraud rates among peer banks and optimal operational overhead – requires analytics-driven tools and technologies.
Payment providers are always seeking that optimal balance between reducing the false positives that can cause unnecessary customer friction and the false negatives that can lead to financial loss. Getting it right requires analytics – the predictive ability to detect anomalies that represent potential risks – while the customer is waiting.
- Medicaid and benefit fraud in 2018 and beyondTo curb the growing amount of Medicaid and benefit fraud and improper payments, agencies and their commercial counterparts need fraud and abuse detection systems with data management and analysis that can keep up and even stay one step ahead.
- 6 ways big data analytics can improve insurance claims data processingWhy make analytics a part of your insurance claims data processing? Because adding analytics to the claims life cycle can deliver a measurable ROI.
- 20/20 vision of riskBanks need a holistic view of their data in order to accurately detect risk. They also must overcome the challenges associated with poor data quality and the "noise" generated by existing control systems. Laura Hutton, Director of Banking and Solutions at SAS, explains how technologies can improve a bank's visibility into operational risk.