The rapid growth of digital wallets from Google, Apple, Samsung, PayPal and Amazon, as well as payment applications, has ushered in new payment fraud threats to consumers and organizations. Digital payment fraud attacks are becoming increasingly sophisticated, thorough and devastating. Single ransomware attacks can cripple organizations, while fraudsters manage to move billions of dollars between bank accounts every day.
But according to PwC’s Global Economic Crime and Fraud Survey, 34 percent of respondents said their organization’s use of technology to combat fraud wasn’t effective because it was producing too many false positives on fraud alerts. Now more than ever, it’s critical – and more complex – to authenticate users.
Done right, the use of innovative technologies such as artificial intelligence techniques (machine learning and predictive analytics) to combat fraud is a viable and effective solution. Adopting these techniques allows organizations to protect their customers’ assets while reducing false positives – and the resulting customer friction. Unfortunately, most companies have yet to adopt them.
Payment Fraud in a Digital World
People, processes and technologies to address the emerging risks of online and mobile payments
Authenticating your customers
How can you certify a user’s identity without causing delay in the convenience consumers are seeking? The answer is stronger authentication, not more authentication. Here are four ways to strengthen your authentication defenses:
- 3D Secure authentication and security protocol, becoming more widely adopted by online merchants, helps protect online purchases made with debit and credit cards.
- One-time passwords generated from a standalone application, device or mobile phone strengthen the “what you know” element of authentication.
- Biometric security measures recognize something unique to the user, such as eyes, voice or fingerprint – to take the “what you have” dimension of authentication to a new level and prevent unauthorized access to mobile payment devices.
- Tokenization substitutes a sensitive data element in the transaction with a nonsensitive equivalent, a token that has no extrinsic or exploitable meaning or value.
Holistic customer views using data and intelligence across products and challenges are becoming essential to understand and combat varied fraud challenges. Diana Rothfuss Senior Product Marketing Manager, Fraud and Security Intelligence SAS
Fraud detection pays off
Given the extent of legacy systems in many organizations, implementing these new measures could be a difficult proposition. Fraud managers are very much aware of the need to balance fraud losses with customer experience and operational overhead. Business managers, on the other hand, often underestimate or fail to appreciate the fraud risks and become carried away with the excitement of a new product or service launch. The temptation in the rush to market is to remove or scale down some of the fraud controls.
While the financial costs, implementation time and changes may seem overwhelming, organizations must keep in mind that the reduction in fraud, plus operational and IT cost savings, will surely be worth the investment. The savings not only boosts shareholder value, but can also be reinvested into new products and offerings or other business initiatives.
For a typical enterprise, the goal should be threefold:
- Low fraud losses that are comparable to or better than your peers.
- A high level of customer service (frictionless access, rare false alerts).
- Optimal operational efficiency and effectiveness in fraud processing.
Steps to get you started
And here are four ways to help you fight back:
- Determine your organization’s fraud risk appetite. Once you articulate your objectives, you can set measurement criteria to monitor performance against them.
- Put the right people and policies in place. Teams require people who understand data and analytics but are also versed in investigative techniques and technologies. You also need fraud policies to set a minimum standard for the end-to-end fraud prevention process – including customer authentication and transaction monitoring.
- Get ahead of the regulators on authentication. Mandates for authentication were first put in place in India and Singapore, and the European Central Bank (ECB) is contemplating a requirement that all e-commerce transactions be authenticated.
- Implement strong anti-fraud tools and technology. Balancing your priorities – the best customer service, the lowest fraud rates among peer banks and optimal operational overhead – requires analytics-driven tools and technologies.
Payment providers are always seeking that optimal balance between reducing the false positives that can cause unnecessary customer friction and the false negatives that can lead to financial loss. Getting it right requires analytics – the predictive ability to detect anomalies that represent potential risks – while the customer is waiting.
- Proactive detection – A new approach to counter terrorTo counter terror, investigative teams can better utilize the data they already have by applying a fresh approach with these steps to proactive detection.
- Analytics for prescription drug monitoringPrescription drug monitoring programs (PDMPs) are a great start in combating abuse of prescription drugs, but they could be doing much more. Better data and analytics can inform better treatment protocols, provider education and policy decisions – and save lives.
- Situational awareness – ‘seeing’ your security gapsIn the past, financial services organizations and government agencies have looked at cybersecurity as an IT problem. Today we know that we have to look at it as a risk management problem. Situational awareness should be part of the broader risk management strategy because cybersecurity isn’t just an IT problem.