As we make more cashless payments for retail purchases, restaurants, and transportation – not to mention the increase in online shopping – wallets loaded with legal tender may become a thing of the past. According to 2018 research by BigCommerce, software vendor and Square payment processing solution provider, 51 percent of Americans think that online shopping is the best option. Last year, 1.66 billion people worldwide bought goods online. And the number of digital buyers is expected to exceed 2.14 billion.
Unfortunately, growing sales may mean not only greater revenue but also bigger losses due to fraud. For instance, 63 percent of businesses that participated in the 2018 Global Fraud and Identity Report by Experian claim to have the same or higher levels of such losses over the last year.
Businesses and fraud losses
Having insufficient control over operations is like letting some customers pay for goods and services with colorful paper notes instead of cash or valid cards. That’s not the best way to run a business, right?
Businesses take measures to protect themselves from scammers. To make their anti-fraud strategy efficient, organizations must ensure they accept legitimate transactions only and provide instant user authentication. Once these operations are organized, you can achieve frictionless customer experience while minimizing the risk of fraud-related losses.
A fraud detection and prevention system is the core of any fraud risk management strategy. Teams choose software with functionality that works best for their workflow and business needs in general.
In our whitepaper on fraud detection, we compared machine learning-based systems with rule-based ones and described how ML-based solutions help prevent and identify fraudulent activity across several industries.
For this article, we contacted specialists from NoFraud and SAS to discuss the purposes and capabilities of anti-fraud software and get their advice on the solution choice. The final section of the article contains descriptions of several solutions available on the market.
What does ML-based software do?
Fraud detection software monitors transactions and assigns risk scores to each of them. Transactions with attributes that don’t deviate from the norm are allowed for processing. If even one transaction detail indicates suspicious activity, the system automatically halts or denies it, and sends an alert to the user. Many of these systems use both rules (that users can edit) and machine learning techniques to achieve higher efficiency.
Real-time transaction screening and review automation. Fraud detection solutions with ML capabilities constantly monitor incoming data. Real-time data processing also means that employees no longer need to review most of the orders themselves. “Some companies expend massive amounts of resources reviewing transactions for fraud manually. They employ large teams of employees dedicated to this task. An ML-based fraud detection solution can drastically reduce or even eliminate the overhead related to manual fraud review,” notes business development executive at NoFraud Shoshanah Posner.
That’s a game-changer for customer experience, cost control, and operations efficiency, considering that 89 percent of orders that North American businesses reviewed manually turned out to be legitimate. Usually, a few percents of transactions require analysts’ evaluation.
Key benefits of automated fraud detection
Deep insights on user behavior. Unlike rule-based systems, these tools spot implicit correlations between user behavior and the possibility of fraud and abuse. ML-based systems are capable of learning from streaming data and adapting to emerging fraud patterns, while rule-based systems require analysts to specify new fraud scenarios.
False positives reduction. Imagine you’re on vacation in another city thousands of miles away from your hometown. You want to treat yourself to sightseeing, dining, and shopping. But you tried to pay for a purchase, the transaction was declined, and your card was blocked. On the one hand, we see a bank’s fraud prevention system in action: The bank needs to ensure your funds are not misused. On the other hand, the system is too straightforward in its transaction analysis.
The problem of false positives – declined legitimate transactions – is relevant even for software using machine learning. The key to accuracy in fraud detection is to assess every transaction in the broad context, going beyond location and transaction amount. For example, data scientists from MIT found the approach to reduce false positive forecasts with automated feature engineering. This method entails extracting more than 200 detailed features – behavior patterns – for each transaction. Efficient fraud protection solutions analyze hundreds of indicators like historical data on user buying habits and current transaction details, use device fingerprinting to provide as accurate predictions on order outcomes as possible.
Real-time operations tracking and reporting. Fraud detection software includes dashboards, so customers can monitor their key performance indicators in real time, for instance, track orders and learn about their status (approved or declined) and additional information like payment method, location, channel, etc. Reporting capabilities usually include daily, weekly, or monthly reports on suspicious activity or a total number of transactions. Investigation teams may use visualizations of fraud patterns to better understand interconnections between user behavior and fraud attempts.
How to choose fraud detection software?
Before we talk about the products available on the market, let’s discuss what features and characteristics you should consider when selecting a fraud detection solution for your business.
It’s crucial to evaluate whether you plan to completely rely on a fraud detection solution or will have a team of fraud analysts that will use software to streamline their work.
“The first question to ask is whether a company wants to completely outsource their fraud prevention, or use an ML-based tool that needs to be managed in-house. The latter option should be chosen only if the company has the resources and expertise to manage the rule set and conduct a manual review when necessary,” explains Shoshanah Posner from NoFraud.
Comprehensiveness and self-learning capability
You never know what approach to stealing fraudsters may use in a particular case. That’s why a fraud detection system must be versatile, thinks SAS’s head of fraud and security intelligence Alexey Konyaev:
“The record shows that today’s systems should not be tailored to identify one specific type of fraud, because this is not efficient enough and may only protect the organization from hooligans and young self-taught hackers. The cybersecurity system should be comprehensive to cover all information systems within the organization without a single exception, should be universal to be able to handle all types of data and highly-performing to process massive data flows.”
The system should be able to automatically learn from data to detect not only well-known but also new types of fraud and cyber threats, adds the specialist.
Multiple protection layers
Fraud analyst Avivah Litan from Gartner Group has suggested a five-layer approach to fraud detection and prevention. Each of the levels represents a specific type of customer activity and behavior:
- Level 1 is endpoint-centric and includes user authentication, the device they are using for the transaction, as well as geolocation.
- Level 2 is navigation-centric, which means that customer behavior during a particular session is analyzed for anomalies.
- Level 3, or channel-centric, considers analyzing account activity for anomalies.
- Level 4 is cross-product, cross-channel, and entails monitoring entity behavior across channels and bank products.
- Level 5 – entity link analysis – is about evaluating connections between various users or transactions.
Five-level approach to fraud protection described by Avivah Litan from Gartner Group
Gartner defines systems that support all activity layers as enterprise fraud management (EFM) software. So, one of the options to evaluate a product is to learn about the layers of fraud protection it considers for the analysis.
Integration and deployment
You should also learn about average deployment time and ease of deployment. Some websites have discussion sections (e.g. Gartner Peer Insights) where users share their feedback on the software and some are review sites themselves (e.g. Capterra, G2crowd, and FinancesOnline). Make sure to check the reviews to learn more about deployment pitfalls and common issues. Another factor to consider is integration. For instance, if you run an online store, ensure that a solution is compatible with your eCommerce platform.
Compliance with security standards
In the article for TechTarget, Ed Tittel suggests readers check whether solutions comply with their organization’s requirements for data security: “Keep a list of the organization’s compliance requirements handy when vetting web fraud detection systems and ask each vendor on the short list to provide documentation that indicates the product’s compliance support.”
For instance, those who accept card payments have to ensure that solutions meet the PCI Standard. Since most of the organizations and businesses deal with customers’ private information, solutions must comply with the Gramm-Leach-Bliley Act (GLB Act or GLBA) and/or GDPR. Have a look at our article with advice on how to comply with GDPR if you work in the travel industry.
Fraud detection software providers suggest various pricing models. Some vendors have a number of fixed subscription plans; others allow for flexible pricing that depends on business size and industry, annual sales volume, etc. Providers may also charge per transaction only. Generally, companies share pricing information on request.
Shoshanah Posner from NoFraud notes that the price for ML-based software depends on the level of support one expects from the software. “Fraud screening tools are less expensive than full-service fraud tools upfront. However, a company needs to consider their overall cost of fraud: With a full-service fraud tool, a company doesn’t need to maintain an in-house fraud prevention team, which can often cost more than a full-service solution.”
Make sure you’ll be able to easily reach a software provider if you have difficulties managing a product or want to ask more questions.
Shoshanah Posner recommends asking a vendor about the onboarding process and service level agreement to understand what kind of technical support a customer should expect from a provider: when customer care specialists are available, how to contact them and report problems, what the average response time is, under what circumstances the services aren’t provided, and other conditions.
Infographics, surveys, articles on the fraud detection field, video tutorials, and a frequently-asked-question section may also help customers use a software to its full potential and keep current with industry trends.
Approval rates and false positive handling
It would be useful to understand how a solution validates transactions. Also, find out how the vendor team and software handles cases of false declines from clients that surely are legitimate.
“For a full-service tool, some good questions to ask are: Do you offer in-house review component? How does the service guarantee an optimal approval rate? What does that look like? What if the solution declines an order I think is valid? How do I challenge a decline? Can you provide some case studies of real results?” Shoshanah advises.
Support for mobile use cases
People shop more and more using mobile devices. For example, 210 million customers bought retail goods via mobile devices in 2012. This figure is projected to exceed 1 billion this year. And mCommerce fraud is another pain point for businesses.
According to the 2018 True Cost of Fraud Study by LexisNexis Risk Solutions, mCommerce merchants selling digital goods are under greater fire than retailers selling physical goods only or those without mobile sales support. Every $1 of fraud costs these merchants an average of $3.29, which is 24 percent more than last year. Midsize or large retailers that sell only physical goods lose less ($2.78) and those businesses that don’t support mobile channels ($2.30–$2.54). So, our advice is to make sure solutions also track activity from the mobile channel using multi-layer user authentication with device identification, for example.
Fraud detection software solutions overview
Now let’s take a look at several fraud detection systems available on the market. While some of them are designed solely for eCommerce, others work across industries.
NoFraud: machine learning and human intelligence to protect online merchants
NoFraud is an eCommerce fraud prevention system that combines machine learning and human intelligence. The tool screens transactions in real time using advanced machine learning algorithms, allowing merchants to concentrate on their primary tasks and goals – fulfilling orders, interacting with customers, and expanding their business in general. Only high-risk and questionable transactions are selected for a manual review by the NoFraud team. In these cases, specialists reach out to a cardholder to confirm the legitimacy of a transaction. “The review begins as soon as the transaction occurs and is completed once the cardholder responds. Reviews can take as short as a few minutes but can take longer, depending on how fast the cardholder responds back to NoFraud,” specifies Shoshanah Posner.