Transaction fraud accelerated when the pandemic spurred major growth in online sales. To understand how acquirers are managing this increasing risk, analysts at Finextra interviewed several executives to “take a pulse” on the industry’s appetite for real-time AI, data-rich fraud monitoring and various strategies being used. Each has their own perspective on what is needed, as reported in Finextra’s Seeking Approval: Acquirers vs. Transaction Fraud, released in October 2022. Industry experts from acquiring banks are calling for global scoring, more advanced AI, adaptive analytics, shared insights and more. Experts agree that rules-based fraud monitoring solutions are outgunned by the sophisticated fraud of recent years. Seeking Approval reports bankers believe integrated solutions that combine rules with AI and shared global data are key to an effective strategy. “There will be an inevitable increase in partnerships as the sharing of data becomes more and more pertinent, and with that the evolution of AI and ML as vehicles of new fraud prevention approaches and solutions,” the authors write. While acquirers recognize the need for a combined approach to detecting fraud, they are also mindful of providing a good user experience, such as quick approvals and not adding excessive friction to transactions. This blog summarizes the findings that reveal acquirers’ perceptions of how to detect transaction fraud and a glimpse at how these can be accomplished.
Understanding sophisticated fraud
Gone are the days worrying about hackers in internet cafes. Today’s fraudsters are “professionals” using sophisticated technology with access to large amounts of data, often purchased or sold on the dark web. Sophisticated software using AI algorithms make fraud attacks more difficult to detect. And, according to Finextra, global crime rings are working together, creating stronger units. With banks having stronger detection solutions and regulations like the PSD2 and Strong Customer Authentication (SCA), fraudsters are focusing on customer accounts. Vesa Suvila, Global Fraud expert at Nordea, sees customers being targeted in ID scams and through social media, putting their credentials at risk for misuse. Detecting the resultant fraud is more complicated.
Combining detection systems to stop transaction fraud
Various acquirers interviewed by Finextra reported using rules-based systems along with a machine learning scoring model. A combined approach makes sense to Diana Piller-Mayerhofer, Head of Card Security, Card Scheme Compliance and Anti-fraud Management, Card Complete Service Bank. “The key to the best transaction monitoring and fraud detection is a combination of rules-based, machine learning and people,” says Piller-Mayerhofer. Another approach is combined data from all the partners in the payments ecosystem. Dondi Black, Senior Vice President and Head of Product at Global Payments’ TSYS business says while it’s best to use their own data, they pool the intelligence and apply AI to drive better experiences and outcomes. “AI cannot just be fed and be powered by information that we [ourselves] may see as the ‘issue’ – it needs to be paired with other data attributes from other sources,” she says. A challenge becomes how to combine all these approaches while ensuring merchants can complete transactions quickly.
Can a secure payment system work without friction?
The online surge towards digitization during COVID-19 is likely a permanent shift in how retail and services conduct business. Since the beginning of the pandemic, Barclaycard Payments increased its focus on cash flow and settling merchant accounts as quickly as possible, including ensuring appropriate fraud management. “What the pandemic brought to life was the reality that many merchants, particularly those smaller in size, operate on fine margins and without the funds to leverage against lengthy settlement times,” says Linda Weston, MD, Head of Core Product for Barclaycard. As acquirers work to get payments to merchants more quickly, their fraud detection is pushed to ensure real-time decisions are reliable. With the almost instant evolution to online sales, restaurants had to set up online ordering and delivery while retail switched from brick-and-mortar stores to e-commerce. PSD2, SCA, and one-time passwords (OTP) verified secure payment processing. These cause more friction for shoppers, although thresholds can be reduced for low-risk transactions. Other screening methods include behavioral analysis, such as biometrics, that add security to the pre-authorization stage.
Global scoring data with regional insights
Finextra’s research revealed that managing and contextualizing data requires a multipronged approach, which varies between acquirers. Suvila says that as the largest bank in the Nordic region, Nordea can use consumer behavior from around the world, but international data isn’t reliable for a local scoring model where consumer needs and behaviors differ. “We can’t solely rely on scoring models based on AI,” he explains, adding that a fraud ring will change its approach between Sweden, Norway and Denmark. Nordea relies on local expertise to identify the differing trends combined with global scoring data. Piller-Mayerhofer believes that since e-commerce is global, fraud knowledge and databases need to be global, too. She agrees that it needs regionalization, but more importantly stresses that acquirers need to distinguish between AI and machine learning, emphasizing that ML is for automation and is not self-learning. What some consider AI is really just a simple ML algorithm that flags fraud based on what’s been fed into it. By pushing the rules of approvals and instant insights, acquirers are acutely aware of the need to provide real-time approvals that are accurate and return neither false declines nor let fraud slip by.
Shared data and collaboration could help
Fraud experts are interested in sharing data and insights amongst acquiring and issuing banks, perhaps through an industry-led consortium. As Piller-Mayerhofer says, a lot of collected data is used for marketing purposes, so why not for anti-fraud strategies? Suvila couldn’t agree more. “When it comes to banks, there are lots of limitations – we are banks based on trust and for good reason we are working in silos. At the same time, I think we could cooperate more. I think there would be room for cooperation like reporting various mule accounts.” Tall bill to fill – or is it? Seeking Approval: Acquirers vs. Transaction Fraud lays out a complex set of challenges and opportunities for expediting approvals while weeding out fraud. Global data versus regional to capture local trends. Shared data and collaboration as opposed to staying in one’s lane to protect the business and its customers. Reducing friction while introducing new regulatory measures like SCA and OTP. Market-ready Transaction Fraud Monitoring Trained on Mastercard’s anonymized and aggregated global transaction data, Brighterion’s new market-ready AI models recognize anomalous patterns from anywhere Mastercard conducts business. Brighterion’s AI is broadly experienced and continues learning from each transaction. Decisions are made in real time, updating the model with each transaction, whether local or from the global marketplace. “With a high throughput time of less than 10ms, we can score and return results instantaneously,” says Amyn Dhala, Chief Product Officer of Brighterion. “Well-trained AI models enable pattern recognition that make transaction decisions in the moment without high levels of friction or having to draw data from its own or other networks. “Low latency is critical for high-volume, high-speed, real-time transactions and analytics,” Dhala explains. “This level of training has enabled us to create market-ready models that go into full production in just a few weeks. The return on investment begins right away.” Global transaction data empowers fraud analysts while increasing approvals Imagine if transactions were screened at the preauthorization stage, preventing fraud before it moves through the various partners’ security filters. With Brighterion’s market-ready AI at the beginning of the payments flow, it supplements other partners’ detection solutions and prevents downstream charges. Fraud analysts are empowered to focus on major crime knowing that approvals and detection are both increased. For example, one large international acquirer using Brighterion’s market-ready AI increased fraud detection by 2.7 times and approval rates by 7.4 percent. Partnering to stay two steps ahead of sophisticated fraud With growing volumes of increasingly sophisticated transaction fraud, acquirers need prevention tools that scale with their quickly growing businesses while continuing to process large volumes without excess friction. They also want fraud detection solutions that incorporate shared regional and global data to be more robust and able to recognize new fraud trends. Market-ready AI models are more robust and experienced than any legacy AI solution. Informed by pattern recognition from Mastercard’s transaction intelligence, Brighterion AI provides innovative payment processing security that addresses these needs while reducing time to deploy. Download Finextra’s report Seeking Approval: Acquirers vs. Transaction Fraud to learn more about the priorities that are shaping acquirers’ anti-fraud strategies.