There are new breeds of anti-fraud technologies that are available for networks today and that focus on the payment...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
fraud epidemic. These badly needed innovations allow organizations to not only detect and monitor fraud, but also stop it in its tracks.
The good news is that these anti-fraud and transaction analytics tools for banks, merchants and other high-transaction businesses alike begin to work almost before a transaction is ever made -- in less than 40 milliseconds. That's equivalent to the time it takes for sound to travel 20 feet. The area of advanced transaction analytics is perhaps the most promising of these technologies, and the emerging uses of analytics for fraud prevention is what we'll discuss in this tip.
Despite the exponential expansion of technology to support global electronic commerce, fraud rates have remained extremely high. Overseas transactions allow organizations little to no opportunity to perform enhanced authentications or validation for potentially high-risk transactions. Credit card companies are working hard to build new technology and replace the older Address Verification System with deeper analytical consumer authentication services. The fact that payment fraud is a global problem makes the fraud harder to mitigate, not easier, as one might think; not everyone in the world uses the same type of credit card, technology or even the same business models.
Emerging fraud prevention technology
New types of fraud prevention tools and technologies are being implemented to step up the verification process for validating or authenticating a transaction, because tried-and-true authentication methods like reaching out to customers personally are cost-prohibitive and result in lost sales and frustrated customers. Not to mention, in the world of high-volume transactions -- such as digital media downloads -- businesses don't have built-in time during the transaction to search far and wide for potential red flags.
Automated analytics can accelerate the authentication process of a transaction, and do it in the background without interrupting the user's experience or being intrusive in the transaction process. The technology relies on what's known as velocity checks: These are checks that analyze the user's online shopping habits, billing and shipping information, and other relevant data points. Because a velocity check has the ability to look at that information and compare it to not only a local data repository, but also a shared global intelligence network in near real time, it can give organizations the power to see odd changes, previously declined transactions or recent rapid use.
This information and accompanying analytics allow for the raising or lowering of confidence in that transaction. Then, based on the analysis and the business' risk tolerance, a decision can be made to authenticate the user's credentials, deny the transaction completely, or simply accept and allow the transaction.
The security and validity of a transaction can be further evaluated by other variables as well, such as the attempted purchase of certain products that are more often bought in fraudulent transactions, the transaction history of a particular credit card or IP address, a high volume of transactions taking advantage of extreme discounts, or other types of relevant velocity checks. Businesses tapping into these types of near-network-speed analytics can elect to do an out-of-band authentication on only the riskiest of transactions, or just outright reject a transaction completely.
The way forward: Implementation and strategy
Applying fraud-detection analytics as a security control can save both time and money, not only by preventing fraudulent credit card transactions, but also by helping to raise customer confidence. The card issuer mostly covers the costs for losses from counterfeit cards that occur at the point of sale, while the merchant losses occur mainly on card-not-present transactions through the Web or via mail order. According to fraud statistics, annual global losses are huge, so it is in everyone's best interest to put protections in place.
Employing the right fraud prevention technology today to protect your organization from online fraud will have an incredible return on investment now and well into the future. As chip-and-PIN technology comes to the United States, fraudsters will move their focus to e-commerce, and the subsequent losses from fraud will move from the card issuers to the merchants.
The number one action that companies need to take is to implement e-commerce transaction intelligence tools as soon as possible. Don't wait. The threat is increasing daily; the sooner technologies to prevent fraud are implemented, the sooner it can save you money. Common mistakes to look out for include setting too high a confidence threshold on the rules, which could cause an increase in the decline of legitimate transactions. Also, companies often fail to properly train staff to use the technology to analyze the system for trends. Be sure to set your rules to change during holiday seasons or sales to ensure you are not declining too many transactions and turning customers away.
Costs associated with the implementation of these anti-fraud technologies vary depending on your transaction volume as well as the number of transaction sources you need to protect. Make sure you evaluate the costs associated with chargebacks to ensure the technology you implement will provide you with an appropriate return on investment.
Doing the proper implementation, internal training and tuning of the technology will ensure you are able to protect your valued customers, your brand and your bottom line.
About the author:
David Nathans is a consultant on enterprise security programs development, security operation centers and other cybersecurity topics. A former CISO for a defense contractor, he has also worked as global security operations center manager for a major managed security service provider. Prior to that, he was a cyber-operations officer for the U.S. Air Force.