As payment channels evolve, not only do Financial Institutions (FIs) continue to fight the growing threat of electronic payments fraud, they also face a growing variation of fraud techniques across multiple channels.
New mobile payment systems, such as Apple Pay, provide consumers with extreme convenience by allowing them to pay retailers directly with their phones, but they also open banks up to a new channel of fraud exposure from which they have to protect customers.
As the market progresses, electronic payment fraud is becoming more sophisticated and widespread, with criminals frequently using multiple channels and payment methods concurrently to attack a customer’s accounts. As a result, traditional methods of identifying suspicious activity are no longer adequately protecting institutions and their customers.
To most effectively combat electronic fraud, a holistic approach to fraud management must be in place, including the following strategies:
Crunch the data
Data is an extremely effective tool when looking to combat payment fraud. Transactional, institutional and customer data needs to be collected and analysed to help identify fraudulent patterns. Customer data is vital when it comes to detecting fraud patterns, including the frequency of transactions, velocity and size of the payments typically made, as well as through which channels, such as online or mobile, they usually initiate electronic payments.
If a particular transaction falls outside a customer’s normal behaviour pattern, alerts can be generated and forwarded to fraud analysts in real time for further investigation.
Data analytics applied in a consortium can be particularly useful for pattern recognition modelling. This is when banks pool data on legitimate and fraudulent electronic payment transactions to help them better discern fraud patterns and flag transactions with similar characteristics as potential fraud. This technique helps to identify similar patterns of the same fraud type across multiple institutions.
Based on sophisticated fraud pattern data analysis, banks can implement real-time scoring of electronic payment transactions, where high risk payments can be flagged immediately, however and wherever they are initiated. By implementing real-time automated responses, suspicious transactions can be suspended before losses are incurred. This allows banks to act quickly when fraud has occurred and customers can be alerted to minimise the impact.
Banks can continue to provide the best possible banking experience for customers and help ensure customers can safely take advantage of new and more convenient ways of banking.
Implement Fraud Scorecards
To identify and prevent evolving fraud threats, banks need fraud systems that accurately score transactions for fraud risk across a full range of electronic and mobile payment channels. This approach can include setting up flash fraud rules and custom scorecards to help institutions better detect and prevent fraudulent transactions in the most cost-effective way. By looking at different risk indicators, such as unexpected international transactions or sudden changes in payment types or channels used by customers, banks can create a series of fraud rules and generate an overall risk score for each.
This approach is critical to thwart ‘Flash Fraud’ threats. In these kinds of scenarios, criminals expose an unknown weakness in a bank’s fraud systems or processes and initiate as many fraudulent transactions as they can before the loophole is closed. The best fraud prevention systems help banks rapidly respond to vulnerabilities by defining and implementing rules that can restrict the offending activity in real time.
Customised risk rules and scorecards help enable institutions to fine-tune the logic for their “decline, hold or approve” strategy, as well as helping banks to enhance their fraud detection capabilities and identify emerging fraud schemes. Banks need to deploy and update their risk strategies quickly and simply.
Ensure Multichannel Integration
Increasingly, hackers coordinate attacks using multiple interaction channels in an attempt to overcome traditional detection systems. Denial of service (DOS) and other attacks are often used to mask payment fraud on a network, requiring a more tightly integrated view of payments and broader network activity.
To achieve the multichannel coverage required, institutions need to have visibility into customer activity across all payment and interaction channels, including online and mobile. They must also ensure that they are closely integrated with their core payments platforms. This approach enables them to capture payments from all channels and apply the same, sophisticated fraud prevention logic across the business.
Payment fraud systems need to integrate seamlessly with a range of other fraud prevention systems, enhancing their capabilities in order to optimise fraud prevention strategies. While at the same time, incorporating automated fraud detection and prevention processes is vital to help banks maximise operational efficiency and ensure that all cases of fraud are effectively managed and resolved.
By taking this holistic, data-driven approach to fraud prevention, banks can detect many types of anomalies, suspicious transactions and other fraud indicators and can focus their resources on the two per cent of transactions that are typically responsible for up to 100 per cent of fraud risks.
In addition, the 98 per cent of transactions that are genuine can be settled quickly and securely, ensuring that customers receive an excellent experience. A layered approach to fraud prevention will minimise the risk of financial losses and allow the financial institution to comply with regulatory requirements.
Mannie Da Silva, Global Product Line manager, Financial Crime Risk Management Solutions at Fiserv