- Payment & Fraud Editorials
Date: 30 Nov -0001 Location: Delegates:
-
Every transaction counts, so fraud rules can’t be too tight!
RITESH 3
Ai Editorial: Dealing with a risk-averse mindset in fraud prevention
Ai Video: Chatbots – finally taking off?
Ai Video: Balancing CX and fraud prevention with dynamic friction
Ai Video: Countering mobile commerce fraud via continuous authentication
Ai Editorial: Law enforcement agencies eye fraudsters and e-commerce fraud
A call for EU to step up fight against organised online crime
Ai Video: Gearing up for voice-based transactions
Ai Video: Managing loyalty fraud as an FFP manager
Travel suppliers and intermediaries are attempting to revitalize their respective businesses, offering discounts and coupons to boost consumption. This means every transaction counts and a risk-averse mindset – i. e. rejecting a transaction than to risk passing a fraudulent one – won’t work, wries Ai's Ritesh Gupta
25th June, 2020
A major lesson from the Covid19 pandemic when comes to balancing UX and security is to make the most of available data.
Do away with a mindset that is commonly associated with rule-based systems, which is built with hard rules or buying limit.
“Every transaction counts and fraud rules can’t be too tight,” Microsoft’s Sondra Feinburg told Ai’s Ritesh Gupta in a recent interview.
Some key points:
- Data makes difference. As Braintree asserts, more relevant data facilitates more automated learning that can be applied to risk decision-making.
- Focus on separating a “good customer from a bad customer”. Too much authentication in shopping can upset the shopper. Strike the right balance between payment fraud protection and approval rates.
- Evaluate a multidisciplinary approach that combines big data, predictive analytics and real-time machine learning.
- Ongoing monitoring is essential – Machine learning models need to be trained, tested and re-trained as fraud trends evolve, points out ACI.
- More customers are preferring contactless payments. Work on authentication strategy for a mobile experience.
- Only dealing with rules have a limited scope, as they are reactive and tend to be about fraud to happen basically. Have a layer of adaptive AI in order to learn the patterns.
Follow Ai on LinkedIn: https://www.linkedin.com/company/airline-information/?viewAsMember=true
First Published on 25th July, 2018
Ai Editorial: A risk-averse mindset is commonly associated with rule-based systems, which is built with hard rules or buying limits, such as geo-location rules that could block out all transactions from one region, writes Ai's Ritesh Gupta
When merchants rely on conventional or long-used methods of spotting fraud, it tends to be associated with evaluating the standard fields (name, address, email, IP location, fingerprint and what can be found on the order form) and what transactions have cleared through the set rules.
The issue here is that those standard fields and hard rules are not tough for fraudsters/ hackers to break into and get breached once they have understood the rules worked out. For instance, it is quite straightforward for fraudsters to focus on new fake emails, and once they comprehend that a time based rule is set, they will attempt to set their program to go past the system. Not only so, authentic buyers are likely to be blocked. For instance, a geo-location rule would block customers booking transactions from ‘riskier’ locations.
Machine learning systems are meant to be an improvement from rule-based systems, to reduce reliance on hard rules and to filter out fraud while passing more genuine users. However, machine learning systems only provide probability scores - or fraud scores - and would still require a team of manual reviewers to make sense of the score and thereafter a decision to pass or reject a transaction.
Unfortunately, the fraud team’s KPI is still to ensure fraud rates are low - perpetuating the risk-averse mindset as they would rather reject a transaction than to risk passing a fraudulent one. To overcome such “risk-averse” mindset, it would require the fraud team to understand that risk is very much similar to financial risk; it should be managed, not eliminated. Since 0% risk gives 0% returns, having little to no fraud would mean much revenue has been lost. For merchants to fully overcome having a “risk-averse” fraud management system, a financial algorithm could be combined with the machine learning system to make sense of the risk financially, allowing for more revenue based on a greater risk appetite.
Also by focusing on machine learning, carriers can eradicate all those needless rules that would have otherwise stopped authentic buyers from competing their respective transactions.
The blend of big data and machine learning paves way for more solid fraud prevention.
As we highlighted in our previous articles, to simplify big data and machine learning, big data is first used to garner details about the user’s behaviour on the website (how the mouse moves, what he likes or puts into his wishlist, etc), and this information is combined with machine learning, which uses pattern recognition to map the pattern of his behaviour to match it either with positive (genuine) or negative (fraudulent) behaviour, as well as predictive analytics that records the positive/negative behaviour and uses that on future transactions for potential signs of fraud.
Lastly, an optimized fraud risk algorithm should be used to make decisions on whether or not to accept a transaction based on calculated risks to best optimize sales while controlling fraud and chargeback rates.
Hear from airlines and other industry executives about travel fraud at the upcoming 7th Annual Airline & Travel Payments Summit (ATPS), co-hosted with UATP, (4- 6 September 2018 in Phuket, Thailand).
For more click here
Follow Ai on Twitter: @Ai_Connects_Us
6th January, 2020
It is imperative for travel merchants to focus on dynamic friction, a fraud prevention approach which focuses on behavioral and situational attributes to apply right friction to the right person at the right time, writes Ai's Ritesh Gupta
For any entity that is looking at balancing customer experience and fraud prevention, doing away with legacy fraud-fighting solutions is must as it tends to apply friction in a blanket, indiscriminate way to all users, customers and fraudsters alike. With dynamic friction, risk level is assessed in real-time so that merchants can offer safe, convenient, and customized user journeys that only become more accurate and appropriate over time.
Sift Trust and Safety Architect, Kevin Lee, shared that while 99% of users on a website are legitimate, there still needs to be protection from the ~1% of users that are attempting abuse.
Keen on exploring fraud prevention and payment-related issues? Check-out Ai’s conferences scheduled for 2020:
15th August, 2019
It is imperative for travel e-commerce companies to be ready for bots, emulators, malware etc. and be precise with their fraud prevention plan.
As a specialist in behavioral biometrics, SecuredTouch asserts that the days of static biometric techniques are numbered. Rather merchants now need to dwell upon continuous authentication that features device intelligence, behavioral anomalies. All of this becomes even more important as mobile-related fraud is on the rise, and the behaviour of consumers when they shop via mobile and what makes such devices risky needs to be ascertained.
Going deeper into the complexity of the mobile commerce fraud, it needs to be understood that there might be one actor in the whole chain, says Lewis Duker, SecuredTouch. “It could be that one fraudster is testing the credentials, and another one monetizing the credentials,” he says. Referring to the threat of bots, he said the malicious activity needs to be trapped as it is happening.
In this context, the limitations of static fraud detection methodology via CAPTCHAs, blocking known hosting providers and proxy services or static biometrics are coming to the fore.
It all boils to verification of the legitimacy of the user, but considering the usage of today’s devices for shopping and the tricks of fraudsters, merchants need to evolve as well.
Hear from senior executives about mobile commerce fraud at the 8th Annual ATPS Asia-Pacific to be held in Penang, Malaysia (27-29 August, 2019).
26th February, 2020
Ai Editorial: Law enforcement agencies are looking at several areas – private and public sector partnership, capitalizing on data and high-tech crimes to curb fraudulent transactions, writes Ai’s Ritesh Gupta
The role of law enforcement agencies in combating a variety of cyberattacks is being tracked closely. Be it for private security and fraud prevention specialists or state-run agencies, no one organization is enough to deal with instances of cross-border cyber-attacks. But the role of law enforcement agencies in countering payment-related fraud and other ecommerce fraudulent can’t be undermined.
For instance, only a couple of months ago, Europol announced that its multidisciplinary initiative to derail illegal online transactions featuring flight tickets with compromised credit card data resulted in arrest of around 80 persons. These were suspected of traveling with airline tickets bought using stolen, compromised credit cards etc. Importantly, as also stated by Europol, some of the individuals were associated with unlawful immigration. For instance, some of the detained travelers had forged documents or IDs. At the time of this announcement, Europol also indicated that the airline industry’s losses hovered around $ 1 billion on annual, as a result of the fraudulent online purchases of flight tickets. Such illegitimate transactions are on top of the agenda of fraudsters/ online criminals and are often associated with more serious criminal activities including irregular immigration, trafficking in human beings, drug smuggling and terrorism.
Internet-enabled crimes and scams show no signs of letting up, according to data released by the FBI’s Internet Crime Complaint Center (IC3) in its 2019 Internet Crime Report. IC3 received 467,361 complaints in 2019—an average of nearly 1,300 every day—and recorded more than $3.5 billion in losses to individual and business victims.
Concerted effort
- Collaborative route: Travel merchants, including airlines, need to take a collaborative route to combat fraudulent activities.
“I believe in collaboration (for fighting fraud) at every level,” Jan-Jaap Kramer, Founder and CEO of FraudGuard told Ai during an edition of ATPS, held in the U. K. last year. He mentioned that fraud prevention as a discipline has come a long way, considering that a fraud analyst used to be isolated from other departments within an airline. And now various sectors have realized the significance of jointly fighting fraud since one fraudster can have access to a customer’s credentials. And these can be used across a variety of retail sites or in other ways to commit a fraudulent activity. “So it is imperative for merchants to cooperate and fight in unison,” Kramer had said.
Europol’s operations have been featuring participation of airlines. Other stakeholders that work with the law enforcement agency feature executives from online travel agencies, payment card companies, the International Air Transport Association (IATA), Perseuss etc. This is in addition to law enforcement, and judiciary and border agencies. They work in unison with Europol’s experts to spot dubious transactions and confirm the same with law enforcement officers deployed in the airports.
- Counting on data: Law enforcement agencies are trying to ensure that their initiatives don’t compromise individual privacy for the sake of public security. They are looking at implementing privacy by design. The plan should be – to be in complete line with one’s fundamental rights. In addition to this, the focus is also on promotion of de-bureaucratised and efficient processes.
- Keeping pace with cybercrime: Law enforcement agencies acknowledge that cybercrime is more confrontational than ever. Considering the use of botnets, setting up back doors on compromised devices, social engineering etc., there is a need to keep pace with such attacks.
- Preparing for the dark web: Europol, in its Internet Organised Crime Threat Assessment 2019, asserted that more synchronized investigation and hindrance-related initiatives for the dark web are needed. This would send a strong signal from law enforcement entities. Plus, even better real-time assessment is required to respond to the activities on the dark web. The capability “will enable the identification, categorization and analysis through advanced techniques including machine learning and artificial intelligence.”
It was also mentioned that an EU-wide framework is “required to enable judicial authorities to take the first steps to attribute a case to a country where no initial link is apparent due to anonymity issues, thereby preventing any country from assuming jurisdiction initiating an investigation”.
Keen on exploring fraud prevention, data privacy and protection issues?
Check-out Ai’s conferences scheduled for 2020: https://lnkd.in/fE7UK_T
6th October, 2020
Europol’s 2020 cybercrime report has highlighted the urgent need for the EU to step up the fight against organised online crime.
The report’s seventh annual edition, titled Internet Organised Crime Threat Assessment (IOCTA) 2020, fuelled “by a wealth of readily available data, as well as a Cybercrime-as-a-Service (CaaS) community, it has become easier for criminals to carry out highly targeted attacks”.
Some highlights:
- Cybercrime remains among the most dynamic forms of crime encountered by law enforcement in the EU.
- While ransomware, business email compromise and social engineering are familiar cybercrime threats, their execution evolves constantly and makes these criminal activities more complex to detect and to investigate.
- Ransomware in particular remains a priority threat encountered by cyber investigators across the EU.
- Subscriber identity module (SIM) swapping is one of the new key trends this year, having caused significant losses and attracted considerable attention from law enforcement.
- Cryptocurrencies continue to facilitate payments for various forms of cybercrime, as developments evolve with respect to privacy-oriented crypto coins and service.
Criminal abuse of the dark web
The report also mentioned that the dark web environment has remained volatile, lifecycles of dark web market places have shortened, and no clear dominant market has risen over the past year compared to previous years to fill the vacuum left by the takedowns in 2019.
- The nature of the dark web community at administrator-level shows how adaptive it is under challenging times, including more effective cooperation in the search for better security solutions and safe dark web interaction.
- There has been an increase in the use of privacy enhanced cryptocurrencies and an emergence of privacy-enhanced coinjoin concepts, such as Wasabi and Samurai.
- Surface web e-commerce sites and encrypted communication platforms offer an additional dimension to dark web trading to enhance the overall business model.
Europol shared that the value of being able to access data of criminal communication on an encrypted network is perhaps the most effective illustration of how encrypted data can provide law enforcement with crucial leads beyond the area of cybercrime.
For more, click: https://www.europol.europa.eu/newsroom/news/covid-19-sparks-upward-trend-in-cybercrime
20th May, 2019
Voice commerce is transforming the way travellers search, browse and buy online.
Travel brands have been focusing on the utility of voice features/ assistants, keenly evaluating those aspects of a trip that are tedious, and how can voice make the experience better.
“We have witnessed great advancement in the manner in which one can communicate with voice assistants, their context being understood and being helped out (in various tasks),” said Rodrigo Sánchez Prandi, VP Product, dLocal, who added that the e-commerce sector is witnessing progress on the payments side, too. So from checking the status of a flight to amenities in a particular flight such as Wi-Fi to checking in etc., one can buy trip essentials as well.
Companies like Google acknowledge that designing conversations is quite tricky as human conversations are complicated.
Prandi fittingly referred to the significance of understanding the specific use case of voice search, and counting on contextualization to deliver the best possible experience. “If a traveller is looking for Madrid to London flight, it is important to come up with only a couple of options, rather than giving a user 20 options. There is a need to know the customer really well,” he said. Progress is rapid owing to the fact that these offerings are always getting smarter, delivering new capabilities. The more one uses Alexa or Google Assistant, the more they adapt to a speech type/ pattern, lexicon/ jargon, likings etc.
Some of the considerations that travel e-commerce need to dwell upon:
• Creating a specific voice app like capitalizing on Alexa skills
• Difference between direct voice buys and open-ended voice searches
• Streamlining UX (for instance, Amazon Alexa recommends that enable users to initiate checkout on the website or mobile app, and complete the purchase via Alexa, or vice versa)
29th May, 2020