- Payment & Fraud Editorials
Date: 30 Nov -0001 Location: Delegates:
-
Ai Video - Solving Conversion Conundrum with Buy Now Pay Later option
Covid19 and top payment-related themes - preparing for the future
Ai Editorial: Dealing with fear associated with fraudulent transactions
Ai Video: Is COVID 19 hastening a new era in payments?
Ai Video: Gearing up for mobile commerce fraud
Ai Video: Why mobile orders are risky?
After using palm for payment and loyalty, what’s next?
Ai Editorial: Are acquirers becoming stronger allies for merchants?
Counting on mobile wallets for touch-free transactions
Keeping a tab on dark web and catching fraudsters
25th August, 2020
15th October, 2020
Using a palm for a transaction, PSD2 SCA compliance, dealing with false declines… there are a number of payment-related areas that the travel industry needs to focus on at this juncture.
Main considerations are:
- CX: Customer interactions – both at the offline and digital level – are evolving at a rapid pace. The blend of what customers are expecting and the ongoing COVID-19 pandemic are paving way for contactless payment interactions. From a traveler’s perspective, a merchant must not only improve upon the shopping flow, for instance, taking care of safety-related aspects or cancellation/ refund handling, but also has to support payment methods that customers value and prefer.
- Payment infrastructure: Airlines need to support payment methods that are new or in demand. In the current environment, that means contactless payments and digital wallets. In the future, that may mean something else. Regardless of the COVID-19 crisis, the payments ecosystem continues to diversify and travel merchants must be ready to deploy new payment methods when customers demand them. Doing so at minimal cost and maximum speed.
- From a regulatory perspective, as Elavon acknowledges, implementing the more complex business, operational and technical changes required for the travel and hospitality sector is proving to be even more challenging when it comes to PSD2 SCA.Companies have to be compliant by the end of this year.
- Being on top of the fraud prevention game is a necessity as fraudsters have become more creative in the past few months. Assessment needs to start the moment a user arrives on a page or an app. For evaluating whether a user is a “good user” or not, don’t only rely on device attributes or historical transactional data. Understand the actual behavior and it will enable in gauging subtle differences between a legitimate user and a fraudster.
- Also, at a time when airlines must look at controlling their expenditure, they have to re-visit aspects of payment processing. How can payment orchestration help?
Hear from experts about what payment and fraud strategies do we need to take in order to return to profitability at #ATPS Virtual Conference 2020
Dates: 20-22 October
By Ritesh Gupta
Ai Editorial Team
11th March, 2020
Ai Editorial: There is much bigger loss in revenue when a merchant declines transactions without taking an initiative to dig deeper. One needs to learn how to manage risk and how the use of machine learning can contribute in the same, writes Ai’s Ritesh Gupta
The way travel merchants differentiate between a fraudulent and legitimate transaction is evolving, and one aspect that has stood out relates to managing the risk.
Rather than avoiding risk altogether, the approach is to pave way for more revenue based on a bigger risk appetite. A key learning: there is much bigger loss in revenue when a merchant simply declines transactions, rather than risking clearing a fraudulent one and learning from what all is being done. The time has come when the focus must be on managing false positives better.
Monica Eaton-Cardone, COO of Chargebacks911, asserts that the fear of fraud is a huge issue, and for merchants, it comes with a burden of $118 billion every year.
“ That’s roughly 20% of total US e-commerce spending in 2019. But here’s the real shock: while $118 billion is an almost unbelievable figure, reports show merchants spend 10 times that much trying to prevent chargeback fraud,” Monica, wrote in a blog post recently.
Doing away with “rules”
Staying away from risk at any cost is reflected in rule-based fraud prevention systems. For instance, rules based on geo-location that could oppose all transactions from one area/ market. Traditional fraud prevention methodology impacted sales in an adverse manner. Fraud prevention specialists chose to avoid taking the risk of accepting a borderline transaction (which could be genuine), resulting in much greater false positives. At the same time, rules deployed (location based, amount based, time based, etc) limit genuine users from making transactions. But today merchants are finding ways to overlook rules when positive behaviour is identified.
On the basis of calculated risks, the system passes the optimized number of transactions while ensuring that chargeback rates are still under control. As a result, borderline genuine transactions can be passed and unnecessary rules and bans are lifted, improving sales greatly. So merchants are drifting away from hard rules and relying on behavioural analysis – evaluating a combination of variables and patterns – a judicious way to obstruct fraudsters/ hackers and yet cut down on false positives at the same time. A more methodical tactic is to craft a risk engine. It blends rules and policies that are optimized through the use of machine learning. Along with this, other methods such as data signals for transactions, real-time behavioral analytics and device fingerprinting, too, are coming into play.
Working out a multi-disciplinary line of attack against fraudsters, featuring technologies - both supervised and unsupervised machine learning - would better prepare merchants for fraud management. Unsupervised machine learning is useful to learn on the fly and spot deceptive patterns even without having been trained with past data, i.e. able to unearth anonymous fraud attacks. Thereafter, predictive analytics may still be used to run the probabilities of fraud, giving a risk score.
Machine learning systems are lending a new dimension to fraud prevention, one that over the years has largely revolved around the use of rule-based systems. This way the industry is gearing up to reduce reliance on hard rules and to filter out fraud while passing more genuine users. However, machine learning systems only provide probability scores - or fraud scores - and would still require a team of manual reviewers to make sense of the score and thereafter a decision to pass or reject a transaction.
Dynamic friction
Also, it is important to understand that merchants are battling with various types of fraud, and putting the best foot forward is about monitoring and evaluating each for risk. Clearly, the industry is counting on behavioral and situational attributes to apply right friction to the right person at the right time. As Sift points out, it is vital to overlook legacy fraud-fighting solutions. All of this means a merchant is only applying friction in a blanket, indiscriminate way to all users, shoppers and fraudsters alike. With dynamic friction, risk level is assessed in real-time so that merchants can offer safe, convenient, and customized user journeys that only become more accurate and appropriate over time. In case a risk touches a given threshold, extra verification comes it play. If the interactions come across as reliable, that extra authentication is eradicated, providing the shopper a more rationalized experience.
Monica highlighted a couple of aspects related to dynamic friction:
1. A dynamic friction system works out verification for an individual user and it learns as it goes. By assessing data on an ongoing basis, including the analysis of previous interactions, a blanket approach is avoided and such drilling eventually paves way for friction in only certain cases.
2. A merchant’s best customers are subjected to the least amount of friction necessary for secure validation. Legitimate customers proceed with minimal friction.
(Read: How to leverage dynamic friction to only target dodgy shoppers?)
Dynamic friction cuts down the risk of alienating good users and causing false positives. The user journey needs to be evaluated holistically, from end to end; as a user moves through each stage of the journey, each interaction is evaluated for risk. The best part about dynamic friction: make it extremely tough for fraudsters to succeed, and at the same time not hampering the experience of genuine shoppers and them being unaware of the fraud detection mechanisms being used.
Ai’s 2020 conference dates: http://www.airlineinformation.org/upcoming-events2/370-2020-conference-dates.html
1st July, 2020
4th October, 2109
The aspects that make mobile commerce attractive and convenient for consumers also result in complex hurdles for merchants when it comes to keeping a tab on fraud and authenticating mobile orders.
Fraudsters have been targeting mobile commerce owing to the fact a majority of businesses generally don’t differentiate between mobile and web-based transactions. What it essentially means that merchants need to be spot on with what is relevant for evaluation – rather than considering cellular IP addresses as unique identifiers, watch out for unique identification number associated with such devices; a new Wi-fi network doesn’t necessarily mean that the order is fraudulent etc.
Mobile experience is resulting in a richer set of data, and it is imperative for travel e-commerce players to focus on the right data points to deal with mobile commerce fraud, says Kevin Lee, Trust & Safety Architect, Sift.
Last minute mobile orders or even any conversion from mobile devices needs to be viewed as a testimony of appropriate experience being delivered. More importantly, the risk team or the one that is looking into the acceptance rate, they need to evaluate how that transaction came to be, from which channel and also the related user data, recommends Lee.
In this video, Lee spoke about mobile authentication and ensuring the acceptance rate doesn’t take a beating.
28th May, 2019
Merchants, including ones from the travel e-commerce sector, need to diligently assess their respective mobile-order fraud-review systems.
According to Riskified, the behaviour of consumers when they shop via mobile and what makes such devices risky has to be ascertained. If not then merchants would continue to grapple with the highest rate of cart abandonment during the checkout process and above-average false-decline rates when compared to other shopping channels.
Sophia Miller, Business Development Manager, Riskified, who was recently in Brighton, UK for Ai’s ATPS (13th ATPS Worldwide Event), underlined that nature of users, the kind of transactions, unsuited fraud review measures, and the device being ATO or account takeover friendly make mobile risky.
For instance, Sophia highlighted that relatively younger travellers are more likely to order travel products using mobile devices, and tickets booked by this audience are 3.5 times more likely to result in a chargeback. She also shared that last minute travel orders are riskier plus mobile orders provide data points that don’t exist in desktop orders (and vice versa). “Fraud measures that are not device-sensitive can lead to 50% drop off rates,” indicated Sophia. As for ATO, she mentioned that mobile devices tend to contain all account, payment information and rewards and mobile apps are a “fraudster’s gold mine”.
By Ritesh Gupta
Ai Team
30th September, 2020
Customer interactions – both at the offline and digital level – are evolving at a rapid pace. The blend of what customers are expecting and the ongoing COVID-19 pandemic are paving way for contactless payment interactions.
Amazon has come up with a contactless way, Amazon One, for people to use their palm to make everyday activities like paying at a store, presenting a loyalty card, entering a location like a stadium etc. The company is using custom-built algorithms and hardware to create a person’s unique palm signature. It is starting as an entry option at two of Amazon Go stores in Seattle.
The team at Amazon mentioned that palm recognition is considered more private than some biometric alternatives. One can’t ascertain a person’s identity by looking at an image of their palm. It also requires someone to make an intentional gesture by holding their palm over the device to use. Plus, in addition to being contactless, as Amazon asserts, counting on a palm as a biometric identifier puts shoppers in control of when and where they use the service.
Payment specialists have already focused on paying via voice, where one uses just their voice for instance, with Amazon Alexa and Amazon Pay.
How technology is shaping up at this juncture to support contactless or touchfree transactions?
Join experts and explore new trends in payments and fraud at Ai’s Airline & Travel Payment Summit - #ATPS Virtual Conference 2020:
20 - 22 Oct 2020
http://www.airlineinformation.org/upcoming-events2/607-atps-virtual-conference-2020.html
18th February, 2020
Ai Editorial: Travel merchants, including airlines, are expecting their respective acquiring banks to contribute more than just processing payments, writes Ai’s Ritesh Gupta
Travel merchants, including airlines, have to focus on several aspects in order to streamline their cross-border payment acceptance.
Of utmost important is the shopper experience - from letting a travel shopper pay via their preferred payment method to ensuring their checkout experience isn’t disturbed with a unified approach to curbing fraud and disturbing even those transactions that shouldn’t be checked for authentication. Other than stepping up the authorization rate, businesses also need to keep the overall transaction fees in check. Plus, they need to prepare for better business decisions based on astute payments data, for instance, comprehending why transactions are being approved or declined with global coverage and granular reporting.
The role of the acquirer
The introduction of invisible payments or one-click transactions are experiences shoppers are increasingly getting used to, and every business needs to find ways to incorporate the same. And accordingly, the onus is on various stakeholders, including the acquirer, to chip in and facilitate the same for travel merchants. The entity, also known as the acquiring bank, is the financial institution that maintains the merchant’s bank account. It passes the merchant’s transactions along to the applicable issuing banks to receive payment. For airlines, hotels, OTAs etc., especially those operating in various countries, factors such as adding local payment options, too, are key to sustaining the desired conversion rate. It doesn’t come as a surprise when acquirers are being expected to support all payments types through all channels.
And the acquirer is also expected to contribute in other areas. A core of area of expertise is managing processing of cross-border payments in an adept manner. An established acquirer is expected to contribute in terms of “local acquiring” and bring down the rate of bank declines. And they key lies in working with only a few, or maybe one acquirer even for multiple markets. This tends to make reconciliation less complex for travel merchants. Another area is the settlement aspect. Also, the ecosystem has witnessed certain players doing away with the blended pricing model. There are benefits, for instance, when the interchange fees goes down, the overall costs also go down. There is now more transparency in terms of the cost of the processing, what is charged for the interchange, the processing cost etc. As for the future, one can only expect an increased level of standardization on a European level and globally, too.
As for dealing with card payment conversion, there are ongoing improvements that merchants are looking for. For instance, credit card decline codes are not standardized; they differ from one payment gateway to the next. Details pertaining to why a payment tends to get rejected can be provided by an acquirer and this in turn can boost the conversion rate. Even though the rejection or response codes offered by acquirers may appear dauntingly technical, it’s extremely useful to understand what they mean.
Travel merchants are assessing the prowess of payment analytics and evaluating key metrics pertaining to the overall payment flow. Primarily, the focus is on the associated cost with each transaction, the rate of authorization, and the chargeback ratio. Delving deeper, payment specialists are counting on analytics for assessment of the risk profile, the relevance and performance of the acquirer, fee for alternative payment solutions etc. It is worth following how data and algorithms are shaping up to contribute both in terms of cost reduction and revenue optimization.
An acquirer is also expected to respond to the regulatory requirements. For instance, the PSD2 Strong Customer Authentication (SCA) migration completion deadline for online payments in Europe continues to be a weighty issue, with concerns about the preparedness and compliance still coming to the fore. Again, acquirers (and other stakeholders have to support EMV 3DS 2.1 and 2.2 by the end of this year) need to enable merchants prepare for the same and contribute in terms of the overall authorization success. Another area that is worth following is how this regulation is going to impact multisided platforms, or marketplace businesses, and some other areas such as licensing.
The traditional merchant-acquirer model has evolved, and today’s payment facilitator model has made the chain a lot more fragmented. For instance, certain entities are an extension of the acquiring bank and provide merchant processing services on the acquirer’s behalf. As for the external factors, it is worth following how acquirers, post the merger activity, are going to respond to the rising competition.
Keen on exploring fraud prevention and payment-related issues?
Check-out Ai’s conferences scheduled for 2020: https://lnkd.in/fE7UK_T
7th Aug, 2020
21st August, 2020
Trading for stolen loyalty currency, data etc. on the dark web is quite similar to any online marketplace, with options varying from shopping categories to what’s available within various categories to the profile of the fraudster and criminal gang, and lot more.
The modus operandi is quite sophisticated and it is reflected in what and how fraudsters run their respective accounts.
“Fraudsters need to show they do legitimate business, sell authentic data and work on their reputation...even offer the option of refund,” mentioned Tobias Wieloch from Europol (European Cybercrime Centre or 3C), during Loyalty Security Association’s (LSA) webinar today. The fraudsters also stipulate refund and replacement policy. He added that the majority of attacks rely on existing modus operandi and benefit from known vulnerabilities.
Identification, Attribution and Data Enrichment
Wieloch also explained how the team works on its database, identifiers etc. to work on user matches and user duplication, and identify cybercriminals. Working with the private industry, the team also looks at attribution of losses and evaluates how the data has been fraudulently used, assesses sold compromised credit card or account details, and the financial damage per user. The team also looks at criminals’ details – user name, email address, IP Address + time stamp, login history, device details and phone number.
Wieloch also cited the case of Grant West, a hacker known as Courvoisier, who reportedly stole 78 million usernames and passwords to sell on the dark web with cyber attacks on Uber, Argos etc.
By Ritesh Gupta