– Ryan Wilk, Director of Customer Success, NuData Security, says:
The Nilson Report stated that the issuers, merchants and acquirers of credit, debit and prepaid cards worldwide experienced gross fraud losses of $11.27 billion in 2012, up 14.6 percent over 2011. That trend is sure to continue upward as online fraudsters maintain their assault on sensitive information with continually more clever schemes.
Consequently, Online Fraud Detection (OFD) is a full-time, 24/7 job. Fraud managers have the tough job of protecting their organizations and customers, and to do this well, they need to keep up to speed on OFD best practices—including a “five layer model”— and the latest tools to assist them. Three key recommendations, if implemented, should help provide the maximum defense against fraud.
One key recommendation is to use a layered fraud detection approach. The first three layers of fraud detection—endpoint, navigation and user/account—all provide powerful tools for recognizing fraud, but when combined, they unearth patterns that could not previously have been discovered when the layers were viewed discretely.
Looking at data from all three layers together provides more information for quicker and more accurate decision-making regarding possible fraud. For instance, a siloed model of OFD would be able to tell that a user isn’t using the same device as in the last session and so would not be certain if that user is authentic and legitimate. An integrated model, on the other hand, would be able to determine that the user is authentic base on additional information such as typing patterns and how the user interacts with the website.
The accuracy of fraud detection is greatly increased when all three layers are tightly integrated. By expanding protection across all five layers, organizations are able to identify anomalies, risks and fraud attempts across channels (such as mobile channels and different brand websites), and by using specialist non-PII (personally identifiable information) data networks (layer five).
These layer five networks are used to build a warehouse of identities that define good users and fraudsters. They do this by analyzing billions of transactions, including user behaviors. These identities remain completely anonymous and adhere to stringent privacy laws. With this collection of identities, an organization is provided an early warning system that is able to alert them when a ‘bad’ user approaches, even if it is the first time the user is approaching one of their sites.
It’s clear why a tightly knit, layered model is so much more helpful. It enables each layer of fraud detection to communicate with the others, identifying behavior and relationships that aren’t visible when considering each layer independently – a mistake many firms make. Monitoring all layers is essential to providing strong detection for key types of fraud:
- New account fraud
- Use of stolen financial credentials
- Account takeover fraud
Another best practice is to continuously profile the behavior of users, accounts and channels. This must be done through the entire account lifecycle across multiple channels, including: desktop and mobile Web, mobile apps and call centers. Continuously profiling users’ behavior empowers two key capabilities. First, it enables fraud managers to detect and respond to fraud sooner, reducing both risk and fraud loss. Second, when the user does reach a transaction point, fraud managers have full context of all their previous actions and behavior to make a better decision on the transaction. This benefits the bottom line by providing:
- More confidence in the fraud detection process, which enables acceptance of a larger number of orders
- Stronger, more well-rounded detection of fraud attempts, which reduces the number of manual reviews
- Holistic contextual behavior information, which reduces the amount of time manual reviews take
The third recommendation is to remove some of the hassle of fraud detection by working with organizations that use account profiling, layered protection and behavioral analytics.
A tightly integrated model of this kind allows each layer of fraud detection to communicate seamlessly with the others, identifying behavior and relationships that aren’t visible when considering each layer independently. Allowing layers to communicate with each other enables the discovery of emergent patterns that are impossible to detect otherwise. Consequently, organizations are able to detect more fraud and reduce false positives, both of which save money.
Best Practices Provide Protection
Hackers are clever and determined; they are always looking for opportunities to defraud organizations and coming up with new ways to bypass standard fraud detection protocols. Using a layered OFD approach provides more data points that can be integrated to reveal patterns that you’d never be able to see otherwise. By continuously profiling the behavior of users, accounts and channels, you can detect and respond to fraud sooner and feel more confident about the fraud detection process. Following these recommendations will help defeat fraudsters and save you time, money and brand reputation.
For a more comprehensive treatment of these recommendations, download your copy of the free report here.