Online fraud remains a critical issue for businesses. CyberSource estimated in its 2013 Online Fraud Report that in North America, the total revenue loss due to online fraud in 2012 was approximately $3.5 billion. Those tasked with Online Fraud Detection (OFD) need to stay up to date so that they know about the latest tools and resources to keep their organizations and customers safe. Recent industry standards call for a “five layer model” to cover all the bases of OFD and create a comprehensive overview of user activity. To build the strongest OFD strategy possible, current best practices include the three recommendations below.
The first best practice is to continuously profile users and accounts through their whole lifecycle across multiple channels, including desktop and mobile Web, mobile apps and call centers. Continuously profiling user behavior, accounts and channels is the Holy Grail of OFD and empowers two key capabilities. First, it enables fraud managers to detect and respond to fraud sooner, reducing both risk and fraud loss. Second, when the user does reach a transaction point, fraud managers have full context of all their previous actions and behavior to make a better decision on the transaction. This positively impacts revenue by providing:
- Greater trust in the data to accept a greater percentage of orders
- Stronger detection of fraud attempts, which reduces the number of manual reviews
- Thorough contextual behavior information, which reduces the amount of time it takes to perform manual reviews
The second recommendation is to learn to layer in order to have a better chance at detecting fraud. The first three layers of fraud detection (endpoint, navigation and user/account) all provide powerful tools for recognizing fraud, but when combined, they unearth patterns that could not previously be discovered if the layers were viewed discretely.
For instance, a user may be logging in from an unfamiliar device. Instead of simply knowing that the user is on a different device than he or she has previously used, and therefore being uncertain of the user’s identity, layered fraud detection is able to tell by the user’s behaviors, such as how they navigate the site, that the user is authentic.
The accuracy of fraud detection increases exponentially when these layers are integrated.
By expanding protection across all five layers, organizations are able to identify anomalies, risks and fraud attempts across channels (such as mobile channels and different brand websites), and by using specialist non-PII (personally identifiable information) data networks (layer five).
User behaviors and billions of other transactions can be analyzed by non-PII networks to create a storehouse of anonymous identities that are categorized as good users and users who have been implicated in fraud. These identities remain completely anonymous and adhere to stringent privacy laws. With this collection of identities, an organization is provided an early warning system that is able to alert them when a ‘bad’ user approaches, even if it is the first time the user is approaching one of their sites.
Many firms make the mistake of looking at each layer independently. The genius of an integrated model is that it allows each layer of fraud detection to communicate with the others, identifying behavior and relationships that aren’t visible otherwise. Monitoring all layers is essential to providing strong detection for key types of fraud: account takeover fraud, use of stolen financial credentials and new account fraud.
The third best practice is to tightly integrate all fraud detection layers and use account profiling and behavioral analytics. Allowing layers to communicate with each other enables the discovery of emergent patterns that are impossible to detect otherwise. As a result, organizations are able to detect more fraud and reduce false positives, both of which save money.
Protecting What Matters
Online fraud costs businesses $3.5 billion, and that’s just in North America. Experts estimate global losses to top $100 billion annually, and the figure grows every year. Organizations have a serious vested interest is protecting themselves and their customers from fraudsters who stand to make a fortune at their expense. With so much at stake, fraud managers have the difficult but critical task of staying abreast of the latest threats and best practices. These include continuous behavioral profiling, multi-layered protection and behavioral analytics. A comprehensive approach of this kind will ensure the strongest protection currently available.
About the Author: Ryan Wilk is the Director - Customer Success at NuData Security. In his role at NuData Security, Wilk is responsible for ensuring the success of every NuData Security customer during the lifetime of the partnership. This includes guiding customers through the implementation process as well as managing the post implementation relationship.
Edited by Maurice Nagle