TOP 10 questions when choosing an anti-fraud system
See our rundown of the top 10 questions when choosing an advanced anti-fraud system for your online business. Protect every payment and transaction.
Maciej PituchaChief Data Officer
22 January 2024
6 min read
To keep things easy, Maciej Pitucha, our Chief Data Officer, prepared a list of the top ten questions about the anti-fraud systems that you should ask vendors during the procurement process (no email required, it's free).
To enable growth with minimal disruptions, an anti-fraud vendor should know what data to collect and how to combine it, what are the best predictors of fraud in the case of a particular business, how to enrich their own databases with external ones, to name a few key aspects.
With the context established, let’s go through the top 10 questions that should be asked when choosing an anti-fraud system for any business.
One of the most common methods in fraud detection and prevention is based on predefined rules. These rules, simple enough to understand, dictate the actions to undertake under particular circumstances.
Here’s an example:
If transaction value > $1 000 and 3 transactions with 3 different credit cards were made today from the same device ID then block the transaction
These rules are created manually, based on the company’s experience and domain experts’ knowledge. They require systematic monitoring of their performance and manual optimization.
However, the sheer volume and variety of data that needs to be analyzed make manual configuration of rules less effective and error-prone. As a result, managing the anti-fraud system by a risk team becomes more expensive, time-consuming, and potentially detrimental to your business due to high false positives.
We recommend solutions that are based on machine learning. One significant benefit of an ML-based system is its ability to automate the task of adjusting rules. Constantly under an immediate feedback loop, ML models process numerous transactions and continuously adapt and improve their ability to identify emerging fraudulent patterns.
This technology has already proven to be extremely effective when it comes to fighting fraud.
Vendors use three major approaches regarding the deployment of their solutions:
Generic. In this case, anti-fraud solutions are created for industries individually (e.g. e-retail, travel, gaming) and are meant to work for any company within that particular sector – regardless of this company’s target groups, products/services offered, geographical market reach, etc. Such systems are quick to deploy and ready to use in a matter of hours, yet their accuracy leaves much to be desired.
Customized. In this case, anti-fraud solutions are adjusted not to a particular industry but to a business case. Machine Learning models are created for each company separately, considering their individual business logic. It means that ML models are based not only on generic industry data but also on data specific to the company, that had already been collected in their databases. For an Online Travel Agency, those could be, for instance: services offered, business model adopted, payment method used, interaction with a customer depending on the communication channel, user flow, the way products are categorized, and more. Although it takes a while (up to several weeks) to create and train the models, at the end of the day one receives a tailored anti-fraud system featured with great accuracy.
Pre-trained. In the third approach, an anti-fraud system is deployed without prior customization, to provide a company with almost immediate protection against fraud. However, at the same time, dedicated machine learning models are built to replace the generic solution within a couple of weeks to increase the effectiveness and accuracy of fraud prevention. This approach is especially advised for companies experiencing heavy fraud attacks – in need of instant help.
Which approach will fit your company?
To answer this question, one needs to first realize that customers behave differently, even within the same vertical, let alone geography. Customers of a retailer selling toys in Argentina differ significantly from those of a toys retailer operating in Poland. They use different payment methods, have different returns and exchange policies, browse the website differently, and more.
As there are so many discrepancies, the solution should be adjusted to the specific needs, requirements, and environment of each business it is meant to protect. Our recommendation is to implement a mixed approach with a customized solution at the end.
To detect fraud attempts, the system, regardless of whether it is based on predefined rules or machine learning models, needs to gather and constantly monitor data about the transactions carried out by users. Not only the volume of data is important, but also the variety and diversity of data sources.
Everything, from the frequency of shopping in the given ecommerce store, and preferred product categories, up to the specific manner of navigating the website unique for each individual, can deliver rich insights that help prevent fraud with higher precision.
We recommend a solution that has a portfolio of connectors to third-party data providers and internal data infrastructure for data enrichment.
Let me start with a short explanation of what a profiler is, if you are not familiar with this term, yet.
Profiler is a tool that allows you to collect and combine thousands of data points featuring every single individual interacting with the service: their hardware, software, network environment, and behavior.
It can extract user information such as:
…as well as…
By combining such pieces of information with the company’s internal and external data, one can receive a comprehensive digital profile of each and every user visiting the website.
Profiler is a goldmine of information that, when used properly, allows your ML-based anti-fraud system to make truly accurate predictions and your organisation to stay ahead of fraudsters.
Fraudsters are using various techniques to trick anti-fraud systems. They manipulate web browsers, operating systems, and devices. One of the goals of such deceit is to prevent the system from identifying the specific device, so the fraudster could use it multiple times to commit a crime.
A powerful anti-fraud solution should be able to spot such deception by applying various detection methods and techniques, that stem from their experience and technical knowledge about browsers’ mechanisms, hardware configurations, and more.
For instance, if someone is logging in from a MacBook Air but the graphics card installed isn’t compatible with this device model, it could indicate possible technical deviations. Such a situation requires closer investigation or even additional verification of the user’s identity. However, this scenario is possible only when the provider of the anti-fraud solution is familiar with all graphics card types that are compatible with MacBook Air or has models trained to distinguish standard configurations from non-standard ones. They should also have proper tools to verify what type of card is actually installed on the user’s device.
A modular solution implies that you can select and integrate different components from a product and pay only for what you genuinely need. This way, you can measure and integrate a SaaS solution faster and with reduced development costs. This model facilitates quicker and more cost-efficient integration of SaaS solutions, by reducing development expenses. For instance, suppose you require only a user risk detection system or a chargeback alert solution - you can precisely select that.
Equally important is the consideration of different levels of integration efforts. A flexible, modularized, and tiered product allows businesses of any size to choose a plan that best suits their needs or even create custom plans to address specific requirements. For example, anti-fraud vendor should make available three plans
Fraud varies in impact at every touchpoint throughout your user journey. Consider, for instance, a suspicious login, which may signal risks such as bot activity, typically correlating with account takeovers. On the other hand, payment fraud tends to occur during the checkout process and might include CNP (Card Not Present) fraud, card testing, promo abuse, and police abuse, among others. Beyond payment, dishonest users could engage in return fraud or friendly fraud during the post-payment phase. Thus, it becomes clear that fraud cannot be approached as a monolith.
If your business has user interactions spanning all these stages, it would be crucial to opt for a solution that protects each phase with specific tools and strategies. Truly resilient fraud prevention requires a system that can navigate and safeguard all steps of the user journey.
If you are planning to deploy a Machine-Learning-based anti-fraud solution it is important to ask whether the vendor has a team of highly skilled ML specialists on board.
The role of this team is to, among others, analyze the company’s collected data, find out what characterizes fraudulent transactions, assess the relevancy of various fraud predictors, select the most relevant analytical method for the company’s business model, and build models for predicting whether a particular transaction is a fraud attempt or not.
As you can see, the role of such a team is crucial as it will have a significant impact on your anti-fraud strategy. By outsourcing the project to other third parties, the vendor not only exposes your company to higher costs but also can’t assure constant access to the best ML experts with extensive experience in fraud detection. The problem lies also in data security issues, being transferred outside the company, and less control over the quality of service and the project itself.
Once a threat is detected it can trigger various actions depending on the company’s approach and strategy. The list of possible reactions includes, among others:
Fraud and risk managers and analysts should be provided then with a comprehensive report on details about the transaction and the customer, as well as the reasons why it has been found suspicious. This feedback is important for understanding what exactly had happened and why.
Recommendation on what action should be taken towards a given transaction alone is not enough. Thus, without proper reports, you will be losing a detailed picture of the whole situation and precious information about the characteristics of fraud and the main reasons for its occurrence in your company.
The evidence of fraudulent activities should not only be comprehensive but also easy to understand. Make sure that the management panel incorporated in the solution that you want to implement is truly intuitive and UX-friendly.
Being up-to-date with the latest warnings concerning fraud attacks, and new techniques used by fraudsters is one of the priorities for every fraud and risk manager. Fraudsters change their modus operandi, and new fraud tools emerge, so continuous learning in this matter is key. And the best source to learn more about what's new in fraud is from the Darknet. That's the place where fraud intelligence experts take their knowledge to further use it to reverse-engineer malicious tactics.
Fraud intelligence helps adjust the fraud prevention strategy to the changing business environment, and customize the systems’ parameters to make it more effective, and it indicates what data points and metrics will be the best predictors of fraud in the future.
Ask vendors whether they employ analysts dedicated to conducting such research.
We trust this article will prove useful when you engage with potential vendors. At the same time, let's acknowledge the reality: we, Nethone, are fraud prevention solution providers ourselves, and yes, we meet all these ten criteria outlined.
Feel free to schedule a call with us to get a customized demo, and if your curiosity is piqued, we can also share intriguing insights on the dark web methodologies adopted by fraudsters.