TOP 10 questions when choosing an anti-fraud system
See our rundown of the top 10 questions when choosing an advanced anti-fraud system for your online business. Protect every payment and transaction.
Hubert RachwalskiChief Executive Officer
19 October 2017
6 min read
For those of you who don’t have time right now to read the whole article, we have prepared a ready-to-use list of discussed questions with Nethone’s team commentary.
|1||Does the system rely on predefined rules or does it learn over time?||
Choose a solution that is Machine Learning based over the one using static rules.
|2||Will the company’s business logic be embedded into the anti-fraud solution, providing an exact fit to its needs, or does the vendor represent the one-size-fits-all approach?||Implement a mixed approach with a customized solution at the end.|
|3||Can the company’s internal and external data sources be used to enrich the gathered transactional data?||As effective spotting of fraud attempts requires nowadays more data than ever before, the solution that allows incorporating data from various sources will be the best choice for your business.|
|4||Does the system provide a comprehensive profiler to gather additional information to power the decision-making process?||A proprietary comprehensive profiler embedded in the anti-fraud system is a must if you want to effectively fight fraud.|
|5||Does the vendor deploy multiple methods to detect deviations in browsers, devices, and operating systems?||Look for systems that use device fingerprinting and other methods to prevent technical manipulations of website browsers’ mechanisms, hardware configurations etc.|
|6||Does the solution prevent as well as detect fraud?||The best solution is one that not only detects a fraud attempt but also automatically prevents it. Choose Machine Learning based solutions over rules they are more accurate for this task.|
|7||Can the solution complement your company’s existing tools?||Seek a solution that can integrate into your existing tools to draw information about other aspects of your business. That will bring additional insights into your analysis.|
|8||Does the vendor employ top-class Machine Learning specialists or do they use third parties?||Having a team of experts in Machine Learning on board is strongly advisable for every vendor of ML based anti-fraud system.|
|9||Does the system provide feedback and analysis for each recommendation or simply a recommendation?||The system should provide your fraud/risk managers and analysts with an exhaustive report on details about the transaction, the customer and reasons why the transaction was found suspicious.|
|10||Does the vendor research and deploy detection of the latest fraud tools?||There should be a team of employees assigned on a permanent basis to conduct research on cybersecurity issues.|
Today, anti-fraud solutions are, as a matter of fact, conglomerates of various complementary modules: tools for data collection, device fingerprinting, comprehensive profilers and more. Therefore, they should be offered to online businesses as one-stop-shop solutions easy to integrate with their existing IT infrastructure.
It is worth mentioning that proper technical deployment of an anti-fraud system does not guarantee success. One should also know what data to collect and how to combine it, what the best predictors of fraud in the case of a particular company are, how to enrich their own databases with external ones etc. It is essential for every vendor to advise and help their clients in this area as these decisions will impact the project’s final results.
Let’s take a look at the top 10 questions, that in my opinion are paramount and should be asked when choosing an anti-fraud system for any business.
One of the most common approaches to fraud detection and prevention is based on predefined rules. Those are very easy to understand. Sets of rules determine the actions that should be taken under given circumstances.
Here’s an example:
If transaction value > $1 000 and 3 transactions with 3 different credit cards were made today from the same device ID then block the transaction
These rules are created manually, on the basis of the company’s experience and domain experts’ knowledge. They require systematic monitoring of their performance and manual optimisation.
However, the complexity of the eCommerce world as well as the volume and variety of data that needs to be analysed, makes manual configuration of rules less effective and their optimisation error-prone. In effect, keeping the anti-fraud system under control by a risk team becomes more expensive, and time-consuming and may severely hurt your business as it usually leads to many false positives.
We recommend solutions that are based on Machine Learning (ML). One of the key advantages of using a Machine-Learning-based system is that it removes the manual task of tweaking rules each time, as the system does it automatically. With more processed transactions, ML models are under an instantaneous feedback loop with new chargebacks and are constantly retrained to be able to detect new emerging fraudulent patterns.
This technology has already proven to be extremely effective when it comes to fighting fraud.
Generally speaking, vendors use three major approaches regarding the deployment of their solutions:
Which approach will fit your company?
To answer this question, one needs to first realize that customers behave differently, even within the same vertical, let alone geography. Customers of an e-shop selling toys in Argentina differ significantly from those of a toys e-shop operating in Poland. They use different payment methods, are used to different returns and exchanges policies, browse the website differently, and more.
As there are so many discrepancies, can one solution or a Machine Learning model be equally efficient in detecting and preventing fraud in both cases?
No, it can’t.
Therefore, the solution should be adjusted to the specific needs, requirements and environment of each business it is meant to protect. Our recommendation is to implement a mixed approach with a customized solution at the end.
To detect fraud attempts, the system, regardless of whether it is based on predefined rules or Machine Learning models, needs to gather and constantly monitor data about the transactions carried out by users…
However, fraudsters’ techniques have become more sophisticated due to the available technology, which, in turn, has made spotting online fraud harder than ever before.
Any organisation that wishes to effectively fight fraud, needs to analyse more and more data about its customers. Not only the volume of data is important, but also the variety and diversity of data sources.
Everything, from the frequency of shopping in the given e-store, and preferred product categories, up to the specific manner of navigating the website unique for each individual can deliver great, actionable insights that help prevent fraud with ever-increasing accuracy.
Does the system that your company is about to choose, enable gathering and using data from, for instance, your CRM / BI / billing systems, customers' social media accounts, website monitoring or geolocation data? The data could include, among others, transactions’ parameters, information about chargebacks (reason code for a chargeback), customer’s location, how they behave while exploring the website, are their Facebook accounts genuine or fake etc.
Well, it should, as all of these pieces of information make your anti-fraud strategy more successful.
Let me start with a short explanation of what a profiler is, if you are not familiar with this term, yet.
Profiler is a tool that allows you to collect and combine thousands of data points featuring every single individual interacting with the service: their hardware, software, network environment and behaviour.
It can extract such information as:
…as well as…
By combining such pieces of information with the company’s internal and external data, one can receive a comprehensive digital profile of each and every user visiting the website.
Profiler is a goldmine of information that, when used properly, allows your ML-based anti-fraud system to make truly accurate predictions and your organisation to stay ahead of fraudsters. Look for vendors who have developed their own profilers instead of using third-party solutions.
Nowadays, fraudsters are using very sophisticated techniques to trick anti-fraud systems. They manipulate web browsers, operating systems and devices. One of the goals of such deceit is to prevent the system from identification of the specific computer, so the fraudster could use it multiple times to commit a crime.
A quality anti-fraud solution should be able to spot such deception by applying various detection methods and techniques, that stems from their experience and technical knowledge about browsers’ mechanisms, hardware configurations and more.
For instance, if someone is logging in from a MacBook Air but the graphics card installed isn’t compatible with this model of computer, it could indicate possible technical deviations. Such a situation requires closer investigation or even additional verification of the user’s identity. However, this scenario is possible only when the provider of the anti-fraud solution is familiar with all graphics card types that are compatible with MacBook Air or has models trained to distinguish standard configurations from non-standard ones. They should also have proper tools to verify what type of card is actually installed on the user’s device.
Fraud prevention requires effective fraud detection. You can have a system that analyses historical data, compares various data points and chooses the best predictors of fraud. But you need something more than that. You need a system that will analyse incoming high-volume data from various sources, and predict a fraud attempt before it takes place. And, if necessary, prevent fraud automatically by adding, for instance, an extra level of authentication at the checkout.
Many transactions may share some features typical of fraud attempts, but it does not make necessarily mean that they are.
Yes, I’m talking about false positives. False positives impact business negatively and can be more severe for your company than fraud itself. You are literally preventing numerous customers from buying from you!
Your anti-fraud system must be featured with outstanding accuracy to meet this challenge. In this case, static rules-based systems are not the best choice. Rules are too simplistic and human behavior is too complicated. Our recommendation is to apply Machine Learning because machines are much more precise in analysing a massive amount of data in real time and therefore more efficiently detect intricacies in customers’ behavior. As a result, decreasing the number of false positives.
When running a business, you collect and generate a lot of data. It is stored in CRM systems, spreadsheets, BI, operational databases etc., and used for purposes other than fraud detection.
However, this way you are missing a great opportunity to fuel the conducted fraud prevention analysis with more insights about your customers and increase its effectiveness.
Can the anti-fraud systems from your shortlist incorporate data used for offer recommendation, cross-up selling, churn analysis, and credit scoring?
Well… they should.
Furthermore, if you are not collecting that much data on your own, let’s reverse the logic – ask vendors if their solutions are capable of providing insights that you could use for more purposes than just fraud prevention.
If you are planning to deploy a Machine-Learning-based anti-fraud solution it is important to ask whether the vendor has a team of highly skilled ML specialists on board.
The role of this team is to, among others, analyse the company’s collected data, find out what characterises fraudulent transactions, assess the relevancy of various fraud predictors, select the most relevant analytical method for the company’s business model and build Machine Learning models for predicting whether a particular transaction is a fraud attempt or not.
As you can see, the role of such a team is crucial as it will have a significant impact on your anti-fraud strategy. By outsourcing the project to freelancers and other third parties, the vendor not only exposes your company to higher costs but also can’t assure constant access to the best ML experts with extensive experience in fraud detection. The problem lies also in data security issues, being transferred outside the company, and less control over the quality of service and the project itself.
Generally speaking, the purpose of an anti-fraud solution is to spot and prevent fraud attempts. Once a threat is detected it can trigger various actions depending on the company’s approach and strategy. The list of possible reactions includes, among others:
Fraud/risk managers and analysts should be provided then with a comprehensive report on details about the transaction and the customer, as well as the reasons why it has been found suspicious. This feedback is important for understanding what exactly had happened and why as well as verifying whether the problem hadn’t been caused by some of the company’s earlier actions.
Recommendation on what action should be taken towards a given transaction alone is not enough. Thus, without proper reports, you will be losing a detailed picture of the whole situation and precious information about the characteristics of fraud and the main reasons for its occurrence in your company.
The evidence of fraudulent activities should not only be comprehensive but also easy to understand. Make sure that the management panel incorporated in the solution that you want to implement is truly intuitive and compliant with the current UX standards.
Being up-to-date with the latest industry news, data breach alerts, benchmarks, warnings concerning fraud attacks, and new techniques used by fraudsters is one of the priorities for every risk/fraud manager.
The importance of such information is unquestionable. It is used to adjust the fraud prevention strategy to the changing business environment, customize the systems’ parameters to make it more effective, and reduce the time of analysis. It also indicates what data points and metrics will be the best predictors of fraud in the future.
Ask vendors whether they employ analysts dedicated to conducting such research.
If you liked this article and would like to prevent similar fraudulent activities from occurring in your business, Nethone's anti-fraud system is perfect for you. Arrange a call with us and we'll show you how...