TOP 10 questions when choosing an anti-fraud system

See our rundown of the top 10 questions when choosing an advanced anti-fraud system for your online business. Protect every payment and transaction.

Maciej Pitucha

Chief Data Officer
Vector

22 January 2024

Group

6 min read

Finding the right anti-fraud system for your business is an important and demanding task. The decision you make will deeply influence your company as it directly relates to your financial health and operational performance. Specific areas of impact include your chargeback rate, conversion rate, revenue, customer shopping experience, and reputation, among others.
With a variety of anti-fraud software solutions available on the market, it is quite a challenge to choose the one to fit your unique business. To make this task easier for you, we have prepared a list of top ten questions about the anti-fraud systems’ features that you should ask vendors during the procurement process.

The anti-fraud system checklist

To keep things easy, Maciej Pitucha, our Chief Data Officer, prepared a list of the top ten questions about the anti-fraud systems that you should ask vendors during the procurement process (no email required, it's free).

Top 10 questions when choosing an anti-fraud system

To enable growth with minimal disruptions, an anti-fraud vendor should know what data to collect and how to combine it, what are the best predictors of fraud in the case of a particular business, how to enrich their own databases with external ones, to name a few key aspects.

Deployment of anti-fraud solutions - the essentials

With the context established, let’s go through the top 10 questions that should be asked when choosing an anti-fraud system for any business.

Question #1 Does the system rely on predefined rules or does it learn over time?

One of the most common methods in fraud detection and prevention is based on predefined rules. These rules, simple enough to understand, dictate the actions to undertake under particular circumstances.

Here’s an example:

If transaction value > $1 000 and 3 transactions with 3 different credit cards were made today from the same device ID then block the transaction

These rules are created manually, based on the company’s experience and domain experts’ knowledge. They require systematic monitoring of their performance and manual optimization.

However, the sheer volume and variety of data that needs to be analyzed make manual configuration of rules less effective and error-prone. As a result, managing the anti-fraud system by a risk team becomes more expensive, time-consuming, and potentially detrimental to your business due to high false positives.

We recommend solutions that are based on machine learning. One significant benefit of an ML-based system is its ability to automate the task of adjusting rules. Constantly under an immediate feedback loop, ML models process numerous transactions and continuously adapt and improve their ability to identify emerging fraudulent patterns.

This technology has already proven to be extremely effective when it comes to fighting fraud.

Question #2 Does the anti-fraud solution include the company's unique business logic to precisely fit its needs, or does the vendor adopt a generalized, one-size-fits-all approach?

Vendors use three major approaches regarding the deployment of their solutions:

Generic. In this case, anti-fraud solutions are created for industries individually (e.g. e-retail, travel, gaming) and are meant to work for any company within that particular sector – regardless of this company’s target groups, products/services offered, geographical market reach, etc. Such systems are quick to deploy and ready to use in a matter of hours, yet their accuracy leaves much to be desired.

Customized. In this case, anti-fraud solutions are adjusted not to a particular industry but to a business case. Machine Learning models are created for each company separately, considering their individual business logic. It means that ML models are based not only on generic industry data but also on data specific to the company, that had already been collected in their databases. For an Online Travel Agency, those could be, for instance: services offered, business model adopted, payment method used, interaction with a customer depending on the communication channel, user flow, the way products are categorized, and more. Although it takes a while (up to several weeks) to create and train the models, at the end of the day one receives a tailored anti-fraud system featured with great accuracy.

Pre-trained. In the third approach, an anti-fraud system is deployed without prior customization, to provide a company with almost immediate protection against fraud. However, at the same time, dedicated machine learning models are built to replace the generic solution within a couple of weeks to increase the effectiveness and accuracy of fraud prevention. This approach is especially advised for companies experiencing heavy fraud attacks – in need of instant help.

Read also: A Beginner’s Guide to Machine Learning in Payment Fraud Detection & Prevention

Which approach will fit your company?

To answer this question, one needs to first realize that customers behave differently, even within the same vertical, let alone geography. Customers of a retailer selling toys in Argentina differ significantly from those of a toys retailer operating in Poland. They use different payment methods, have different returns and exchange policies, browse the website differently, and more.

As there are so many discrepancies,  the solution should be adjusted to the specific needs, requirements, and environment of each business it is meant to protect. Our recommendation is to implement a mixed approach with a customized solution at the end.

Question #3 Can the company's internal and external data sources be leveraged to enrich the collected transactional data?

To detect fraud attempts, the system, regardless of whether it is based on predefined rules or machine learning models, needs to gather and constantly monitor data about the transactions carried out by users. Not only the volume of data is important, but also the variety and diversity of data sources.

Everything, from the frequency of shopping in the given ecommerce store, and preferred product categories, up to the specific manner of navigating the website unique for each individual, can deliver rich insights that help prevent fraud with higher precision.

We recommend a solution that has a portfolio of connectors to third-party data providers and internal data infrastructure for data enrichment.

Question #4 Does the system have proprietary end-user data extraction techniques to power the decision-making process?

Let me start with a short explanation of what a profiler is, if you are not familiar with this term, yet.

Profiler is a tool that allows you to collect and combine thousands of data points featuring every single individual interacting with the service: their hardware, software, network environment, and behavior.

It can extract user information such as:

  • what parts of the website they are clicking on,
  • how much time they spend on the website,
  • how they are using their mouse/touch screen,
  • numerous hardware properties: GPU characteristics, number of processor cores, device ID etc.
  • device type,
  • connection type (Wi-Fi, cellular) based on low-level network analysis and/or browser features checks etc.

…as well as…

  • verify whether the claimed browser and operating system are the ones actually used,
  • detect quirks in system configuration,
  • distinct a regular computer from a hacked one and more.

By combining such pieces of information with the company’s internal and external data, one can receive a comprehensive digital profile of each and every user visiting the website.

Profiler is a goldmine of information that, when used properly, allows your ML-based anti-fraud system to make truly accurate predictions and your organisation to stay ahead of fraudsters. 

Question #5 Does the vendor deploy multiple methods to detect deviations in hardware, software, network and user behavior?

Fraudsters are using various techniques to trick anti-fraud systems. They manipulate web browsers, operating systems, and devices. One of the goals of such deceit is to prevent the system from identifying the specific device, so the fraudster could use it multiple times to commit a crime.

A powerful anti-fraud solution should be able to spot such deception by applying various detection methods and techniques, that stem from their experience and technical knowledge about browsers’ mechanisms, hardware configurations, and more.

For instance, if someone is logging in from a MacBook Air but the graphics card installed isn’t compatible with this device model, it could indicate possible technical deviations. Such a situation requires closer investigation or even additional verification of the user’s identity. However, this scenario is possible only when the provider of the anti-fraud solution is familiar with all graphics card types that are compatible with MacBook Air or has models trained to distinguish standard configurations from non-standard ones. They should also have proper tools to verify what type of card is actually installed on the user’s device.

Question #6. Is the solution designed with a modular infrastructure and different levels of integration?

A modular solution implies that you can select and integrate different components from a product and pay only for what you genuinely need. This way, you can measure and integrate a SaaS solution faster and with reduced development costs. This model facilitates quicker and more cost-efficient integration of SaaS solutions, by reducing development expenses. For instance, suppose you require only a user risk detection system or a chargeback alert solution - you can precisely select that.

Equally important is the consideration of different levels of integration efforts. A  flexible, modularized, and tiered product allows businesses of any size to choose a plan that best suits their needs or even create custom plans to address specific requirements. For example, anti-fraud vendor should make available three plans

  • No need for integration - just light-code self-onboarding
  • API integration only
  • Both API and frontend integration for businesses that deal with high volumes of transactions.
Question #7 Can the solution cover every step of the consumer journey from login to post-payment? 

Fraud varies in impact at every touchpoint throughout your user journey. Consider, for instance, a suspicious login, which may signal risks such as bot activity, typically correlating with account takeovers. On the other hand, payment fraud tends to occur during the checkout process and might include CNP (Card Not Present) fraud, card testing, promo abuse, and police abuse, among others. Beyond payment, dishonest users could engage in return fraud or friendly fraud during the post-payment phase. Thus, it becomes clear that fraud cannot be approached as a monolith.

If your business has user interactions spanning all these stages, it would be crucial to opt for a solution that protects each phase with specific tools and strategies. Truly resilient fraud prevention requires a system that can navigate and safeguard all steps of the user journey.

Question #8 Does the vendor employ top-class Machine Learning specialists or do they use third parties?

If you are planning to deploy a Machine-Learning-based anti-fraud solution it is important to ask whether the vendor has a team of highly skilled ML specialists on board.

The role of this team is to, among others, analyze the company’s collected data, find out what characterizes fraudulent transactions, assess the relevancy of various fraud predictors, select the most relevant analytical method for the company’s business model, and build models for predicting whether a particular transaction is a fraud attempt or not.

As you can see, the role of such a team is crucial as it will have a significant impact on your anti-fraud strategy. By outsourcing the project to other third parties, the vendor not only exposes your company to higher costs but also can’t assure constant access to the best ML experts with extensive experience in fraud detection. The problem lies also in data security issues, being transferred outside the company, and less control over the quality of service and the project itself.

Question #9 Does the system provide feedback and analysis for each recommendation or simply a recommendation?

Once a threat is detected it can trigger various actions depending on the company’s approach and strategy. The list of possible reactions includes, among others:

  • blocking the transaction,
  • sending it for a manual review,
  • making a phone call to a customer for verification,
  • activating a conditional authentication layer.

Fraud and risk managers and analysts should be provided then with a comprehensive report on details about the transaction and the customer, as well as the reasons why it has been found suspicious. This feedback is important for understanding what exactly had happened and why.

Recommendation on what action should be taken towards a given transaction alone is not enough. Thus, without proper reports, you will be losing a detailed picture of the whole situation and precious information about the characteristics of fraud and the main reasons for its occurrence in your company.

The evidence of fraudulent activities should not only be comprehensive but also easy to understand. Make sure that the management panel incorporated in the solution that you want to implement is truly intuitive and UX-friendly.

Question #10 Does the vendor research and deploy detection of the latest fraud tools?

Being up-to-date with the latest warnings concerning fraud attacks, and new techniques used by fraudsters is one of the priorities for every fraud and risk manager. Fraudsters change their modus operandi, and new fraud tools emerge, so continuous learning in this matter is key. And the best source to learn more about what's new in fraud is from the Darknet. That's the place where fraud intelligence experts take their knowledge to further use it to reverse-engineer malicious tactics. 

Fraud intelligence helps adjust the fraud prevention strategy to the changing business environment, and customize the systems’ parameters to make it more effective, and it indicates what data points and metrics will be the best predictors of fraud in the future. 

Ask vendors whether they employ analysts dedicated to conducting such research.

Top 10 questions when choosing an anti-fraud system

We trust this article will prove useful when you engage with potential vendors. At the same time, let's acknowledge the reality: we, Nethone, are fraud prevention solution providers ourselves, and yes, we meet all these ten criteria outlined.

Feel free to schedule a call with us to get a customized demo, and if your curiosity is piqued, we can also share intriguing insights on the dark web methodologies adopted by fraudsters.

Ready to detect fraud just like Azul?

Ready to detect fraud just like Azul?

Start measuring fraud attacks today and find out if there are bots attacking your site. Arrange a call to discuss a tailored solution or explore our platform for free.

Book a call