The fight against electronic payment fraud is a challenge for the retail industry. To keep up with fraudsters without impacting the customer experience, payment providers are constantly innovating.
The evolution of the regulatory framework creates the conditions for a more effective fight by involving payment providers, banks, merchants and consumers in a joint effort. But more security also means more effort for both sellers and customers. On the consumer side, the use of strong authentication is generally well accepted.
"Over the last six months, the adoption of strong authentication has literally exploded and nearly three out of four consumers have accepted this constraint," observes Pierre Lahbabi, CEO of Galitt, which supports financial institutions, merchants and players in the payment industry. Validating payments on the Internet via the banking application limits the risk of non-payment, but shifts the risk to cart abandonment.
"The acceptability of the constraints linked to secure payments has evolved considerably among consumers, but for certain profiles, this can be a barrier to purchase", notes David Ledru, E-commerce Fraud Consultant & Product Manager for the payment service provider Monext. These are all barriers that innovation must help to overcome...
AI in search of weak signals...
Artificial intelligence and machine learning are naturally at the heart of all innovation efforts. This is a major project," says Sasha Pons, CPO of Dalenys. Artificial intelligence allows us to permanently adapt to the evolution of fraud, but also to assimilate the load." The integration of artificial intelligence and machine learning into anti-fraud solutions is almost widespread. Beyond Adyen, players such as Cybersource, Checkout, Hipay with its Hipay Sentinel module or Stripe with Stripe Radar, have developed their solutions and machine learning is a major innovation area. It is a response to the need for responsiveness, scalability and agility in the fight against fraud. This agility is essential in order to adapt the systems to each transaction.
This is the principle behind the Score solution developed and regularly refined by Oneytrust. The principle? To evaluate the confidence index of a transaction before generating this control, by analysing in real time the basket, the place of delivery and the identity of the consumer. But behind detection, there is action. What strategy should be adopted when fraud is suspected? This is ultimately the key question. Too rigid, the fight against fraud impacts the customer experience. Too lenient, it exposes the merchant to non-payment. For Oneytrust, for example, the answer lies in the Digital Review module. This works like a virtual investigator who, based on the data provided by the customer, determines a profile reliability score with its models by logical induction. The promise: to cut the use of visible checks by more than half by means of a more reliable invisible check.
The race for data
If the fight against fraud is characterised by the reign of algorithms, the natural counterpart of this technical reality is the need to back fraud detection with an ever-increasing mass of data. The larger and more varied the data, the more effective the identification of suspicious behaviour. "Understanding the fight against electronic payment fraud means accepting that it is no longer possible to distinguish fraud from cyber attacks," says Nicolas Samson, IBM Europe Investigation Consultant. In this context, the development of connectors to a maximum number of possible sources of information is a priority. Social networks, business applications, payment providers, etc.
In order to have the responsiveness that is essential for an effective fight against fraud, investigations must be placed in a new dimension: the aggregation of information, its analysis and automated processing, then validated and arbitrated by human agents, trained and made aware of good practices. "The equation is based on artificial intelligence and open source data," continues Nicolas Samson. Worldline, for its part, is focusing its developments on data with the recently launched Ingenico Insight solution. Combining Machine Learning and Data Science, the tool offers tailor-made advice for an in-depth understanding of payments. Available since a few weeks, this tool is at the convergence of business intelligence and predictive technologies by issuing recommendations and allowing comparisons with the sector average. For it is a fundamental trend: if the mechanisms for securing and identifying buyers are tightened, the fight against fraud must constantly be adapted and controlled. This demand for personalised strategies has an impact on innovation.
Adaptability and ultra-customisation of security
For Anton Beliakoff, Managing Director of Lyra, the basis of the fight against fraud is speed and reactivity: "We must avoid static rules, the best response to fraud is to develop strategies that evolve. This observation is shared by David Ledru, E-commerce Fraud Consultant & Product Manager for Monext, who considers that "although artificial intelligence is on our roadmap in terms of innovation, it is not the only path to be explored to fight fraud. Human action is key and we need to facilitate the definition of suitable scenarios." For this payment provider, offering the consumer a frictionless experience involves targeted strategies by creating white lists for which the anti-fraud rules are more flexible. Exceptions linked to clearly defined and identified behaviour profiles. Merchants must have total control over the security policy to be applied to each customer," explains Vincent Lenglet, Head of Product for Monext Retail. Making it easier for trusted customers to buy, to tighten the noose and vigilance according to precise and customisable criteria, is the method we favour."
From then on, the innovation concerns not only the multiplication of combinable criteria to define strategies, but also the ergonomics of the solution so that the teams in charge of fighting fraud can appropriate it easily and autonomously. Other players, such as Dalenys, also advocate the principle of a second chance with a new authorisation status called Soft Retry. "When the security filters lead to the rejection of a transaction, it is automatically submitted again to the bank for authorisation, by applying a strong 3D Secure authentication," explains Sasha Pons. A gradation of security to minimise the impact on the business...
What about the future?
Although the bank card is still the dominant means of payment in France, the prospect of the development of direct transfers may raise some concerns, as they open the way to digital identity fraud, which is much more difficult to thwart. This is especially true since, when the noose tightens, the fraudster systematically looks for ways around it. Strong authentication is undeniable progress," confirms David Ledru, "but it opens the way to other types of fraud such as bearer manipulation.
The regulatory changes affecting payment will have an impact on the behaviour and practices of fraudsters. It is these changes that the players in the fight against fraud are trying to anticipate. For Anton Beliakoff, Managing Director of Lyra, the introduction of the pan-European instant transfer, following the entry into force of PSD2, provides a response to the challenge of securing payments. This transfer, which is suitable for purchases exceeding the limits authorised by bank cards, is characterised by the fact that the customer will no longer need to register the merchant's IBAN number, which takes two days due to the fight against fraud, nor to pay with several cards. The benefit is real in terms of the fight against fraud, but it implies that all precautions must be taken because the transfer, once validated, is irrevocable," explains Anton Beliakoff. The payment industry will have to be particularly vigilant during the verification phase of the merchants' IBANs.