Online transacting is safer than a card-present world — or at least it can be. That’s what Revathi Subramanian, SVP of Data Science at CA Technologies, told MPD CEO Karen Webster during an hour-long digital discussion on the state of online fraud around the world. Subramanian said that we have the data, the models and the tools – right now – to make online transacting safer than offline. But, they’re just not being used.
E-COMMERCE FRAUD AROUND THE WORLD
With card-not-present online transactions, it is very difficult to determine where the source of a transaction is happening. At the start of the conversation, Subramanian said, “With e-commerce transactions, we’re not in Kansas anymore. Online fraud is really happening all across the globe. Issuers across the globe therefore need to act as one family to combat these globalized fraud trends."
Where Fraud Occurs
The below chart, provided by CA Technologies, indicates where online fraud occurs in the world, with darker areas having the highest numbers of fraud. While this may suggest that online fraud shouldn’t necessarily be dubbed the safest way to transact, Subramanian noted that it simply means that information available isn’t being properly used to combat fraud.
E-commerce trends, said Subramanian, are shaped globally, and with each transaction comes a goldmine of information not available in the regular authorization stream. Device configuration and location, as well as browser characteristics, IP addresses, and more can be used to understand where and how fraud is happening.
Where Transactions Are Happening
The below chart shows where online transactions are occurring around the world, with darker areas having the highest numbers.
THE BIG DATA OPPORTUNITY
The 3D Secure protocol gives the issuer the change to peer into a transaction as it is happening, and gather information on it. It has reached critical mass and continues to grow in use and popularity. In addition, detailed unique data about the customer’s internet shopping habits including the device used, location, merchant URL, connection speed, type, the anonymizer, is available.
Data-driven techniques are proven in authorizations but have a card present view in terms of data. But, noted Subramanian, information available for card-present transactions doesn’t even come close to the level available for online transactions. Advanced analytics with a Big Data infrastructure can therefore pave the way to creating tremendous value – and reducing fraud – to actually create an environment where it is safer to transact online than with a physical card.
"The reason we might be safer with online transactions as opposed to card-present transactions is because we have the ability to use the information available with advanced analytical systems,” she said.
Advanced analytics with Big Data infrastructure allows companies to detect fraud better while impacting fewer transactions, improve customer experience and create value for issuers, create customer insight and learn about the customer.
According to Subramanian, there’s tremendous benefit to using 3D Secure for merchants, issuers as well as consumers. Below is a chart showing transaction data in black available in the regular data stream, with elements in red only available with a 3D Secure solution.
WHAT IS 3D SECURE?
Subramanian went on to explain that 3D Secure provides a mechanism to allow for the authentication of the user in real time at the point of sale online. She further stated that this provides improved visibility and control to the issuer for the purpose of fraud prevention along the following parameters:
Real Time Authentication: A mechanism to proving the identity of a cardholder while shopping online where traditional POS measures (chip & PIN) are not possible.
Device and Transaction Location: Provides valuable insight to the digital world allowing data to be seen not possible at authorization, i.e. device ID & geolocation.
Transaction Data Available When a Merchant Prompts for 3D Secure
“If a 3D Secure solution is deployed, all of this information will really be fair game,” said Subramanian.
THE VALUE OF 3D SECURE
Subramanian was asked a somewhat rhetorical question during the discussion: “When we talk about the value of 3D Secure to the real constituents in payments, does the merchant feel like it’s a worthwhile tradeoff?"
Her response points out that if the issuer, for example, collects all of the information and still chooses to authenticate, the abandonment will still be rare. The merchant and issuer will lose the transaction, and it’s not a desirable solution for the merchant. They don’t have the fraud liability, but they are losing a lot of the transactions if the issuer decides to do a password check.
According to Subramanian, “The merchants actually get to gain a lot from this if the data is being used very effectively.” For cardholders, it will reduce friction and make shopping safer, for merchants, they will benefit from a liability shift to the issuer, and for issuers, they will get tremendous customer insight.
But is this costly for the issuer to implement? “No, not really,” said Subramanian. “Even if you have a few merchants using your card, the liability is still on the issuer. If the issuer does not implement the 3D Secure solution, they end up losing."
The true value of 3D Secure to issuers is that it creates frictionless customer checkout and increased revenue, isolates true fraud from non-fraud, and decreases operational costs.
"There is much higher revenue loss when you’re allowing transactions to be abandoned by intervening in a large percentage of the transactions,” said Subramanian. The data therefore needs to be used more effectively and intelligently.
Subramanian is a big believer in models, and talked extensively about CA Technologies patent-pending neural network authentication models that provide the “ideal combination of predictive power, stability and flexibility for e-commerce fraud detection."
The models utilize data described earlier and extract features with state of the art analytic techniques, uncovering behavioral insights on multiple pivots. At the same time, the models reduce fraud and customer friction and provide unparalleled flexibility to the fraud manager.
But the models have to be extraordinarily sophisticated, noted Webster, because we’re in a very mobile society. Consumers are getting new connected devices and transacting all over the place, even on airplanes. So how are issuers being served this insight, and able to make decisions that go with the flow?
WHY NEURAL NETWORKS?
That’s why Subramanian says that neural networks offer the ideal combination of performance, flexibility and feasibility, for very large mixed-type behavioral systems. She said that “there are no distributional assumptions on input data, and you can also get “state-of-the-art performance on even the most non-linear data.” Finally, there is a linear training time and constant scoring time regardless of the size or complexity of the input data “What we are really doing is associating bad behavior with characteristics and how the correlate amongst each other, for each particular cardholder and so on,” said Subramanian.
CA Technologies’ neural network authentication models are powered by advanced machine learning techniques, understand legitimate and fraudulent behavior in context of the individual cardholder, and are updated in real time. In addition, said Subramanian, they provide greater accuracy and stability and produce a meaningful granular score
"I really think the special sauce that CA Technologies has is the specific data we have and how we configure it in a specific combination that we use in the neural networks,” said Subramanian.
Providing Issuers With a Better View
Subramanian said that CA Technologies is able to keep track of the location, device DNA, behavior, and history of a specific device being used to transact.
THE IMPACT OF A MODEL ON FRAUD
Subramanian walked the audience through the impact of a model that has been implemented. “What’s represented in green is the model performance that we’ve seen. If the fraud losses are about 100,000 euros, and really all that you want to do is authenticate a small percentage of transactions, well-over 80 percent of your fraud can be contained within that,” said Subramanian.
"You’ve improved customer experience and fraud detection, while increasing the interchange and interest rate for the issuer and not abandoning transactions and eating into the merchants’ profits."
Models can therefore provide the best of both worlds – maximize detection and minimize customer impact (cost). And because they are constantly updating and processing data, the actual building of the model itself takes only a few months to do, said Subramanian.
Her point, in other words, is that the essence of what the neural network provides the issuer with the ability to do is minimize the friction and maximize the revenue opportunity.
"In order to truly learn from cyber attacks, we cannot expect people to report a fraud attack, and then proceed to understand it. That seems to be the approach that a number of folks in the space take – we question how affective that is,” said Subramanian. “We want to understand fraud as it is happening."
In the future, she added, these authentication models “will become a requirement in this increasingly online world.”