“The more I read about the challenges associated with fighting fraud online, the more it seems like it’s a juggling act between keeping the customer experience frictionless, having the right toolset to detect fraud and the ability to use those tools to take action in real-time so losses can be mitigated,” said MPD CEO Karen Webster during her introduction to the digital discussion on April 9.
And certainly, added Revathi Subramanian, SVP of Data Science at CA Technologies, there are more techniques that fraud managers can take advantage of when it comes to this juggling act.
So how do we win more fraud fights than we lose?
Webster noted that it could be expected that the fraudsters will try their luck and have the average dollar value per order increase, but asked, why is the fraud rate increasing?
“That suggests they are smarter than the tools we have been using to protect and prevent fraud,” she said.
“They are getting smarter because a lot of this is industrialized and institutionalized. There are smarter ways in which a network of fraudsters can commit fraud without having to spend a lot of time on it,” said Subramanian. “If you find a loophole, it’s possible to do a lot of damage in a few minutes within the eCommerce world.”
And when there’s a device attached to multiple cards, she said, that increases the odds for higher fraud damage – multiple screens could be open on the same device to conduct multiple transactions with multiple cards. So as we become smarter in monitoring fraud, the fraudsters become more sophisticated as well. “It is important for us to use all of the data and cooperate in real-time to fight these fraudsters.”
TODAY’S ECOMMERCE LANDSCAPE
It’s no secret that eCommerce is growing at a rapid pace – in 2017, revenue is projected to reach $2.35 trillion. Mobile is driving a lot of that demand, as there are already over 1.4 billion smartphones being used globally. At the same time, card-not-present (CNP) fraud is growing even faster, says Subramanian, with fraud costs for online retailers at $3.5 billion (or about 0.9 percent of online revenue).
ECommerce fraudsters are operating from their own backyards. Issuers around the world therefore need to act as one unit to combat these globalized fraud trends. And there’s a lot of eCommerce activity that’s happening outside of the home country of the cardholder, and in order to be able to nab this, you need to understand device configuration and location – that’s a huge piece of the puzzle. That information, Subramanian added, is only available through the 3D Secure process, not through the authorization data stream.
USING 3D SECURE & MODELS
3D Secure, said Subramanian, makes online shopping safer, shifts liability from the merchant to the issuer and allows issuers to get tremendous customer insight. It has become much more sophisticated than in previous years – neural network based models are “the ideal combination of predictive power, stability and flexibility for eCommerce fraud detection.” They use state-of-the-art analytic techniques, uncover behavioral insights on multiple pivots (device, customer behavior, and more), reduce fraud and customer friction at the same time, and provide “unparalleled flexibility” to the fraud manager.
But can this be useful beyond 3D Secure eCommerce fraud? According to Subramanian, there is a way to have this device information shed across multiple issuers in real-time.
Webster then asked, “What are you doing to get issuers on board with this? Is there resistance?”
“Risk-based decisioning within 3D Secure is being received extremely well across the globe, including in the U.S.,” responded Subramanian. “There are some regions where banks don’t mind intervening [transactions] to ask a question to authenticate. With the U.S., there’s always more hesitation with intervening transactions. In those cases, having these high-end models that can pinpoint fraud more carefully is very useful.”
AN INTERESTING EUROPEAN CASE STUDY
To give a small window into the opportunity that exists if multiple issuers cooperate, a study on trends in Europe and Asia Pacific examined nine issuers with transactions from late 2013 – that included 50.3 million transactions, 10.5 million cards, and 17.1 devices in total. The average transactional fraud rate was 13BP. Both devices and models, said Subramanian, proved to provide a lot of value. Thirteen percent of all transactions are on devices with transactions from other cards, and 49 percent of all fraud transactions are devices with fraud transactions from other cards.
“That gives you a very significant differentiator in terms of identifying fraud,” said Subramanian.
Webster then asked Subramanian to define “devices,” and if those results aligned with CA Technologies’ hypothesis going in.
“What we mean by devices are laptops, desktops, mobile phones, or terminal – any device in which you are connecting to the Internet and conducting a transaction. We have the ability to assign an ID to the device and track it across multiple issuers,” said Subramanian. She added that CA Technologies’ hypothesis was that the percentage would be higher than what they find normal transactions to be – but they didn’t expect the percentage to be as high as 50 percent.
So how is fraud distributed across these devices?
About 51 percent of fraud falls on devices with a single card (which can be tackled reasonably well with the model approach), and 49 percent with multiple cards.
With the multiple cards on the same device, the problem gets trickier, noted Subramanian.
“If I am a fraudster and I have a hundred cards at my fingertips, why would I do multiple transactions on the same card?” she explained. And therefore, when there are one or few transactions on a given card, it looks less suspicious to a fraud manager and more apt to get by without getting caught. So with a broader perspective across multiple issuers, the ability to see that these transactions are happening on the same device is key.
The median time between consecutive fraud transactions on the same device is 210 seconds, says Subramanian – so that gives fraud managers less than four minutes to react.
THE BENEFIT OF DEVICE-DRIVEN DECISIONING
Very preliminary estimates show the below benefits, the incremental advantage, of having device-driven decisioning capabilities. There is the possibility of a 10 percent absolute commercial value.
“What that means is, let’s say that on a particular portfolio, we could detect 50 percent of fraud at X percent of the population. If we use our model in this case, we could detect 60 percent or more of fraudulent transactions,” explained Subramanian. “An impact on 10 percent more of fraud is a pretty significant number.”
Fraud, again, is more likely to occur when transactions from multiple issuers take place on the same device. And with global collaboration, there’s a huge opportunity.
Subramanian later brought up another example of a device-driven benefit – a fraudster used 54 cards from five different banks to buy a watch using each of the cards from an online merchant Sunwatch in Spain, all on the same device. Looking across, device data would start from the third transaction on the device because of its capability of seeing the behavior on the device as well, which means it would have stopped 52 of the 54 fraudulent transactions.
“That’s the kind of benefit that is possible using a real-time network approach,” said Subramanian.
Webster then asked, “What is better about what you’re advocating than some of the alternative methods and technologies in the market, or do they all work together?”
Subramanian said that what is unique about what CA Technologies does is that they monitor hundreds of millions of transactions each year, and have information about which devices turned out to be problematic and which did not, and what sort of combination in terms of characteristics of the device constitutes trouble.
WHERE DOES THE INDUSTRY GO FROM HERE?
The data available for eCommerce transactions is a lot more interesting than what was traditionally available in the authorization stream, said Subramanian. All of a sudden, it is now possible to share data across issuers without sharing truly sensitive information.
“We are really learning and collecting which characteristics over time spell trouble – and how to utilize that data in a model so that issuers and fraud managers can really perform that juggling act really well.”
Together, she explained, players in the industry can use the global experience, 3D Secure heritage and award-winning model performance – and issuers can be truly prepared for the onslaught of eCommerce growth and potential fraud.
To listen to the full digital discussion between Karen Webster and Revathi Subramanian, take a look at full digital discussion video below.