Here’s a test: What’s fraud? Also, what’s a simple and legitimate matter of credit risk?
Those aren’t trick questions, but rather a reflection of the realities when it comes to digital criminals and their global networks. (Hint: The criminals know the difference.) Those questions also speak to the seemingly impossible tension in the world of payments and new card accounts: how to onboard and authenticate consumers as quickly and seamlessly as possible, while also protecting them and the institution from fraud.
At the heart of the issue is a “gap” that (for now at least) favors criminals, not issuers, but more about that in just a bit. In a new PYMNTS interview, Karen Webster discussed that fraud situation — and how it might change with better digital technology — with Fang Yu, CTO and co-founder of DataVisor.
Fraud Getting Worse
In many cases, Yu told Webster, the fraud situation is “much worse than before,” especially when it comes to ID theft and account takeovers. Fraudsters are smart and experienced enough to, say, defeat those security-question defenses, and there is no doubt that countless user name and password combinations, along with other stolen data, are widely available on the digital black market.
That’s to say nothing of insiders who help with fraud, or fraud that involves legitimate holders of credit cards simply deciding to ignore their debts.
However, that’s hardly the whole situation. Criminals have learned how to exploit situations in which fraud might — initially, but for a meaningful period of time — look like an issue of credit risk, which can make so much of fraud prevention reactive, not proactive. While the attention of fraud prevention technology and professionals might be sparked by a suspect transaction, for instance, by the time the monetary damage is likely to have been done, criminals have retreated back into their protective shadows, essentially immune to arrest and prosecution.
Timing, too, works against issuers and financial institutions, especially when it comes to the fraud-or-credit-risk determination.
“You are not sure if a card belongs to a good user or bad user until they don’t pay it back,” Yu said. Even with the benefits of cutting-edge fraud prevention technology (machine learning, for example), there is often a “gap of time to allow fraudsters to change their” moves. (Think, perhaps, of an old-time criminal on the run in the days of analog crime detection, always changing up where they sleep, and not keeping to any predictable movements or schedule.) Indeed, to the bank, an instance of fraud could very possibly seem, at first, like just another missed payment.
In such cases, the fraud prevention effort “is already a month late,” Yu said.
Add in the pressure for instant onboarding — an increasing demand from consumers, and a path to profit for issuers — and that can provide another advantage for fraudsters. After all, “there is high competition for good credit card users,” Yu said, and no issuer wants to put too many barriers in the way of gaining such customers. That mindset can also encourage fraud prevention professionals — either themselves or via the rules they write for their fraud prevention software — to provide enough room in which fraudsters can operate, lest too much friction turn away real or potential cardholders.
So, what can work in favor of those going after fraud? Well, for one thing, there is truth in numbers (in this case, a higher ability to spot fraud patterns with more data), even amid the pressures of quick or instant onboarding and that window that fraudsters can exploit.
Fighting fraud on one specific card is not the easiest job in the world, no matter the mindset. Yet, with unsupervised machine learning (that is, artificial intelligence), there exists a much greater chance to take in data from multiple cards and cardholders, find patterns that point to possible fraud, then stop it from happening. That can work more efficiently than trying to stop fraud attempts during onboarding, when the issuer and its technology might have enough data to make the comparisons needed to determine whether the applicant is, indeed, a legitimate potential customer.
“After the card [issued establishes] baselines to prevent account takeovers, that’s actually easier” than preventing fraud during the application phase, Yu said. That’s not the only factor: Fraudsters gain more profit over the long term by exploiting data from multiple accounts, cardholders and cards, which makes them susceptible to pattern analysis. Doing so in real time is also key to fraud prevention — no one wants to be left behind by that “gap,” of course.
Grammar nerds and other pedantic people keep offering reminders that “data,” as a word, is plural, not singular. That translates well into the world of fraud prevention: The more data, the sharper the patterns, and the greater the chance of gaining back a step or two on those digital criminals. The shaper the patterns, the better odds of being able to tell fraud apart from legitimate cardholder issues.