Fighting Fraud: A Marathon, Not A Sprint

Payments technology evolves, and so does fraud.  In the ongoing battle for speed, accuracy and safety, TNS’ Global Payments Strategy Head George Zirkel says it is important to keep an eye on the long (very long) game.

Hackers to payments fraud is like chameleons to their environment: They just simply adapt and hope not to be noticed.

That’s how TNS Head of Global Payments Strategy George Zirkel described the cat-and-mouse game that hackers play with the payments industry today. If using counterfeit plastic cards is no longer an option, they take those card accounts online. Card numbers dry up? They’ll just steal personal information and cobble together a synthetic identity. And as quickly as they move, that’s how fast those who would fight the good fight against fraud must adapt.

But the battle is no sprint, Zirkel said, with time to rest between races. It’s a marathon.

Zirkel has a bird’s eye view of the fraudster’s playground. TNS is the “single source provider” that connects and moves payments data from one place to another (and yes, from many places to many places, as the case may be) for acquirers, PSPs, gateways, ISOs and sometimes merchants. That connectivity, Zirkel told Karen Webster in an interview, transverses millions of endpoints, “connects them into the infrastructure at TNS and then routes transactions to the processor through a single private network that the acquirer and TNS establish between themselves.”

Private networks may conjure images of, well, privacy and security. To be sure, the aim is to route transactions with speed and accuracy, with an eye on processing those transactions away from what Zirkel paints as the “great unwashed masses” of the internet.

But in age where hackers strike and strike again, keep hammering away at network defenses and where TNS sits between the merchants and the acquirer, security is paramount. Against this backdrop, said Zirkel, growth in eCommerce has put “payments infrastructure at risk.” Key enhancements to the private network have been the emergence and adoption (by TNS) of encryption and tokenization security measures — and to do that “early enough in the payments flow so that, even if someone gets ahold of that [tokenized payment], it is useless to them.” Thus, in a hypothetical scenario, he added, after a card is run and tokenization occurs, receivers of payment data use TNS software to decrypt and provide that information via private connection to the processor.

In tandem with continuing partnerships with the likes of Intel, TNS is focusing on hardware that wraps up data at the POS and devices and encrypts it. Other efforts include machine learning and artificial intelligence, along with pattern detection (which, he told Webster, can help identify fraud in card-not-present scenarios) — in short, using the power of big computing to help guide whether a transaction is valid or not.

The end goal, according to Zirkel, is one where the costs a would-be fraudster incurs in an effort to deceive (and profit) “outweigh the benefits of being successful.” That remains a challenge and, again, a marathon in a world where, as Zirkel noted, “fraudsters innovate as quickly as the payments industry innovates.”