Fraud Detection, Prevention Must Look Beyond Technology
Risk prevention executives cite a combination of strategy, cooperation, data, good customer service.
The global payments ecosystem has made great strides in recent years, with widespread innovations in online financial technologies such as digital banking services, e-commerce, and mobile payments, amongst others.
However, as payment methods have become more sophisticated, so has fraud. A study by data and advanced analytics solutions provider LexisNexis Risk Solutions reports that for every $1 of fraud, retailers and e-commerce merchants in the US alone have to spend $3.75—a 19.8% rise since 2019—to remediate the situation.
The study further revealed that 90% of respondents believe fraud has increased over the past 12 months, and 33% indicated that fraud increased significantly in Asia Pacific.
With the shift in preference from physical transactions to the convenience of online and mobile transactions, it is unlikely that consumers will revert to old habits. "Here lies the challenge for businesses to rethink their security strategies to discourage fraudsters from getting more creative and sophisticated," the report said.
Entry Points of Cyber Crime
Payment fraud is just the tip of the cyber fraud iceberg, says Vo Thanh Tai, Director Market Planning, Fraud & Identity, Asia Pacific at LexisNexis, adding bot attacks, coupon abuse, checkout abuse, identity abuse, and identity theft to the mix, among others. The company helps businesses and government entities reduce fraud risk and improve risk decisions.
Vo was the keynote speaker at the webinar last 08 December titled “Payment Fault: The Intersection of New Payment Channels in E-Commerce, BNPL, and Digital Wallet Industries." The event was jointly organised by Retail Asia (RA) magazine and LexisNexis and hosted and moderated by the magazine’s contributing editor, Simon Hyett.
Identity theft, added I-Jean Lim, Fraud Risk Operations Manager at fintech company Boost, could also include “identity owners getting paid to provide their identity in order for the fraudsters to register accounts and for digital products and services, credit included.”
“One of the prevalent threats we're seeing today is how fraudsters are coming up with applications containing malware and new tactics to trick victims to download them. That's just how the fraud starts,” said Lim, who served as a guest panelist in the roundtable discussion during the webinar.
In the early days of online payments, malware was limited to computers, desktops, and laptops. But with these devices more popular for business use and protected by stringent corporate security policies, cybercriminals have invaded the mobile space.
“Everybody owns a mobile device. That's where we're seeing the shift in focus. Fraudsters are coming up with new ways to perpetrate mobile devices, so they can trick anybody, everybody, anywhere, and remotely,” Lim explained.
These approaches are not completely “new” methodologies, said guest panelist Nguyen Lam Hoang Yen, Head of Risk Management at ZaloPay and VNG. “These are actually consistent, rapid, and creative changes by the fraudster to the new security methods.”
He added that fraudsters have become very professional, well organized, more skilled, and more sophisticated, employing multiple people with good skills in, for example, accounting and to keep up with new trends. “It requires a lot of steps and effort for them to be just a small group.”
Measures to Fight Fraud
To combat fraud, companies need to be more proactive, and agile to adapt their new attack methods, said Yen. “To do so, risk assessment is the first step to identify potential problems. Based on this, we can form a better strategy for solution preparation and mitigation action plan.”
Lim believes that cooperation with regulatory organisations are part of an effective anti-fraud strategy. “Better strategies and adopting new technologies are ongoing efforts,” she said. “But we're finding that because of things like data, privacy, data sharing policies, we need to work with regulators to enable better sharing of data across the payments platform and across financial institutions, banks included, so that we can prevent and detect fraudsters better.”
LexisNexis, for its part, adopts a three-pillar approach to a robust fraud detection and prevention system: data, model/strategy, system engineering.
Succinctly, this approach entails processing the data collected from users, and using these to obtain insights into customer behaviour, scoring and ranking the data to determine whether a customer or a transaction is bad or good. The system then notifies in real time other services to block a potential fraudster or give the best user experience.
Mobile: the New Frontier of Fraud
Vo admits that finding people with the right skills to perfectly execute all three pillars has been a challenge, LexisNexis Risk Solutions has achieved success in curbing fraud among its clients. He reports that from July 2021 to June 2022, the company prevented 880 million fraud attacks globally, 3.3 billion bot attacks, and 500 million plus mobile attacks.”
He also noted that “mobile attacks grew 94% year on year, from 216 million from previous year to 505 million this year,” an indication that mobile attacks are the next frontier in fraud.
The results notwithstanding, Vo emphasised that implementing change or new technologies will not suffice. “It’s not just the technology that is important, but also the procesess around that.”
He added “providing a good customer experience is essential.” A company can generate more revenue by identifying trusted customers on their platform, and offer them higher value services, account upgrades and enhanced loyalty programmes.
“The challenge is to look beyond device intelligence, which tends to focus around security,” he said, “and consider advancing the capability to digital intelligence, behavioral analysis and adaptive authentication.”