Looking ahead to the rest of the year it's clear that fraud is unfortunately not going away. But how will it change and evolve and how will we as fraud vendors and merchants alike adjust to deal with it? The following are some, non-exhaustive, insights that we discuss around the office and with clients.
Credential stuffing and account takeover will become the key unsolved issue in fraud
We know of merchants dealing with 20 million credential stuffing attempts daily. Few succeed, but when they do the financial and reputational cost can be enormous. 1.4 billion emails and passwords are available for anyone to access on the Dark Web so the fuel for the fire is not going away. Strong defences to stop it succeeding need to be coupled with intelligent monitoring of accounts to spot the anomalous behaviour.
Fraud vendors will need to go Ju-Jitsu to stay ahead of fraud
Ju-jitsu is the martial art predicated on using an opponent’s strength against them. Fraud vendors will increasingly pick off the tactics deployed by the fraudsters and seek to negate them. For instance, if there is a list of emails and passwords out there why not check if new-signups are attempting to use compromised credentials? Smart fraud solutions will combine lab-smart technology with street-smart tactics for the most impact.
PSD2 will drive new competition for fraud detection capabilities between PSPs
With the launch of PSD2 on Jan 2018, the next 18 months will see a scramble amongst PSPs to comply with the fraud rate requirements to avoid second-factor authentication checks. While this might sound technical, the PSPs that can offer merchants the smoothest customer purchase journeys are likely to be the long-term winners in the market.
Prosecutions will become even less likely for fraud offences
UK Police have confirmed that they no longer attend or pursue physical shoplifting incidents with a less than £200 value due to limited resources. With police resources stretched across the globe the chances of anything but the most prolific offenders being pursued online are vanishingly remote. Merchants need to look out for themselves.
Artificial intelligence continues to be “democratised”
We are moving past the early stages of AI adoption where businesses felt the need to build it themselves. Increasingly businesses are seeing the sense in “buying it in” through services like Ravelin and focusing their people and efforts on managing the output of the machine processing. With advances in dashboard development, explainability of scores and risk threshold management there is no requirement to reinvent the wheel.
Link Analysis will rise again
Link Analysis is the art of finding connections between compromised entities in order to uncover relevant connections. So if a device has been associated with a chargeback, it's interesting to see if any other users are connected to that device. It’s been around a long time but is time-consuming, one-dimensional, and usually is predicated on know what links you are looking for in the first place.
In 2018, with the improvements in processing speeds, database graphing technologies and machine learning it is possible now to do that at hyper-speed. This means multi-dimensional maps of entire databases instantly available to analysts at a click. This moves link analysis from being an occasional high-intensity investigation to being a core, rapid-response and daily check for any analyst.
Ravelin will be exhibiting and speaking at the Merchants Payment Ecosystem event in Berlin this year. Contact us to find out more.