Harness the power of your data to reduce fraud
and increase payment acceptance
Tailor-made fraud protection
Detect and stop fraud faster with clear
Adaptive solutions for emerging threats
Defend against ATO, promo abuse and seller
Optimize conversion with agnostic
Manage PSD2 and take control of
Online payment fraud
Understand chargebacks, fees &
Machine learning for fraud detection
Models, risk scores & thresholds
Link analysis & graph networks
Draw deeper insights from data
Account takeover fraud
Prevention strategies & reputational
Promotion & refund abuse
Uncover & stop hidden costs
PSD2 & SCA
3D Secure, TRA & exemptions
Global payment regulation map 2022
Track PSD2 & more with a full report
Deep dives on fraud & payments topics
The latest fraud & payments updates
API & developer docs
APIs, glossary, guides, libraries and SDKs
Discover the story about Ravelin
Join our dynamic team
Read more about our happy customers
Join our partner programme
Harness the power of your data to reduce fraud and increase payment
Detect and stop fraud faster with clear insights
Defend against ATO, promo abuse and seller fraud
Optimize conversion with agnostic authentication
Manage PSD2 and take control of authentication
Understand chargebacks, fees & detection
Prevention strategies & reputational risk
Uncover & stop hidden abuse
Read more about our happy custmomers
Blog / Account Takeover
Account takeover & voucher abuse continue to grow in e-commerce due to the inability of the industry to effectively associate an account with a real identity. Here we explain how can ML be used to solve this issue.
Authentication has become an area of ever-increasing importance in the battle against fraud for merchants and fraud vendors. Online commerce’s long battle for new customers has often been facilitated at the expense of properly validating the identities of those that have signed up. The ‘frictionless’ buying experience has come the cost of security.
Experience has shown that decoupling accounts from real identities opens up a rich playground for fraudsters. The increasing frequency of account takeover, voucher abuse and payment fraud in e-commerce can be directly linked to the inability of the industry to effectively associate an account with a real identity or effectively spot when that identity has been compromised. So what can be done?
Authentication is the process of authenticating someone's claim to an identity. Recent PSD2 legislation has neatly laid out strong customer authentication as someone having at least two of the following claims to that identity - read more about this here:
• Something you have (e.g. device, USB security key)
• Something you know (e.g. password, mother’s maiden name)
• Something you are (e.g voice, biometrics, iris scan, fingerprint)
Largely as a result of innovation in the financial sector there are a host of clever emerging technologies that consumers are becoming exposed to through our mobile phones, online banking accounts and other areas of identity innovation. None are perfect. All can be breached by a determined enough fraudster. However, they probably cannot be breached at scale, or at least not yet. However, each of them require a level of user engagement that is not realistic for most businesses and certainly not as a first step.
For instance, to access the features on my mobile device I am willing to provide a fingerprint. As a second factor of authentication to access my Macbook, I carry around a USB security key. To access my online banking I use a one time password generator. However each of these are things I need to do my job or to function in my life.
Would I be willing to carry around a key to order a pair of sneakers from a site I use twice a year? What if I want to place a bet on horse race starting in two minutes and I am asked to to recover an SMS message sent to my phone to validate who I am? Not likely to use that site again as I watch a horse I wanted to bet on ease home without my money on it.
The issue in the industry right now is that authentication is either too lax or too stringent. Where it is too lax, it’s because the merchant wants to absolutely minimise the friction from sign-up to purchase. And even after registration the ability to re-login is as easy as possible.
Where it is too stringent, companies have either been forced to or have decided to add in multiple registration steps and hoops resulting in a horrible customer experience and/or a failed business.
Where the industry needs to get to is developing smarter authentication, where we challenge appropriate users at the appropriate time with the appropriate challenge.
Machine learning has a significant role to play here in suggesting who the appropriate users to challenge are, at which point in the user journey and with the appropriate challenge. The era of “one challenge fits all” is over.
Most merchants have the data within their systems to see patterns amongst their users to tell them which are risky and the degree to which they are risky. This is fertile ground for building algorithms that can suggest when a user requires additional security.
At Ravelin, we have an increasing number of clients who use it to invoke a 3D Secure challenge for certain markets under certain conditions. In the past, these orders may have been rejected due to the fraud probability. Now however, there is the opportunity for a legitimate customer to continue with the purchase.
The vast majority of users never see this challenge, which is critical for ensuring that for most people the frictionless buying experience is intact. There is no value in challenging good customers due to poor data use.
3D Secure is only one kind of challenge, of course. And fraud risk is only one potential reason to invoke a challenge. Suspected account takeovers are a growing issue so a challenge based around confirmation of ownership of a device is a strong method to deter this issue.
We are only starting to uncover the possibilities here in terms of anomaly detection that will indicate an at-risk account. The good news is that the increasing availability and consumer-familiarity with these authentication challenges means we can make really secure experiences increasingly frictionless too.
So the technical pieces are in place to build a smarter authentication process into our online commerce practices. We understand the problem set and are confident that we can build models that will identify those customers who require challenges. What we need is increased adoption and experimentation of the options available to make ecommerce both safer and smoother for all genuine users.
And it’s increasingly apparent that we have to. The inability to authenticate online identities risks undermining the credibility of online commerce itself - a vista too dark to contemplate.
To learn more about PSD2 and SCA visit our insights page.
Gerry Carr CMO
4 min read
More from Gerry Carr
Share this article:
Blog / News
From 2020 to 2022, how has your online business changed? Let’s talk about how the pandemic continues to shape ecommerce two years on.
Grace Proctor, Content Writer
Appetite for ordering food on marketplace apps is still strong, as customers look for convenience and choice. But how are foodie fraud trends evolving?
Lola Omo-Ikerodah, Content Writer
Online marketplaces are exploding, but fast expansion always opens the door to fraud. Learn how to prevent fraud as your business grows with the industry pulse infographic…
Subscribe to our newsletter to get the latest fraud & payments updates sent direct to your inbox.