Using your payment gateway or PSP’s fraud tools to manage fraud
The most popular payment gateways like Worldpay, Adyen, Stripe or Braintree all have fraud tools as part of their service. For businesses with limited fraud vulnerability or for those starting out on their fraud strategy, it is a good option to explore.
- often included in the price of your PSP
- limited number of features make it easy to understand
- simple rules can impact a business suffering from rudimentary fraud attacks
- limited to no integration work means they can be deployed quickly with no development effort
- only looks at checkout data to make fraud assessment which limits the ability to make accurate assessments of risk
- limited set of options; while it’s simple, it can also be crude and susceptible to false positives
- fraud rules of large PSPs are well understood by sophisticated fraudsters which weakens their effectiveness
Using manual reviews to manage fraud
A manual review process is one where an individual reviews every order or a selection of orders for risk of fraud. It implies there is time between the order being taken and delivered in order to do so. The reviewer will usually use a selection of tools to assist the process.
- strong internal control of fraud policies and procedures
- can be assisted by multiple technical aids from fraud-scoring to device ID
- flexible and easy to implement changes in policy and alert team to new types of fraud
- expertise can be developed within the business on the specifics of the fraud threat faced
- very expensive in terms of human resource costs
- key person dependencies quickly develop with consequent risk when person leaves
- relies on having time from order placed to order delivered to conduct review
- peak seasons and out of hours are very difficult to manage
Using a rules-based system to manage fraud
Rules and rules-based fraud systems are the most widely-used method deployed to detect fraud but they are declining in popularity as ML models move mainstream. Rules-based systems express the experience of previous fraud as a series of conditions that a customer transaction must satisfy in order to be successful.
- rules express well the policies and procedures that a business has to tackle fraud
- rules do not require large volumes of data to be effective
- rules will start to impact orders from the moment they are deployed
- rules are easy to understand and explain when an order is stopped
- weightings can be applied to rules in order to express the relative importance of a rule and its contribution to a rule assessment
- rules multiply quickly and can become extremely difficult to manage
- employee-created rules quickly develop a dependence on the employee who created them
- rules do not self-learn or adapt: if a fraudster has worked them out they can be easily exploited
- rules require constant maintenance and can quickly become resource-intensive
Using machine learning and artificial intelligence techniques to manage fraud
Machine Learning (ML) is a form of artificial intelligence that enables computers to learn without being explicitly programmed. It’s especially good at recognising patterns in data and therefore equally good at spotting anomalies in those patterns; this makes machine learning a very effective way of detecting fraud. You can read a more thorough explanation of machine learning here.
- highly adaptive and self-learning, meaning minimal maintenance is required compared to other approaches
- work extremely well in high volume and peak-scale environments, indeed they improve with more data
- provide instant and constantly evolving scores based on events in a customer journey so score is always current
- predictive capabilities mean frauds can be declined pre-checkout to avoid chargebacks
- models need data to provide accurate results and can therefore be slow to start producing results
- most ML models are hard to inspect which means the reason for a decline can be difficult to decipher (black box syndrome)
- ML models do not see connections between fraudulent orders that may be obvious to a human eye
- models can be slow to adapt to new a fraud vector as it builds up evidence
These are some of the main approaches used by merchants today in the battle against fraud. Which one is right for your business will depend on a number of factors. We would recommend reading 'Choosing the right fraud strategy for your business' to help inform your decision.