The security of the 468 billion payment card transactions made annually rests on the competency of fraud detection software. Leading card payment processing companies rely on different approaches to minimize significant losses from fraud. On top of the $29 billion lost to fraud in 2019, regulators fined companies billions for non-compliance with AML and other directives.
As a result, many businesses invest in complex, costly fraud management systems that run on hand-coded rules, making them difficult to customize and update to changes in fraud patterns. Consequently, valid transactions are dismissed as fraudulent, expensive fraud reviews grow in number, and opportunities to reduce fraud are lost to inaccuracy. Once a company reaches a fraud rate greater than one percent, card networks can go as far as canceling the permission to accept and process credit card payments, a detrimental result for any business.
Card fraud worldwide
Source: Nilson report
The importance of preventing the unauthorized use of a credit or debit card to obtain money or property fraudulently is hard to overstate. With identity theft and transaction laundering being the most common forms of fraudulent schemes involving payment cards, businesses need to ensure that they and their customers are as safe as possible to prevent costly and lengthy investigations and losses.
What is credit card fraud detection?
Credit card fraud detection identifies suspicious transactions, events, and behaviors for further investigation. Each and every operation generates hundreds of data points that are evaluated for signs of fraud derived from past data. Modern machine learning powered fraud detection systems consider the tiniest changes in a customer’s behavior patterns in milliseconds with a high degree of precision. So how do credit card companies detect fraud?
Unlike the outdated rule-based systems that rely on stationary rule sets, machine learning approaches are much more dynamic and proactive. For years, payment providers have been building their risk management strategies based on how credit card fraud works with an invaluable machine learning component.
Perceptions about the protection of online transactions
Source: The real cost of online fraud
Such evolving systems reduce the number of false declines of legitimate transactions, identify new patterns non-stop, and adapt to changes in a constantly changing environment and financial conditions payment service providers and merchants operate in. Some large service providers processing millions of transactions every day share their fraud detection experiences with the industry, and some even provide open access to their solutions to the general public.
Let’s explore how the biggest names in business tackle the challenge of credit card fraud detection and what businesses can learn from them.
Paypal fraud detection
Research commissioned by PayPal outlines that companies are losing an average of $4.5 million per year due to online fraudulent transactions. PayPal’s fraud detection system needs to sustain constant attacks to prevent sizable losses for a company with hundreds of millions of customers worldwide. By taking a deep learning approach that leverages a massive amount of fraud data accumulated over the years, PayPal has kept its fraud loss rate to just under 0.3%.
Starting with logistic regression machine learning over a decade ago, PayPal has implemented more advanced techniques in recent years. Gradient Boosted Trees and neural networks enable PayPal’s fraud detection system to evaluate risky transactions with a high degree of accuracy in real-time.
For PayPal, the largest jump in online spending to 21.3% of total retail sales in the U.S. in 2020 came with a significant increase in online scams and sophisticated fraud attempts by malicious actors. To respond to pandemic-fueled changes, PayPal rolled out the Fraud Protection Advanced service to help merchants identify, investigate, resolve, and mitigate fraud in the increasingly complex digital landscape. The new solution leverages custom filters, risk scores, block and allow lists, and custom options that use a merchant’s historical data to detect and prevent fraud.
Fraud reports by fraud method
Source: FTC
Amazon fraud detection system
Strong fraud detection is absolutely necessary for the world’s largest online retailer to reduce consumer friction and prevent losses. Amazon invests heavily in sophisticated machine learning techniques to combat fraudulent activity and stay a step ahead of the cybercriminals. Besides the tons of data Amazon has generated over decades in business, it also uses AWS customers’ datasets to train its fraud detection systems.
Amazon leveraged its internal developments and experience in combating scams to roll out a public version of its fraud detection system as a fully managed service in 2020. Amazon Fraud Detector powered by machine learning integrates via API and combines customers’ historical data with its own to create customized models that detect suspicious behaviors indicative of identity theft or transaction laundering.
The Amazon fraud detection service works in real-time and can automatically identify potentially fraudulent transactions in milliseconds. Customers can fine-tune their machine learning models by creating decision logic to assign outcomes to predictions. Depending on the risk score, customers can predetermine the right course of action to prevent needless losses and time-consuming investigations.
eBay fraudsters
As the largest auction site in the world, eBay is an attractive platform for scammers because they can exploit the necessary trust between buyers and sellers. As eBay pushes back with stronger safeguards, fraudsters come up with new ways to cheat the system.
The most common eBay buyer scams range from receiving empty boxes and counterfeit goods to asking for payments outside of eBay or through gift cards. All of these methods aim to create a veneer of legitimate behaviors so that eBay sides with fraudsters in case of a dispute. When scammers pose as buyers, they exploit eBay’s consumer protection measures to defraud honest sellers by overpaying, changing addresses, claiming that packages arrived empty, and many more.
Unlike automatic fraud detection systems that look for fraudulent behaviors, eBay has turned the process on its head. As fraudsters keep on coming up with new scams and patterns to circumvent the system, eBay chose to look for good behavior patterns that do not change with time instead. A report published by eBay executives describes how the auction site’s new AI algorithm can identify credit card fraud transactions with high precision by identifying outliers using a clustering method to formulate a score for consistency and good behavior.
Visa fraud monitoring program
In 2020, Visa’s AI fraud monitoring program prevented $25 billion worth of losses by partnering with financial institutions and merchants to combat illegitimate transactions. The Visa Advanced Authorization system processes and evaluates more than 500 transaction parameters to estimate the risk of fraud in about a millisecond. Time, geo-location, amount, spending patterns, transaction type, circumstances, and many more attributes are analyzed to generate a risk score that is sent to a cardholder’s bank for the final decision.
Visa chargeback and fraud monitoring programs have achieved a fraud rate of less than 0.06% by building a multi-layered security infrastructure with an AI fraud detection system at its core. Visa has reduced latency for its 3.5 billion cards and 210 billion annual transactions by layering AI and ML tools in systems outside its main transaction processing network. Visa leverages recurrent neural networks and gradient boosted trees to lower customer friction and faster fraud detection with a 20-30% lift in model performance.
Mastercard fraud monitoring program
As one of Visa’s closest competitors, Mastercard fraud prevention also relies on identity verification. With the Mastercard Identity Check program and its EMV 3D-Secure 2.0 technology, the financial services company helps merchants and card issuers authenticate card-not-present transactions quickly and securely.
The Mastercard fraud prevention program leverages AI and machine learning to check 150+ transaction parameters to assess risks and filter legitimate transactions from illegitimate ones in real-time. Depending on a transaction’s risk score, card issuers can decide whether they want to authenticate an operation or not.
Besides time, amount, location, and other standard variables, Mastercard checks screen brightness, customer gestures, history, and merchant-specific parameters to calculate the probability of a transaction being fraudulent. Mastercard fraud prevention can require additional authentication with biometrics or a one-time password for suspicious transactions. Additional checks are better than blocking operations outright as they reduce customer friction without impeding the purchasing journey.
Source: Mastercard
Apple Pay fraud detection and prevention
Through a wholly-owned subsidiary called Apple Payments Inc., created to prevent the rest of Apple from interacting with customer information, the company verifies the identity of each Apple Pay user. Customers may be asked to provide their name, address, social security number, and government ID before making transactions through Apple Pay. While Apple cannot read this information, they minimize the chances of bad actors committing fraud on their platform by requiring comprehensive identity verification in the very beginning.
When verified users use Apple Pay for adding or transferring money to another person or bank account, Apple fraud prevention checks their approximate use patterns on their Apple devices. This can include how frequently a payer communicates with the payee by phone, email, or text messages.
Apple does not collect the context of communication, such information is stored for a limited time, and it cannot be linked to the payer unless a transaction requires further investigation due to suspicious activity. By leveraging platform-specific device parameters, Apple Pay fraud protection strives to add another layer of security to everyday transactions.
Source: Apple
Google Pay fraud protection
100 million users are making payments using Google Pay and the number is growing steadily, driven by the pandemic induced shift towards touch-free payment methods, digital wallets, and mobile payment apps. To protect customers and thousands of merchants, reduce chargebacks, and reduce customer friction, Google Pay fraud protection assesses customer data whenever a new card is connected to the system for risk criteria using an identity and verification (ID&V) process.
The ID&V process is complemented by the Google Pay fraud department and their use of the latest security protocols to protect consumer data from bad actors, scammers, and even fraudulent merchants. Google encrypts and stores customer payment credentials on their servers to prevent unauthorized access. Lastly, users need to unlock their devices for each transaction and authorize the operation with a password or biometric authentication.
Furthermore, Google Pay creates single-use virtual account numbers for purchases at points of sale, preventing merchants from seeing a customer’s actual payment credentials. Even if a terminal is hacked, the payment information cannot be used to make further unauthorized transactions or clone payment cards.
Let’s take a look at SDK.finance’s demo video to see how SDK.finance offers a complete overview and management of client transactions, as well as advanced AML and fraud prevention capabilities, enabling institutions to stay proactive in combating financial crime:
Conclusion
It is implausible that fraud and scams will stop anytime soon. Bad actors will continue looking for ways to exploit weaknesses in payment systems, and companies will patch their security in an ever-evolving cycle. Businesses that decide not to leverage the latest technologies will see their fraud rates grow as scammers flock towards companies with weaker security and avoid those with AI-powered fraud detection.