First Data dives into the dark web to fight fraud
Part of First Data's new approach to security provides a view of the digital underbelly crooks use to trade in illicit information.
The processor and technology company on Thursday released Fraud Detect, which uses artificial intelligence, fraud scoring and cybersecurity intelligence to spot bad transactions in real time for physical and digital sales. It also gleans information from the dark web, a collection of anonymous websites that exist on an encrypted network.
The dark web requires specific software or configurations for access, unlike the much more common "clear" internet that most people use. Dark web users are mostly internet technology experts who communicate over small peer-to-peer networks. Crooks also use the dark web to create and trade fake digital identities to circumvent authentication technology.
Traveling the dark web "enhances cybersecurity's ability to protect issuers … and stay at the fore of any new fraud attack," said Ajay Guru, vice president and head of merchant fraud at First Data.
The dark web played a part in the recent hack on Amazon resellers. Hackers used the dark web to purchase stolen email addresses and passwords to change bank deposit information on Amazon seller accounts, enabling the theft of thousands of dollars. eBay and PayPal were also reportedly attacked in this manner.
As part of First Data's cybersecurity strategy, it maintains an anonymous presence on the dark web to analyze data and other activity that could predict an attack or other vulnerabilities in card payment. "The dark web data can help us know cards, identities or devices that were compromised recently," Guru said.
Beyond the dark web, First Data will rely on the data its scale provides, alongside emerging machine-learning techniques, to power Fraud Detect. The company in 2016 processed $2.2 trillion globally.
"Machine learning makes it faster to build the models, to deploy the models and refresh them," Guru said. "It does not require added data elements. Machine learning can be deployed to look at fraud trends, what's happening in an industry or an area to enrich a data set."
Fraud Detect additionally provides a reporting dashboard, consultation on fraud prevention and customization based on specific businesses.
With the new release, First Data hopes to address the expansion of card not present (CNP) payments, and the fraud that afflicts digital channels as more transaction migrate to mobile apps and the Internet of Things.
In the case of connected devices and mobile apps, the engine can view downloads and related information such as email addresses to determine the nature of the usage. That knowledge can determine a suspicious transaction faster, Guru said, adding it provides more breadth and context to traditional behavioral analysis. "It's a new algorithmic approach that is superior to a lot of the older methods."
Machine learning is well-positioned to help with omnichannel fraud, since it can rapidly iterate and help find predictive variables across large and diverse data sets, said Julie Conroy, a research director at Aite Group, who said financial institutions and merchants are seeing positive results with these techniques.
The dark web provides another robust set of data inputs into analytics, since it helps businesses identify data that is being actively traded, enabling immediate action, Conroy said.
"If you know that a particular card number of identity is being sold on a dark website, then the business can use that knowledge to place compensating controls around that account," she said.