To Reduce False Positives, Adyen Rethinks How Software Learns
Adyen wants fraud-detection software to learn from its mistakes, but it also wants a system that can teach the user about why it is reaching certain conclusions.
The Amsterdam-based payment processor and risk management provider considers its new RevenueProtect a "white box" learning software that can change risk rules or settings to thwart changes in fraud approaches, while also painting a complete picture of a legitimate consumer.
"Some machine-learning companies in this space take a black-box approach and throw a lot of data at it and it gives you a [risk] number back," said Brian Dammeir, senior product manager specializing in risk for Adyen. "We much prefer a system that crunches the numbers and breaks it down by specific risk signals and risk settings."
False positives are the "other side" of the transaction approval story that should be given serious consideration given the consequences to a merchant’s bottom line and its relationship with consumers, said Al Pascual, senior analyst for Javelin Strategy & Research.
There were $117 billion in false positive declines last year in the U.S., as opposed to $9 billion in fraud on existing card accounts, Pascual said. "While the calculus here, given liability considerations, doesn’t make this an apples-to-apples comparison, merchants will face an increasingly challenging fraud environment over the next few years, meaning that we can expect both of these stats to trend upward," he added.
Merchants using RevenueProtect can monitor a risk dashboard that provides a breakdown on which rules or systems were triggered for any given transaction.
But merchants don't have to make many proactive rule changes because of Adyen's approach to determining "Shopper DNA," Dammeir said.
Even if a fraudster were to make 100 transactions using different computers, e-mail addresses, identities and cards each time, Adyen would be able to link the next transaction to all of the others, Dammeir added.
Adyen establishes Shopper DNA by aggregating global data, fraud network information and pinpointing the person behind the transaction. RevenueProtect leverages advanced linking algorithms, digital fingerprinting, proxy piercing and historical global data to determine identity of shoppers even when they change networks, devices or login accounts.
Such scrutiny helps merchants avoid rejecting a transaction from a loyal customer.
"Imagine a 45-year-old woman who has been a loyal customer in your store for many years, but she decides to try e-commerce for the first time," Dammeir said. "You want to treat that customer well, but first-time e-commerce attempts get a lot of scrutiny and rejections and many systems would not be aware of her in-store transaction record."
Adyen links the algorithms of transaction behavior across all channels, so a loyal customer would never be mistaken for one shopping at the store for the first time, Dammeir said.
Adyen is operating on solid principles because companies are deluged with security alerts and they often are not prioritized properly, said Avivah Litan, a vice president and distinguished analyst at Gartner Inc., a market research company.
"If you are getting even a 20-to-1 false positive rate, or 100-to-1, you can't discern which alerts to look at," Litan said. "You don't have time to look at all of them, and it is very wasteful from a productivity standpoint and it really doesn't work that well."
Consumers have more options than ever for making payments, and merchants have a complex task of making sure the proper rules are in place for each retail channel and transaction type.
"We've been able to simplify that chain by not only being a holistic payments provider, but also providing all of the risk-related technology they would need," Dammeir said.
False positives often come about as the consumer transaction navigates the various layers of security. "We often see merchants come on board with us who are using a manual approach to risk and they feel the more rules they have, the more protected they are," Dammeir said. "That's a misnomer. That sometimes means the more false-positives they will have."
When a merchant uses 3-D Secure, the online security measure offered through the major card brands, Adyen could establish specific rules for use of that technology.
"3-D Secure technology has improved significantly, but not all customers understand what it is when they are redirected by Verified by Visa, so you lose some transactions," Dammeir said.
Adyen found itself in a good position to expand its technology this year after securing a $250 million round of funding in late 2014, much of through its major investor General Atlantic.
RevenueProtect is built into the Adyen contract, which varies in price depending on the size of the merchant and its specific needs. Adyen has contracts with more than 3,500 companies, including Facebook, Spotify and Airbnb. Spotify processes payments with Adyen in 56 countries.