Fraud schemes are constantly changing, as criminals exploit new channels and methods of perpetrating their crimes. It is the ultimate game of whack-a-mole; stamp it out in one place, and it pops up somewhere else.
The dynamic, real-time challenges presented by payment fraud are an ideal environment for analytic intervention. In fact, payment fraud prevention was one of the earliest commercial successes of Big Data analytics. And improvements in analytics will be key to fighting fraud in the future.
Its easy to forget how much payments have changed in the past 22 years. In 1992, there were no smartphones or mobile payments, and criminals were stealing carbon copies of credit card receipts.
The constant adaptation of anti-fraud technology has not only kept pace with changes in payment and fraud patterns, it has actually made payments safer. In the U.S., credit card fraud was equivalent to roughly 18 basis points (0.18%) of all payment card activity in 1992. Today, payment fraud in the U.S. is closer to 5 basis points of all credit card payments.
Each time a payment card is swiped or the account number is entered, anti-fraud applications run up to 15,000 calculations in a matter of millisecondsleveraging the accumulated intelligence gleaned from trillions of previous transactionsto determine the likelihood that the transaction is fraudulent.
Because of this powerful technology, the payments industry has been able to introduce new payment methods and channels, such as e-commerce, mobile commerce and peer-to-peer payments that have lowered friction for the customer, albeit with new fraud vulnerabilities.
Most recently, EMV (aka chip-and-PIN) adoption has had a profound effect on fraud rates in many countries, and is expected to have a similar impact here in the U.S. when it is rolled out in 2015. In the UK, POS card fraud shrank from about $1,029 million in 2008 to about $562 million in 2012 due to chip-and-PIN technology and fraud analytics. However, just as point of sale card fraud halved, card-not-present (CNP) or e-commerce fraud losses are now estimated to be 30-40% higher than they are in the US. That rise in CNP rates was coincident with the up-take of the EMV standard. This is yet another indication that criminals are agile to exploit new channels.
Not surprisingly, combating all forms of fraudpayment cards, online transactions and even first-party (customer) fraud has vaulted to the top of the corporate agenda. CIOs the world over are turning to technology and analytics looking for ways to improve and keep ahead of the criminals, with customer engagement, further improvements in Big Data, and improved intuition in the analytics all playing a role.
Customer engagement must play a major role going forward. Customers dont want to bear the negative effects of payment card fraud, identity theft or other cybercrimes. They also dont want to have legitimate transactions declined, or be bothered by superfluous requests to validate questionable ones. At the same time we know that effective fraud management interventions can boost customer satisfaction. Increasingly, customers expect to be part of the fraud equation, and they are willing to sacrifice privacy for security (to a point).
The simple act of volunteering a preferred means of communication is one aspect of this. For example, if we know Mary Jones prefers to communicate via text, then lets send her a text asking whether a suspicious transaction is legitimate. But what if we could start eliminating false positives before we even bother Mary? If we know her location, then we can determine whether it aligns with the transaction that is being attempted. In trials of this technology with U.K. card accounts, the ability to perform this proximity matching reduced the number of "false positives" (genuine transactions investigated because they appear to be fraudulent) on international transactions by as much as 70%.
In addition, the more information we can gather about a customer, the more robust a profile we can create. For example, taking into consideration all of the data in the entire bank silos as well as external data sources, does it make sense that Mary would be purchasing office furniture? Did she recently take out a small business loan?
Managing the customer relationship is a huge part of fraud management. It doesnt work for banks to just refuse transactions every time there is the slightest whiff of suspicion; customers will simply use another card. Cultivating hard-won customer relationships is crucial, and fraud management provides opportunities on a regular basis to prove the banks worth in the eyes of the customer.
Advancements in Big Data will also make the actual information "smarter." Customers expect their bank to understand them in the context of their entire financial relationship. Advanced analytic decisioning technology should enable financial companies to intimately understand behaviors at the individual customer level. So, what data do we really need and how will it really help us?
There is a great misconception that data will solve all problems. If only it were that simple. Not all data is relevant, and not all data can provide enough value to make it worth collecting.
Analytics, in increasingly sophisticated forms, will continue to help us make sense of mountains of data from a fraud perspective. Identifying patterns that would not be evident to a human observer is a major feat of Big Data.
Adding more intuition to the analytics will also improve fraud detection. Self calibration is the ability to understand and adapt models in close to real time. We dont always have the luxury of time to collect relevant data when we need it, and we cant always call on a trove of historical data if it hasnt been collected. Instead we must create models that learn and adapt, not only to the ever changing patterns of commerce, but to transactional behavior in real time.
For example, in the case of e-commerce fraud, there needs to be the same level of protection whether the product category is brand new (no data available) or has been around for ten years (lots of data available). Some technology that provides these insights include self-learning models improve sensitivity to recent fraud patterns; collaborative profilesor advanced analytics that examine patterns of transactional behavior across millions of customers to continually update behavior archetypes for individual customers; or behavior sorted lists, which analyze the intersection of customers favorite patterns, which can provide a more granular view to distinguish normal activity from suspicious transactions, reducing false positives.
As recent history has shown, analytics rises to the challenge of financial criminals again and again to enable the advancement of payment technology. While we cannot always know where the fraud mole will pop up next, we must continue to adapt our management approach with predictive analytics.
The growth of text- and email-based payments, the rise of shopping on mobile devices, and future trends that we cant yet envision will undoubtedly give rise new types of payment fraud. Regardless of which new normal behaviors emerge, the Big Data analytic underpinnings of anti-fraud software have proven that good can overcome evil, especially when the good guys have analytics working on their side.
TJ Horan is vice president of product management for FICO.