Real-time payments breaks security 'rules'
Globally, both consumers and businesses now have the expectation of real time payments and transactions. With the exponential increase in customers performing real time payments than ever before, it’s not surprising that fraudsters continue to seek ways to exploit the digital channel where such payments are performed.
This makes it imperative to utilize the latest approaches to mitigate risk and defend against attacks. Existing legacy authentication measures that protect accounts such as login credentials and biometric authentication are important but have been proven to be circumvented by fraudsters.
Account takeover has continued to rise, with several contributing factors, including data breaches, social engineering, poor consumer hygiene on passwords and slower than desired adoption of biometrics, and the increasing sophistication of fraudsters by using bots and crimeware.
In addition, application fraud has become an increased threat, in particular with the use of synthetic identity and the instant or near real time approval of new accounts. Additionally, person to person (P2P) payments have experienced fraudulent attacks using various methods. Real time payment systems are being exploited to rapidly move criminal funds between accounts, making money laundering and mule networks harder to detect.
As fraudsters use advanced technologies to create coordinated attacks, detection must be done at scale in real time. True machine intelligence is necessary to detect new and fast changing sophisticated attacks by viewing accounts and associated events holistically, without the benefit of manual analysis.
Many legacy authentication methods will not support the new digital economy. Real time activity has created increased sophisticated attacks. And the same real time payment and real time transaction ecosystems that benefit consumers and businesses also now have increased the benefits for criminals.
Security practitioners need to ensure they have the ability to identify exceptions instantly. Any organization that conducts real time payment transactions via mobile or web browser, and is transmitting sensitive information such as the case with real time payments, can significantly benefit from a machine intelligence platform. By combining the right signals such as device intelligence, behavior analytics, session and user data to find anomalies in real time that a human could not detect, with no additional friction to the user.
By using a data-driven approach and conducting machine learning interrogation across both an individual session and the universe of authentication sessions and transactions, profiles of legitimate “personas” can be created. These can be created based on user patterns, devices, transaction history, and behaviors.
Machine learning based on context, a 360-degree customer view and 360-degree view of the objects and signals around that person, creates persona-based intelligence. Personas are used in determining what activity the true consumer would or would not perform, reducing friction, while detecting risk of account takeover. It is important to be predictive but to also make inferences using machine intelligence.
Predictive intelligence helps us know what a customer will or will not do next. But even more powerful is the importance of inference-based decisions. Where other solutions need to see an event many times to take action on it, true machine intelligence is able to make inference-based AI decisions and make a decision on the first event. This results in true account takeover prevention, versus detecting a fraud pattern after a series of successful fraud events which may be detected long after the fact.
Traditional rules-based platforms are insufficient to protect real time payments. Using historical patterns can predict some fraud but will not prevent new evolving patterns as they emerge for the first time. True machine intelligence can make inference-based decisions through analysis of activity related to a user’s account or groups of accounts, across channels, while minimizing false declines.
Other critical techniques include multi-factor authentication, malware detection, device intelligence, physical and behavioral biometrics, encryption, and tokenization. With a layered security approach and the addition of machine intelligence, risk analysis on real time payments and transactions can match the speed and sophistication of the attacks on these new highly beneficial platforms, and reduce the very costly false declines.