PE Spotlight: Combating transactional fraud as present & future risk

PaymentExpert contributor, Peter Taberner explores how online betting incumbents are combating transactional fraud, a financial crime that will test industry operators beyond their digital capacities…  

Transactional fraud is growing leaving gambling companies needing to be on guard in an era of remote gambling and increased mobile phone usage when consumers try their luck placing a bet.

Fraudsters will increasingly need to be put in their places, and gambling brands such as the Stockholm-listed Kindred Group, who operate a number of Europe’s most popular online gambling brands including Unibet, 32 Red and are looking to do exactly that.

Since the inception of the group twenty years ago, it has worked tirelessly to combat transactional fraud, as this battle is an essential part of its strategy to gain and retain the trust of its customers, alongside the responsibility for regulatory compliance.

Kindred uses several internal and external systems to monitor transactional risks.

How the systems operate depend on the type of risk they are investigating, where factors such as payment methods to the specifics of a customer profile are considered, the company will then act on a case by case basis.

Kindred also have a highly proficient fraud team, comprising of highly trained analysts who keep a continuous beady eye on all transactions, ensuring that risks are mitigated.

The majority of the group’s customers are now more aware of transactional fraud, and in turn are more comfortable in handing over the information needed for a positive customer experience, a key area for the group.

However, there are still customers who are uncomfortable in sharing a certain type of details with us, such as a credit card identification system or number.

Angie White – iovation

Angie White, the Product Marketing Manager of internet solutions company iovation, where gambling is one of its main focus industries, explained: “There are a number of ways that you can combat transactional fraud. One of the most effective methods is the use of device intelligence because it doesn’t rely on personal data that can be compromised.”

“With device intelligence you can look at the history of a device and discover, for instance, if another operator has flagged that device for credit card fraud. You can also look at risk indicators such as high velocities. If you see one device was used to set up fifty new accounts in the past week, that’s not a normal consumer behaviour and should likely be flagged for investigation.”

Device intelligence checks should be targeted at the high risk points of transaction, such as deposit and cash out, which should result in operators reducing the volumes of transactional fraud.

Although fraudsters are always looking to be one step ahead of retailers, and technology always plays the biggest part in a what can be considered a race between each party.

“Fraudsters are increasingly embracing sophisticated new tactics such as bot attacks, creating ways for fraudsters to collaborate with each other and advanced evasion tactics. It’s important, however, to balance fraud prevention with customer experience. You don’t want to treat your best players like criminals.”  White opined.

Gambling operators are now using machine learning and analytics, which provides predictive insights into whether a transaction can be trusted or will become fraudulent, for low risk transactions this is a time efficient method.

Since the turn of this century in particular, there have been a raft of measures to stop transactional fraud in its tracks and shield consumers.

In the UK, back in 2002 a specialist card and payment crime unit was set up, followed four years later by the switch to Chip and Pin card authorisation, replacing signatures.

Moves are now being made to strengthen the regulations for online payments, with a prime example being the strong customer authentication  requirements mandated under the EU’s second Payment Services Directive (PSD2), which took effect across all EU member state countries in January last year.

The PSD2 requires banks to open up their payment infrastructure and customer data assets to third parties, resulting in third party involvement in developing payment information services to retail customers.

In September this year, remote card based transactions over €30 will be require two or more specific factors of authentication, including knowledge like something only the user knows such as a password, and possession, for example a key material the user owns.

How the UK deals with PSD2 after Brexit has finally been resolved is unclear, it is still applicable to UK banks, but it could be replaced by the UK Open Banking initiative

Fredrik Eggen, player safety operations manager at Kindred Group, said: “The interests of regulators, banks, financial institutions and gaming operators should be pretty aligned on this point; we want to make it difficult for fraudsters, but easy and safe for regular customers to deposit, play, and withdraw.”

“The good thing about regulations is that it puts everyone on the same playing field, but it also has a significant risk and challenge, which is that it can create a lack of flexibility in decision-making if the regulations are too stringent or specific.”

Looking to the future, gambling operators will have keep finding trail blazing ways to defeat transactional fraudsters, as it is growing on a world wide scale.

In the UK alone fraud losses on cards issued in the UK increased by a significant 19% last year, and totalled £671.4 million according to trade association UK Finance.

It was also found that remote purchase fraud rose by 24% in 2018 reaching £506.4 million, and online fraud against UK retailers grew by 29% last year compared to 2017.

Intelligence suggested that the fraudsters were able to access card information through criminal activity, and usually, card details have been obtained through data compromises such as phishing emails.

Fredrik Eggen – Kindred

Fredrik Eggen Player Safety Manager at Kindred Group Plc outlined the prospects of how gambling companies will deal with this issue moving forward and looks to the new 3D secure 2 protocol.

This has been aimed at the modern payments environment, including a mobile check out experience, and also allows consumers to review sections of transactional, customer and device data.

He reflected: “3DS2, a more customer-friendly version of 3DS, will be rolled out later this year, so that should certainly help mitigate fraud across online industries. Looking further, closer collaboration and information sharing between operators and banks would be a big step forward for both parties, as incomplete information is probably the biggest source of inaccurate risk detection.”

The gambling industry will be hoping that 3DS2 combined with technology advancements like biometrics and device authentication, will be a strong enough arsenal to defend its retail outlets, and more importantly enhance consumer confidence.