The shift to online activity during the coronavirus pandemic could be seen as a positive, but it has brought with it a wealth of opportunities for fraudsters and cyber criminals.
Daniel Sevskis, Counter Fraud Team Lead at ECOMMPAY, discussed the changes in fraud patterns over the last few months, highlighting that the most effective way to tackle fraud is to install a prevention system with machine learning to identify suspicious activities.
Payment Expert: How has COVID and the current crisis affected fraud levels? And how have fraud patterns changed during the pandemic?
DS: This is a good question. Over the past three months, we have seen a huge increase in fraud activity. For example, we have stepped in to help a remote working site whose workers had card credentials stolen. Problems tend to arise as a result of fraud not being prevented by internal systems, meaning that there can sometimes be issues due to leaked information.
These increases do make sense, however, as people were forced to change buying habits, businesses were forced online to make purchases. The shift to online has created new opportunities for cybercriminals.
PE: So how do payment companies deal with this and how can they adapt?
DS: First of all, companies need to educate new merchants that are not familiar with how eCommerce works, which should be done during the onboarding process. There could be a case where the merchant doesn’t have a fraud management team or department.
Especially now that we’re entering the post-COVID period, there are thousands of new merchants who need support in tackling fraud. As a payment provider, it’s difficult to take a tailored approach to each and everyone.
There are of course some larger payment providers like ECOMMPAY that specialise in tailored risk control for their clients, but most don’t have this ability, so you need to create a set of guidelines to combat fraud that merchants can easily follow.
You should also communicate with your existing merchant base, tell them about known fraud activity and help them identify and avoid high-risk fraud. Of course, at the moment everyone is concentrating on survival and thinking about the future when it arrives.
PE: Are there other methods that merchants can use to help avoid fraudulent activity?
DS: Well yes, a fraud prevention system of course. If you have a very basic fraud prevention system, then you will be vulnerable. Merchants must ensure that they install a good fraud prevention system with machine learning that can detect and help prevent fraud.
However, we should also note that machine learning doesn’t downgrade the importance of human expertise. You need the risk control manager to know which buttons to press and when. Put simply, despite the obvious improvements to technology, manual monitoring is still important – it helps not only to reduce fraud, but also to support conversion level.
PE: What about gaming, have you seen any changing patterns in fraud here?
DS: If you were to ask me this question five months ago, I would have said yes. Especially as the gambling activity is up around 20%. However, there hasn’t really been any increase in fraudulent activity here. That’s because the online gambling industry is well prepared for fraud, in that they have all the security measures in place to manage it.
Companies such as Mastercard and Visa also have strict policies in place for high-risk industries like online casinos and gambling to help reduce the amount of fraudulent activity that can take place on these platforms.
PE: How might future regulations impact anti-fraud patterns?
DS: We know that many businesses were forced online and there has been an increase in eCommerce. It’s logical that because of this, online fraud will also increase, or at least stabilise on some level. However, a lot will depend on how regulations and international payment systems will react.
We recently spoke with Mastercard about this and they understand the problem. I am happy to say that they are trying to find the best solution for merchants and payment service providers like ECOMMPAY to manage the changing landscape. On the other hand, banks are less willing to move and be flexible, this more conventional approach is a bit more problematic.
PE: Is there an achievable balance to strike for iGaming as the regulatory demands stack up?
DS: Yes, it is achievable. It’s very difficult to enforce fraud prevention measures, especially those that involve customer participation, for example photo verification. This requires work from the customer’s side and many are not ready for this and may opt to use another platform which doesn’t require such measures. But once these measures are enforced, users will have no choice but to follow the regulations.
As regulations become more strict, customers will have no problems with tougher verification processes. This will only help to prevent fraud. Of course, it’s more work for the customer, but as we all become accustomed to this, it will become the new normal.
PE: What are your biggest predictions for the fraud landscape in Europe and globally?
DS: I believe that there are two possible outcomes that can happen over the next five years or so. The first is that fraudulent activities will grow, largely in part due to the new regulations around PSD2 and the knock-on effect in changes to the 3D secure protocol.
These regulations will require changes to security software engineered by developers that may no longer work at a given company. As a result, attempts to update the software could cause more problems, leaving companies open to more fraud and cybercrime.
As well as this, there are also problems with payments that feature ‘invisible authentication’. Of course, people are still learning how to use this system, and payment issuers are trying to understand what type of transactions they can conduct.
This can result in one of two things, the first is a tightening of the security and a drop in payment conversion (not ideal). The second is they relax filters and open themselves up to more fraud.
The second outcome relies on Europe. I believe that once fraud is reduced in Europe, we will see spikes and increases elsewhere in the world. We already know that there are security issues in the developing world, even countries such as America are not immune to this.
Fraudsters and cybercriminals will always find a way – a chink in the armour to exploit. For those in this industry, we have to keep working and making their lives as hard as possible.
PE: How is ECOMMPAY using technology to reduce the risk of fraud?
DS: In this industry reputation means a lot, and we are working very hard to maintain this. One such method that we use at ECOMMPAY is an advanced risk-management technology that uses a scoring system. This system uses AI learning to establish consumer ‘fingerprints’; it does this by sending transactions through automated anti-fraud filters. These filters each have their own set of rules that have been set up specifically for the merchant.
When a filter is activated, it will calculate a predetermined value. The security system then determines if the values look suspicious, ultimately rejecting it or marking it for manual review. This allows us to tailor the fraud-risk control for each business, which in theory reduces the impact and likelihood of fraudulent activities for our clients.
If we take a look at the future of online payments and their susceptibility to fraud, we can see that as mobile use increases, the challenge of keeping payments secure also increases. Even for those who are planning ahead and identifying potential problems to come.
There is a way to reduce your risk as much as possible, and that is to partner with a service provider that is actively looking at future solutions. A partner that implements a comprehensive risk-management strategy and that is willing to be flexible to your needs.
PE: What are the struggles for merchants in moving away from a cash business and investing in fraud and other protection?
DS: For many merchants, fraud is a scary word. It is something that doesn’t happen to them – until it does. The biggest challenge is knowing how to provide excellent customer service to merchants to help them best manage their anti-fraud strategy. This is something we at ECOMMPAY are proud to say we do.
Merchants need to find a balance between safety and a seamless customer journey. If an anti-fraud system is causing your customers to leave, or impacting your conversions, it’s probably too complex. On the other hand, if your risk-management is too low, it could end up costing you your business.
The solution really is to find a reputable and reliable partner that can talk you through the processes, find the best level of security for your business and keep you safe in the future.