Writing for Payment Expert, Caleb Moore – CTO of digital security firm Darwinium – spoke at length on the value and potential that edge computing can have in the fight against fraudsters.
Moore explores how the ‘edge’ can boost the encoding of anonymous data patterns, helping to address the data security problem and how it can enrich the user’s online journey.
The security and fraud prevention sector has an ongoing challenge. Customers increasingly demand secure, adaptable and robust solutions, but they also want to prioritise low-friction access and speed. The industry is responding with innovative new platforms located within content delivery network (CDN) infrastructure at the edge.
When done right, this can help put the customer back in control, with resilient, low latency fraud prevention optimised for data privacy and security.
Business takes place at the edge
Edge computing is a market forecast to grow by a CAGR of more than 36% over the next seven years to top $139bn. There’s a reason for these impressive figures. By processing data closer to where it’s generated by users and devices, the model opens up a whole new landscape of commercial opportunity: lower latency, increased uptime, reduced costs, enhanced security and more.
CDN providers were an early adopter of edge computing. Their networks of edge-based servers make split-second decisions to block bad traffic and reduce bandwidth consumption, in order to enhance the end user experience on behalf of corporate customers.
A valuable capability that has since been built on this infrastructure is “edge workers” serverless computing functions, which allow developers to write and deploy code to networks of servers around the world, so that it’s executed closer to the end user.
There are several benefits to making fraud-related risk decisions at this localised layer. It reduces the number of requests made to the origin server, improving stability. It reduces the chance of a breach, because data doesn’t need to be transported to a centralised cloud server, and because there’s less distance to travel, latency is reduced.
It’s also an excellent way to gain full visibility into a complete user journey: from the moment they land on a website and start browsing, filling forms, making login requests, checking out and paying for items.
Fraud prevention code running at the edge can identify bots trying to login with stolen credentials, by monitoring user behaviour patterns like IP addresses, login attempts, and navigation paths. Or they can identify trusted users that are behaving normally but may be getting caught by overzealous blanket authentication checks.
Compare this to solutions that make API calls on each page where data is captured. This point-in-time approach simply doesn’t deliver the same kind of holistic visibility and context that an edge-based set-up can.
But there’s one more important benefit: data security and privacy.
The data security angle
Data breaches continue to be an omnipresent feature in global news, and the importance of keeping customer data secure and private is a business imperative.
However, when it comes to security and fraud prevention, businesses and vendors have had a tricky path to tread. Software designed to automatically detect fraud and abuse shouldn’t need to know real names, addresses, phone numbers and other personally identifiable information (PII).
All the code cares about is context, not actual values, so an anonymized version of that PII which preserves key relationships between data points should suffice.
For fraud prevention purposes, a truly anonymized version of this data can be used, removing the risk of ever exposing data in the clear. Compare this to the far less secure API-based alternative, which relies on data being sent in plaintext and then encrypted once it reaches a third-party decision engine.
Encoding anonymised data will add an extra layer of security still, by future-proofing businesses against AI-powered attacks that may in time be able to crack a one-way hash.
Better at the edge
The fraud landscape is a continually evolving game of cat and mouse. As the bad guys innovate, industry solution providers must stay alert and use all the tools at their disposal to optimise customer decision making.
Being able to view, enrich, decide and act on everything that happens across a user’s online journey is a critical capability to mitigate everything from account takeover and scams to bot detection and new account fraud. But placing this capability at the edge can be a force multiplier – enabling customers to benefit from resilience, speed and enhanced data protection.
In a world where the fraudsters often seem to have the upper hand, this is something to be celebrated.
