This is an extract from the Finextra Research and Mastercard report ‘Seeking Approval - Acquirers Vs. Transaction Fraud’, based on industry interviews that explore the industry’s appetite for real-time, AI-driven, data-rich transaction fraud monitoring and the various models, technology and priorities that shape their strategies.

In order to effectively prevent fraud, acquiring banks need to strike the balance between the rate of financial crime and the increasing sophistication of fraudsters. Embedding AI within fraud solutions is of paramount importance and with a new appreciation for quality transaction data, banks will need to utilise both elements to establish a holistic fraud prevention strategy to keep pace in today’s financial services industry.

“This is a rapidly evolving space, but so are the AI solutions combating it,” said Amyn Dhala, chief product officer at Brighterion. “Today’s market-ready models, for example, address transaction-level fraud and have been trained for immediate use at-scale in any market or region in the world. Any fraud solution should create incremental value, and these models do exactly that.”

Despite advances and changes in the fight against transaction fraud, there has been an acceleration of different methods of fraud in recent years. This is due to a combination of factors such as the emergence and availability of more sophisticated technology and the ability to automate certain activities as part of an attack on organisational systems or networks of people; increased amounts of data are being produced meaning greater surface area for attack; and the fact that global communication, such as it is, makes it easier for large global crime rings to act together making a stronger unit.

Most of these aspects that facilitate the rise of nefarious activity, of course, can equally work in an acquirer’s favour to offset the threat - i.e., the smart utilisation of technology and data, global collaboration, and networking. In combination, of course, with aforementioned mandates to protect and secure transactions.

Vesa Suvila, global fraud expert, Nordea, says regulation such as PSD2 and SCA has been hugely impactful, having “changed the game very much when there is a need for strong customer authentication”. He describes a slow shift from the targeting of bank systems to the targeting of vulnerabilities on the customer side.

“We have started to see fraudsters targeting customer bank credentials, IDs and scams, via social media platforms and phishing,” he says. These regulatory measures don’t come without an element of friction, and this is part of the new balance to be struck when offering a best-in-class customer experience, as explored further on in this report.

The COVID-19 pandemic brought a surge in digitisation, and with the sudden and immediate demand for services everywhere to be available online, merchants and retailers all over the world were either bolstering their e-commerce service, shoring up digital security and defences, or setting up a digital offering for the first time, while other opportunists made hay amid the explosion in remote services and entered the market.

As such, acquirers had to take heed and respond. Says Suvila, “Consumer patterns changed just immediately after lockdown and people stayed at home, more online shopping. So of course, we needed to apply what we actually saw in card fraud domain. We saw a very quick decrease of fraud first, and especially the traditional type of frauds like data compromise, fraudsters using card data for airline tickets and so on. We saw it stop. But then it evolved more on customer scams. There were lots of web stores out there selling counterfeit goods for instance, and COVID related scam schemes.”

Linda Weston, MD, head of core product at Barclaycard Payments, says since the pandemic, “The biggest change is an increased focus on cash flow and settling transactions with the merchants as quickly as possible, whilst also ensuring that fraud is managed appropriately. What the pandemic brought to life was the reality that many merchants, particularly those smaller in size, operate on fine margins and without the funds to leverage against lengthy settlement times.” There was an immediate need to create more tailored, sophisticated, and dynamic profiling of transactions and customers. She says the company introduced a “sophisticated transaction profiling system that is unique to every customer.”

The pandemic intensified shifts and trends in fraud, and further accelerated certain types of attack, particularly as so many merchants moved online. For a lot of those, it was simply a matter of needing “a quick way to set up some kind of online shopping, for example restaurants needing to take orders and deliver online,” says Diana Piller-Mayerhofer, head of card security, card scheme compliance and anti-fraud management, Card Complete Service Bank. Equally, acquirers needed to respond and enable their merchant customers to continue and transition their operations swiftly and smoothly, without introducing new risks or threats.

Rules-based systems to tackle transaction fraud

To tackle transaction fraud, acquirers have traditionally used rules-based systems. However, this approach is evolving fast with the introduction of new technologies - specifically machine learning and in some cases artificial intelligence - and the availability of extensive data-sets to become a more dynamic, real-time practice. Much of the industry’s machine learning and automation capabilities and access to data sources are via cloud infrastructure.

“Transaction monitoring for us- and I assume for many of our competitors today- now requires both tactical static rules, combined with a scoring model which is based on machine learning, and eventually AI, based on customer behaviour and all the data points. So, we do combine these two approaches, not relying fully on scoring models,” says Nordea’s Suvila.

Says Piller-Mayerhofer: “We're using several different methods. The key to the best transaction monitoring and fraud detection is a combination of rules-based, machine learning, and people. I think the strongest [piece of] machine learning capability is [the] fraud analyst.”

Finding the right kind of expertise is also a challenge, yet it is key to the fraud detection strategy, and currently artificial intelligence still depends on the input of data scientists to update systems, monitoring and intuiting the various nuances of fraudulent activity.

“It's quite important because machine learning models learn according to what is programmed into them. They can handle a lot of data, more than a person. But if it comes to disruptive fraud scenarios- to two different fraudster strategies- what I've seen so far, is that it is people [who] can recognise these scenarios and recognise there's a shift, the machine learning or the rules can then be adapted, and then they work accordingly. But I think what we never see is such effective machine learning models that we don't need fraud specialists and analysts looking into the alerts,” Piller-Mayerhofer says.

“A massive challenge acquirers face is the amount of manpower needed to investigate the high volume of alerts. It’s not feasible to investigate them all. As a result, investigators overlook or have to bypass many in the interest of time,” says Dhala. “Furthermore, data scientists look to the data trails that consumers leave behind to track behaviour, and substantial benefits can be derived from utilising AI platforms that allow personalisation -- attaching a profile to each customer, card, account, activity and transaction. When customer behaviour changes, systems must be responsive through real-time decisioning to alert acquirers that the consumer or merchant may be behaving in anomalous ways. While these details are paramount for success, it’s important to have a fraud risk engine that can reliably scale as threats evolve. Both increased threats and a growing customer base are factors that will affect your long-term investment in AI.”

It is evident that organisations that deploy AI to automate processes are beginning to utilise the power of the technology in models which can adapt and learn from the vast amounts of data in real time. However, this is only the beginning. A collaborative effort where partnerships are formed and regulation can evolve to support a global industry is needed.

Click here to read the Finextra Research and Mastercard report ‘Seeking Approval - Acquirers Vs. Transaction Fraud’.