Anti-Fraud in eCommerce Online Payments

Over the next four years, losses will increase by more than 50%. And this is taking into account the law regulations in Europe.

Online payments have become a target of fraudsters largely due to the rise of online commerce, especially during the pandemic and the self-isolation regime. However, eCommerce began to take off long before the coronavirus, the main impetus was given by the EMV mechanism (the international standard for transactions).

Online retailers and members of the e-commerce ecosystem need to put more emphasis on educating consumers on how to handle online payments correctly and how not to fall for scammers.

One of the advantages of eCommerce is convenience and speed, and if a buyer has to constantly prove that he is not a fraud, he/she can go to another online store, or even return to offline shopping altogether. Which is a big problem for security.

Anti-fraud solutions against hackers

The classic scheme is when an attacker uses phishing or any other illegal actions, the bank card holder unknowingly transfers his card details to the attackers, sufficient to make a purchase in the online store.

An attacker completes a purchase and purchases a product/service. The cardholder, see the unauthorized write-off, reports the loss of money to the bank that issued the card. In turn, the bank initiates Chargeback (return of the debited funds). If the product has already been received by an attacker, then the retailer loses three times: returns the money to the cardholder, loses the product for which the supplier has already paid, plus it may earn a fine for missing a fraudulent transaction — up to a complete ban on accepting online payments.

Catch me if you can

The fraud detection and prevention process does not have an initial or final stage, it must be carried out continuously and include the following processes: Monitoring; Detection; Making decisions; Training.

Anti-fraud systems can have the following technologies and capabilities in their arsenal:

• Text analytics, which is performed using search technologies, content categorization, and entity extraction.
• The calculation of statistical parameters, which is used to identify deviations that could indicate fraud.
• Network analytics is used to identify connections, identify patterns.
• Gap testing involves finding any missing elements in the serial data where they shouldn’t be.
• Login Date Confirmation is used to assess inappropriate or suspicious times for posting or entering information.
• Supervised Machine Learning, which is based on historical data, to identify specific patterns.
• Unsupervised learning, which involves analyzing and evaluating data that does not contain information about the identified fraud. Used to detect new anomalies.

Anti-fraud system’s function is to detect and prevent fraud. However, they can solve problems in different ways and compare anti-fraud systems without an additional classification is the wrong decision. So, for example, there are so-called core-systems — powerful analytical platforms that allow you to implement logic in separate segments (RBS or bank card processing), there are also specialized systems that control the parameters of devices and risks on their side. And at the same time, separate systems are being developed, sharpened for the recognition of photos, videos, and speech. Many of the systems do not compete, but, on the contrary, complement each other’s functions.

Based on this, online fraud has into 3 classes:

Class 1. Solutions of this class are aimed at detecting and identifying traces of fraud and detecting anomalies.

Class 2. Solutions of this class are aimed at identifying fraud tools, cause or risk (for example, the presence of malware, remote control components, phishing components).

Class 3. Solutions of this class solve highly specialized problems. In particular, they can be designed for image recognition to detect fraud, can be equipped with a speech recognition system.

Banking fraud continues to progress every year. Therefore, the market for anti-fraud software is growing.

When choosing an anti-fraud system, you must first decide what tasks it should perform. In most cases, in order to protect eCommerce from fraud, it will be necessary to use several classes of anti-fraud systems. Sometimes you will need custom software that supports all classes.

Stay safe!