As part of my role as SafeCharge’s VP of risk management, I was recently chosen to take part in an expert’s round table for payment and fraud challenges faced by those in the gaming industry by leading publication iNTERGAMINGi.
Within the article, there were several insights I provided that I think would be of help to a broader cross-section of industries that are dependent upon the success of online payment processing.
Thus, I would like to use this space to keep companies aware of present-day and upcoming innovations that are set to help in the battle against fraud which are set to come to the fore with the arrival of Strong Customer Authentication (SCA) under the PSD2 requirements.
PSD2 Offers Merchants a Chance to Improve Risk and Fraud Management
The changes enacted under the umbrella of PSD2 will be of considerable significance to merchants, particularly with Europe. With the deadline set for the 31st December 2020, the requirements of the industry-wide regulations will make the payment environment much more secure, reduce fraud levels, and will enable issuers and operators to reduce the number of resources dedicated to fraud prevention activities.
The impending changes will usher in a new era of payment security by facilitating biometric authentication (such as fingerprint or facial recognition). Soon high-risk operators will be able to perform behavioural biometrics risk scoring, which can be used for transaction-risk-analysis exemptions as well as fraud prevention.
While it’s true that the requirements under SCA will increase friction slightly, it will increase approval ratios across the board because issuers will be able to remove several restrictions on their side. By combining biometric authentication with behavioural biometrics verification, all sides of the payments process can dedicate less time and resources to risk and fraud management.
We expect this trend to drive up the significance of mobile payments, whereby solutions such as Apple Pay, Google Pay and PayPal already provide a frictionless transaction experience whilst meeting biometric authentication requirements.
Another trend set to increase in popularity as a result of the PSD2 directive is the use of machine-learning-powered (ML) fraud management systems to detect even advanced fraud methodologies.
The game-changing element that ML brings to the table is its ability to identify new fraud patterns on the fly and react immediately to them. Traditional fraud rule settings take much longer to identify and then implement, usually leading to considerable losses. Therefore, this feature will dramatically reduce false positives for those that introduce this technology correctly.
While we are not quite there yet, ML will soon be able to identify the correct module and implement the correct subsequent parameters to prevent future incidents. Once we arrive at this level of optimisation, operators will benefit enormously both in terms of fraud-related losses and in expenditure dedicated to its prevention.
We think that a blend of machine learning with a flexible rules and alerts system is the best current approach for high-risk operators.
Smarter 3DS Routing
Another trend that operators are going to need to pay attention to is their 3D-Secure routing. The improvements being made under the SCA/PSD2 requirements are making the payments environment within Europe much more secure. However, they also make them much more complicated.
For that reason, merchants will have to manage their 3D-Secure routing much more effectively, with systems that can automatically flag exemptions. While 3DS2 has removed a lot of the friction associated with 3DS1, on the back end, systems need to make intelligent decisions (powered by AI) regarding routing flow (3DS1 vs 3DS2), with universal acquirer acceptance to improve approval ratios.
With the multitude of possible combinations between these two functionalities, payment providers’ resources will be aimed at optimising the approval ratio between all the combinations, rather than investing more in fraud prevention systems.
Mobile Payments Increase Chances of Detecting Risk
As mentioned, mobile payments are containing to rise due to their increased convenience when it comes to SCA requirements. But operators may well encourage mobile payments for the additional reason that they help to detect risk.
This is because we are able to gather much more information from a mobile payment than we can for a desktop transaction. The device ID detection is also significantly more accurate. Thus, we expect the trend of mobile payments to increase across the board for the beneficial impact on customers and merchants alike.
Increased Focus on Data Breaches
With the new regulation aimed at helped to reduce the number of data breaches, the fines and penalties associated with failure are increasingly harsh. Thus, operators will have to redouble their efforts to ensure that their payments infrastructure is as secure as possible.
Outages pose one of the biggest threats. When it comes to payment security solutions, they should empower businesses in the sense that they provide mitigation against any possible danger to service continuity.
Sophisticated denial of service (DDoS) attacks present one of the biggest threats in that regard. In the event of such an attack, a secure environmental architecture that enables high performance and that continuously maintains a business continuity plan (BCP) is crucial.
Another critical aspect that merchants must turn their attention to is data security. Many hand off their PCI data security requirements to third-parties such as ourselves. But operators should understand that there are best practices that their payment services providers such be adhering to, including but not limited to: perimeter defence, role-based access control, database and endpoint security and security monitoring to detect anomalies and policy violations.
It’s a continuous and evolving challenge. However, our team of security experts continually improve security and provide a high level of assurance to our clients.
The future is exciting when it comes to fraud management in the context of payments. Soon machine-learning-based processing and routing systems will make even the most sophisticated fraud methodologies obsolete. However, with increased security in the payment environment, comes increased complexity.
Increasingly, high-risk operators will have to lean on the expertise of payment solution providers such as SafeCharge to ensure they maintain a frictionless and secure experience for consumers.
If you have any questions, or have any concerns regarding your future risk and fraud management plans, then don’t hesitate to message me directly and I’ll gladly answer your questions and provide advice concerning the risk management systems in place for your business.
About the author: