Reducing E-Commerce Fraud Loss by 25% The Role of Machine Learning, Artificial Intelligence and Real-Time Behavioral Analytics in Fighting Fraud

Transcription

1 Reducing E-Commerce Fraud Loss by 25% The Role of Machine Learning, Artificial Intelligence and Real-Time Behavioral Analytics in Fighting Fraud

2 The Card-Not-Present Crisis Card-not-present (CNP) fraud is still showing no signs of deceleration and is, in fact, expanding rapidly. The factors: Increasing e-commerce transaction volumes Increasing transaction volume coming from the mobile channel Increasing advancements in the market (EMV liability shift, 3-D Secure 2.0, PSD2) As consumer preference continues to shift from point-of-sale transactions to e- and m-commerce, fraudsters are adapting and seizing the opportunity to exploit these new channels. By 2019, global losses are projected to reach more than $32 billion. Fraud losses to merchants happened primarily during CNP transactions, with losses to CNP fraud on general purpose cards reaching $5.6 billion. 1 Despite issuers attempts to adopt various methods to manage these challenges, the chaos never stops, and another burgeoning trend is ushering in more complexity. How mobile devices are providing a new hunting ground for hackers 02

3 The Rise of the Devices The ways that consumers are using their phones, tablets and laptops continues to change. A decade ago, making major purchases on a mobile device wasn t common practice, but on-the-go shopping continues to grow in popularity. 2 billion More than 2 billion mobile device users will make some form of transaction in 2017 (up from 1.6 billion in 2014) Worldwide mobile commerce revenues amounted to billion U.S. dollars in 2015 and are set to surpass $693 billion in % billion 25 percent of ecommerce came from mobile purchases in Q New opportunities for fraudsters The anonymity of m-commerce has further exposed consumers to hackers and other malicious actors. Today s fraudsters stage attacks on multiple cards across an array of devices, issuers and geographies within milliseconds. Unfortunately, older or more traditional fraud models are no longer adequate to protect customer information against the increasingly sophisticated and advanced methods used by hackers. The traditional approach of tracking purchase history, location and other factors is no longer sufficient. With such automated and widespread attacks, speed is also critical, and the time it takes for the traditional models to learn from fraudulent behavior can sometimes take hours or days far too long to prevent damage to cardholders and the reputation of the issuer. How data science is reshaping the industry s approach to CNP fraud protection 03

4 New Disciplines, New Ways of Preventing CNP Fraud New trends and new threats call for a revolutionary approach to effectively stop fraud. This new approach is driven by ultimately helping banks improve their understanding of data through machine learning, artificial intelligence (AI), neural network models, dynamic-rules engines and other disciplines for real-time fraud prevention. The right combination for the future of the payments industry Because fraudsters now automate their attacks to get the most value from their stolen information, these methods are well suited to the always-growing payments industry. These disciplines help identify and stop attacks in real time and allow the utilization of shared fraud data across an array of participating banks, and this sharing effectively prevents both known and suspected fraud, faster. Learn more about the five pillars of next-generation online payment authentication 04

5 The Five Pillars of Next-Generation Online Payment Authentication To reduce fraud losses and provide cardholders a seamless online shopping experience, issuers must deploy solutions that can quickly distinguish between genuine and fraudulent transactions and take appropriate action instantly. Next-generation protection for CNP transactions should be supported by five pillars, originally outlined by Kount s Don Bush but expanded by CA to correlate more directly with payments. Real-Time Behavioral Analytics Solutions should analyze massive amounts of data in real time through an array of technologies, including device fingerprinting, transaction velocity, cross-merchant linking and others. Artificial Intelligence and Machine Learning Technology AI and machine learning have the power and storage capacity to oversee a high volume of transactions in real time a far superior option when compared to dedicated teams who need to scan, assess and decide on specific transactions. Dynamic Field- Programmable Rules Neural network models should be paired with a flexible rules engine to enforce issuer policies according to risk score. And due to the increasing complexity of fraud, the rules engine should allow for ongoing additions or modifications. Experience and Knowledge in Multiple Domains AI and machine learning are only as good as the subject matter experts who program them. Experts should continually review and refine solutions to keep pace with the evolving sophistication of fraudsters. Real-Time Fraud and Risk Data Consortium Effective solutions should also pull together multiple streams of data. A real-time consortium approach gives issuers the power to automatically check addresses, mobile numbers and other information if the initial screening process cannot resolve discrepancies. Explore the CA Risk Analytics Network 05

6 How Real Data Is Driving Results CA Risk Analytics Network was built on these five pillars to help issuers protect their cardholders from cybercriminals by identifying fraudulent activity and instantly preventing it from occurring without having to burden the genuine cardholder. Fast and customizable CA Risk Analytics Network is driven by transactional intelligence and data from CA s 3-D Secure clients. Issuers can quickly assess the risk of a CNP transaction by analyzing data across multiple dimensions, including type of device, location, behavior and historical trends in the context of both the card and device behavior. Leveraging a neural network model, the solution offers zero-touch authentication, and card issuers can customize their approach to risk assessment by setting custom rules, establishing policies and designating events that require step-up authentication. The solution employs a self-learning scoring model, which analyzes and compares historical and real-time transaction behavior. Card and device behavioral profiles are then immediately updated, influencing the model to reflect the most accurate risk score. Real results at the flip of a switch CA Risk Analytics Network works for issuers of any size, and once part of the global consortium, issuers can enjoy: Enhanced fraud prevention and user experience with: Reduction in CNP fraud losses by an average of 25 percent, which improves revenue Fewer false positives by an average of 35 percent, which enhances customer experience Or a mixture of the two Minimizing the window of uncertainty to an average of 5 milliseconds, virtually eliminating between-transaction vulnerability What makes CA Risk Analytics Network different? 06

7 What Makes CA Risk Analytics Network Different? The only real-time behavioral analytics fraud prevention network CA Risk Analytics Network uses a patented, advanced neural network model and machine learning to learn from and adapt to fraud patterns in real time. By analyzing and comparing multiple dimensions of large-scale data both recent and historical, across banks and geographies the network helps issuers detect anomalous behaviors for the cardholder, the device or both. Real-time learning and instant risk score update Card and device behavioral profiles are updated in real time to influence the network model so that it can accurately and quickly determine which transactions are risky and which aren t. In other words, the model distinguishes normal patterns from fraudulent patterns by combining all the real-time information into an optimized view of fraud and non-fraud in the multidimensional space of both the transaction and the histories of the given card and device. All the while, the model uses that data in a secure area where the raw information is never shared or visible across clients. Domain experience CA Technologies is leading the payment industry with over 15 years of experience. In fact, CA Technologies co-created the 3-D Secure protocol in partnership with Visa to protect online e-commerce transactions when e-commerce was in its infancy. Since then, CA has been dedicated to perfecting the balance of robust security with customer experience to ensure that our customers can significantly reduce fraud losses, transaction abandonment and false positives. Furthermore, with a dedicated team of data scientists, CA can stay a leader in the online fraud detection market by leveraging machine learning techniques, artificial intelligence and neural network modelling. Our data scientists are experts with decades of experience in e-commerce, model building and big data. Rich data network CA Risk Analytics Network taps into the largest network of global cardholders and financial transaction data. The model is scheme-agnostic, which means that the pool is truly composed of global transaction data, whereas some competitive models may only see data from certain schemes. This is a crucial component of any consortium model. To truly understand the entire landscape of fraudulent behavior on both cards and devices, we can t leave any aspect unsearched. CA Risk Analytics Network sees more than 1 billion e-commerce authentication transactions annually across more than 400 million devices. The network also serves 7,000 banks and 200 million cardholders, along with over 11,000 individual card products. 07

8 Measuring the Value of the CA Risk Analytics Network Now, let s examine the CA Risk Analytics Network and explore the value it brings to our customers. A rather conservative bank (we ll call it Global Bank) came to us because it wanted a little more return from its fraud-prevention strategy while ensuring its customer experience remained unaffected. First, we took a before snapshot of the bank s strategy by measuring the bank s fraud losses and TFPR (Transaction False Positive Ratio). Global Bank had 19.3 million U.S. dollars in attempted fraud in a quarter s time. The bank was using a traditional neural network detection system to fight that fraud, reducing its losses to $10.9 million. For many banks, this level of success is acceptable as they can absorb that amount of loss. However, Global Bank wanted to see if it could implement a more effective system to further reduce fraud losses without impacting the TFPR. Importantly, the CA Risk Analytics Network also afforded Global Bank more choice in how it handled risk and the experience of its customers. By choosing to use the network to reduce the number of false positives from 178,797 to 116,218, the bank was able to save 62,579 genuine customers the annoyance and frustration of a falsely declined legitimate transaction. Like many institutions, Global Bank continues to explore a healthy mixture of both a reduction in fraud losses and false positives. By implementing the CA Risk Analytics Network, the bank could save an additional $2.7 million U.S. in fraud losses all without impacting the false positive rate. By employing CA Risk Analytics, Global Bank was able to achieve the following results: From To Savings False Positives 178, ,218 62,579 Fraud Losses $10.9M $8.2M $2.74M ***The data presented in this use case example is from a three-month period and are calculated against our averages for CA Risk Analytics Network (a 35 percent reduction in the TFPR and a 25 percent reduction in the fraud loss). 08

9 Meet the Team Behind the Model The CA data science team, led by Paul Dulany, was the driving force behind the modeling that powers the CA Risk Analytics Network. Q: What sorts of challenges in the payments industry inspired the development of CA Risk Analytics Network? A: One of the key challenges right now relates to the fraudsters themselves. They no longer confine themselves to a single portfolio or issuer; rather they attack with whatever cardholder information they have at their disposal. Consequently, you can t limit your perspective to fraudulent behavior and activity at just one issuer and with a SaaS implementation, we don t have to. We built this solution to create a collaborative network to fight fraudsters in real time. This lets issuers identify and stop fraudulent activity faster and more effectively than before, so that credit card fraud is less lucrative. Q: Traditionally, how have issuers been coping with these challenges? A: There are a few different ways. There are systems that share information between issuers; however, this information is shared well past the specific incident. Since the transaction in question must be first investigated and flagged as true fraud (which can take hours if not days), issuers have been looking for ways to reduce the time it takes to detect and prevent fraud. This is exactly why we built this solution to improve the time it takes to identify and prevent fraud without negatively impacting the cardholder s experience. Q: Can you explain some of the technologies at work behind the scenes? A: A critical aspect of this is using machine learning and AI to drive real time updates to behavioral distillates. These contain distilled behavioral information about the use of cards and devices and are updated in real time. This relates to the importance of speed. Because attacks are now automated with attacks only separated by fractions of a second we need to make sure that any given transaction knows about the previous transactions, even if the transaction occurred 10 milliseconds ago. These distillates are critical inputs to the online learning that captures different behavioral patterns, and feeds these patterns and the current information to our neural network models. Then, the model provides a score from 1 to 999, which indicates the likelihood that the transaction is fraudulent. Q: What does this approach mean for issuers? What kinds of benefits can they expect? A: With an approach like this one that s coming at the problem in real time issuers can expect to see an average reduction in fraud by 25 percent. That s a dramatic improvement, but it s only half of the story. The other benefit here is a reduction in false positives, which can decrease by 35 percent. We also let issuers choose a combination of both if desired. The value that this brings to our customers is significant around the world. Q: What can issuers and other members of the payments industry expect going forward? A: I think what you ll see is a continuation of this technological arms race between data scientists and hackers. Consumers keep evolving in the ways that they use their cards and make purchases, and both camps will keep pushing the boundaries of what s possible, meaning you ll see better and faster solutions being introduced to the market. A lot of this will be driven by the incredible amount of data that will be produced by initiatives like 3-D Secure 2.0 and PSD2 it s all a treasure trove of information that data scientists can use to keep ramping up the sophistication of fraud detection and prevention techniques. 09

10 CA Risk Analytics Network Prevent fraud and provide a friction-free experience with the only real-time behavioral analytics network. Learn more. 1 The Nilsson Report, Card Fraud Losses Reach $21.84 Billion, October 2016, 2 Juniper Research, Mobile Commerce Markets: Key Sector Strategies, Opportunities & Forecasts , May Ovum, Ovum Mobile Payments Forecasts: , February Jeremy Kressman, emarketer, Mobile Purchasing Keeps Ramping Up in the US, March 10, 2017, retail.emarketer.com/article/mobile-purchasing-keeps-ramping-up-us/58c328d8ebd400016cd37b6f CA Technologies (NASDAQ: CA) creates software that fuels transformation for companies and enables them to seize the opportunities of the application economy. Software is at the heart of every business, in every industry. From planning to development to management and security, CA is working with companies worldwide to change the way we live, transact and communicate across mobile, private and public cloud, distributed and mainframe environments. Learn more at ca.com. Copyright 2017 CA, Inc. All rights reserved. All marks used herein may belong to their respective companies. This document does not contain any warranties and is provided for informational purposes only. CS