How to Choose Fraud Detection Software: Features, Characteristics, Key Providers
As we make more cashless payments for retail purchases, restaurants, and transportation – not to mention the increase in online shopping – wallets loaded with legal tender may become a thing of the past. According to 2018 research by BigCommerce, software vendor and Square payment processing solution provider, 51 percent of Americans think that online shopping is the best option. Last year, 1.66 billion people worldwide bought goods online. And the number of digital buyers is expected to exceed 2.14 billion.
Unfortunately, growing sales may mean not only greater revenue but also bigger losses due to fraud. For instance, 63 percent of businesses that participated in the 2018 Global Fraud and Identity Report by Experian claim to have the same or higher levels of such losses over the last year.
Businesses and fraud losses. Source: Experian
Having insufficient control over operations is like letting some customers pay for goods and services with colorful paper notes instead of cash or valid cards. That’s not the best way to run a business, right?
Businesses take measures to protect themselves from scammers. To make their anti-fraud strategy efficient, organizations must ensure they accept legitimate transactions only and provide instant user authentication. Once these operations are organized, you can achieve frictionless customer experience while minimizing the risk of fraud-related losses.
A fraud detection and prevention system is the core of any fraud risk management strategy. Teams choose software with functionality that works best for their workflow and business needs in general.
In our whitepaper on fraud detection, we compared machine learning-based systems with rule-based ones and described how ML-based solutions help prevent and identify fraudulent activity across several industries.
For this article, we contacted specialists from NoFraud and SAS to discuss the purposes and capabilities of anti-fraud software and get their advice on the solution choice. The final section of the article contains descriptions of several solutions available on the market.
What does ML-based software do?
Fraud detection software monitors transactions and assigns risk scores to each of them. Transactions with attributes that don’t deviate from the norm are allowed for processing. If even one transaction detail indicates suspicious activity, the system automatically halts or denies it, and sends an alert to the user. Many of these systems use both rules (that users can edit) and machine learning techniques to achieve higher efficiency.
Real-time transaction screening and review automation. Fraud detection solutions with ML capabilities constantly monitor incoming data. Real-time data processing also means that employees no longer need to review most of the orders themselves. “Some companies expend massive amounts of resources reviewing transactions for fraud manually. They employ large teams of employees dedicated to this task. An ML-based fraud detection solution can drastically reduce or even eliminate the overhead related to manual fraud review,” notes business development executive at NoFraud Shoshanah Posner.
That’s a game-changer for customer experience, cost control, and operations efficiency, considering that 89 percent of orders that North American businesses reviewed manually turned out to be legitimate. Usually, a few percent of transactions require analysts’ evaluation.
Key benefits of automated fraud detection
Deep insights on user behavior. Unlike rule-based systems, these tools spot implicit correlations between user behavior and the possibility of fraud and abuse. ML-based systems are capable of learning from streaming data and adapting to emerging fraud patterns, while rule-based systems require analysts to specify new fraud scenarios.
False positives reduction. Imagine you’re on vacation in another city thousands of miles away from your hometown. You want to treat yourself to sightseeing, dining, and shopping. But you tried to pay for a purchase, the transaction was declined, and your card was blocked. On the one hand, we see a bank’s fraud prevention system in action: The bank needs to ensure your funds are not misused. On the other hand, the system is too straightforward in its transaction analysis.
The problem of false positives – declined legitimate transactions – is relevant even for software using machine learning. The key to accuracy in fraud detection is to assess every transaction in the broad context, going beyond location and transaction amount. For example, data scientists from MIT found the approach to reduce false positive forecasts with automated feature engineering. This method entails extracting more than 200 detailed features – behavior patterns – for each transaction. Efficient fraud protection solutions analyze hundreds of indicators like historical data on user buying habits and current transaction details, use device fingerprinting to provide as accurate predictions on order outcomes as possible.
Real-time operations tracking and reporting. Fraud detection software includes dashboards, so customers can monitor their key performance indicators in real time, for instance, track orders and learn about their status (approved or declined) and additional information like payment method, location, channel, etc. Reporting capabilities usually include daily, weekly, or monthly reports on suspicious activity or a total number of transactions. Investigation teams may use visualizations of fraud patterns to better understand interconnections between user behavior and fraud attempts.
How to choose fraud detection software?
Before we talk about the products available on the market, let’s discuss what features and characteristics you should consider when selecting a fraud detection solution for your business.
It’s crucial to evaluate whether you plan to completely rely on a fraud detection solution or will have a team of fraud analysts that will use software to streamline their work.
“The first question to ask is whether a company wants to completely outsource their fraud prevention, or use an ML-based tool that needs to be managed in-house. The latter option should be chosen only if the company has the resources and expertise to manage the rule set and conduct a manual review when necessary,” explains Shoshanah Posner from NoFraud.
Comprehensiveness and self-learning capability
You never know what approach to stealing fraudsters may use in a particular case. That’s why a fraud detection system must be versatile, thinks SAS’s head of fraud and security intelligence Alexey Konyaev:
“The record shows that today’s systems should not be tailored to identify one specific type of fraud, because this is not efficient enough and may only protect the organization from hooligans and young self-taught hackers. The cybersecurity system should be comprehensive to cover all information systems within the organization without a single exception, should be universal to be able to handle all types of data and highly-performing to process massive data flows.”
The system should be able to automatically learn from data to detect not only well-known but also new types of fraud and cyber threats, adds the specialist.
Multiple protection layers
Fraud analyst Avivah Litan from Gartner Group has suggested a five-layer approach to fraud detection and prevention. Each of the levels represents a specific type of customer activity and behavior:
- Level 1 is endpoint-centric and includes user authentication, the device they are using for the transaction, as well as geolocation.
- Level 2 is navigation-centric, which means that customer behavior during a particular session is analyzed for anomalies.
- Level 3, or channel-centric, considers analyzing account activity for anomalies.
- Level 4 is cross-product, cross-channel, and entails monitoring entity behavior across channels and bank products.
- Level 5 – entity link analysis – is about evaluating connections between various users or transactions.
Five-level approach to fraud protection described by Avivah Litan from Gartner Group. Picture source: SAS
Gartner defines systems that support all activity layers as enterprise fraud management (EFM) software. So, one of the options to evaluate a product is to learn about the layers of fraud protection it considers for the analysis.
Integration and deployment
You should also learn about average deployment time and ease of deployment. Some websites have discussion sections (e.g. Gartner Peer Insights) where users share their feedback on the software and some are review sites themselves (e.g. Capterra, G2crowd, and FinancesOnline). Make sure to check the reviews to learn more about deployment pitfalls and common issues. Another factor to consider is integration. For instance, if you run an online store, ensure that a solution is compatible with your eCommerce platform.
Compliance with security standards
In the article for TechTarget, Ed Tittel suggests readers check whether solutions comply with their organization’s requirements for data security: “Keep a list of the organization’s compliance requirements handy when vetting web fraud detection systems and ask each vendor on the short list to provide documentation that indicates the product’s compliance support.”
For instance, those who accept card payments have to ensure that solutions meet the PCI Standard. Since most of the organizations and businesses deal with customers’ private information, solutions must comply with the Gramm-Leach-Bliley Act (GLB Act or GLBA) and/or GDPR. Have a look at our article with advice on how to comply with GDPR if you work in the travel industry.
Fraud detection software providers suggest various pricing models. Some vendors have a number of fixed subscription plans; others allow for flexible pricing that depends on business size and industry, annual sales volume, etc. Providers may also charge per transaction only. Generally, companies share pricing information on request.
Shoshanah Posner from NoFraud notes that the price for ML-based software depends on the level of support one expects from the software. “Fraud screening tools are less expensive than full-service fraud tools upfront. However, a company needs to consider their overall cost of fraud: With a full-service fraud tool, a company doesn’t need to maintain an in-house fraud prevention team, which can often cost more than a full-service solution.”
Make sure you’ll be able to easily reach a software provider if you have difficulties managing a product or want to ask more questions.
Shoshanah Posner recommends asking a vendor about the onboarding process and service level agreement to understand what kind of technical support a customer should expect from a provider: when customer care specialists are available, how to contact them and report problems, what the average response time is, under what circumstances the services aren’t provided, and other conditions.
Infographics, surveys, articles on the fraud detection field, video tutorials, and a frequently-asked-question section may also help customers use a software to its full potential and keep current with industry trends.
Approval rates and false positive handling
It would be useful to understand how a solution validates transactions. Also, find out how the vendor team and software handles cases of false declines from clients that surely are legitimate.
“For a full-service tool, some good questions to ask are: Do you offer in-house review component? How does the service guarantee an optimal approval rate? What does that look like? What if the solution declines an order I think is valid? How do I challenge a decline? Can you provide some case studies of real results?” Shoshanah advises.
Support for mobile use cases
People shop more and more using mobile devices. For example, 210 million customers bought retail goods via mobile devices in 2012. This figure is projected to exceed 1 billion this year. And mCommerce fraud is another pain point for businesses.
According to the 2018 True Cost of Fraud Study by LexisNexis Risk Solutions, mCommerce merchants selling digital goods are under greater fire than retailers selling physical goods only or those without mobile sales support. Every $1 of fraud costs these merchants an average of $3.29, which is 24 percent more than last year. Midsize or large retailers that sell only physical goods lose less ($2.78) and those businesses that don’t support mobile channels ($2.30–$2.54). So, our advice is to make sure solutions also track activity from the mobile channel using multi-layer user authentication with device identification, for example.
Fraud detection software solutions overview
Now let’s take a look at several fraud detection systems available on the market. While some of them are designed solely for eCommerce, others work across industries.
NoFraud: machine learning and human intelligence to protect online merchants
NoFraud is an eCommerce fraud prevention system that combines machine learning and human intelligence. The tool screens transactions in real time using advanced machine learning algorithms, allowing merchants to concentrate on their primary tasks and goals – fulfilling orders, interacting with customers, and expanding their business in general. Only high-risk and questionable transactions are selected for a manual review by the NoFraud team. In these cases, specialists reach out to a cardholder to confirm the legitimacy of a transaction. “The review begins as soon as the transaction occurs and is completed once the cardholder responds. Reviews can take as short as a few minutes but can take longer, depending on how fast the cardholder responds back to NoFraud,” specifies Shoshanah Posner.
NoFraud uses thousands of data points in its decision-making process. The system takes into account historical customer data, current transaction data, and also analyzes customer behavior. For instance, it tracks a customer’s device with its activity history, location, tracks and validates IP address, as well as ensures that transaction data doesn’t match with one from global and merchant-specific fraud blacklists. NoFraud also checks transaction velocity – the number of payments made with a credit card, from a specific account, device and IP address during a certain timespan. Transaction security is complemented with bank identification number (BIN) checker service, address verification service (AVS), and card verification number (CVN) service.
The NoFraud system features in brief
NoFraud provides chargeback protection when accepting fraudulent transactions. It also reimburses losses due to fraud or unauthorized charges. The tool integrates with popular eCommerce platforms and payment providers (e.g. Magento, Shopify, BigCommerce, WooCommerce, 3D Cart, X-payments), payment gateways (e.g. Payflow, Braintree, First Data). Custom integration is done via API.
The company charges per transaction custom fees. You should discuss pricing details with the team. International orders are charged with an additional 0.20 percent fee. You can find out whether the tool works well with your business with a trial.
Signifyd: eCommerce fraud detection software with chargeback guarantee
Signifyd provides a cloud-based fraud protection platform for eCommerce businesses. The solution automates real-time order screening and approval using machine-learning – all completed in a review that generally takes milliseconds. While Signifyd determines which orders are safe to ship and which are suspicious, merchants make the final decision on whether to decline or approve a transaction. An expert manual review is used only for complicated cases.
The system scores every transaction based on such parameters as location, address, historical purchase data, recent credit score, IP address, etc. To collect the historical profile information, the solution takes into account user activity on both a merchant website and all other marketplaces they visit.
Signifyd in action
Signifyd comes with numerous features for seamless order processing. It allows businesses to create client blacklists and whitelists, automate order fulfillment, and cancel guarantees on orders that have been canceled by shoppers. Signifyd refunds chargebacks on approved orders that turned out to be fraudulent. A reimbursement is carried out within 48 hours and includes chargeback fees and delivery costs. In addition, businesses can submit a claim by simply filling in a form and providing an order tracking number with the chargeback notice.
The software easily integrates through eCommerce platforms (Shopify, Magento, BigCommerce, Salesforce Commerce Cloud) or via API. Signifyd targets businesses of varied scale with its three pricing plans.
iovation: multi-industry suite using device reputation technology
iovation provides a suite of device-based fraud protection and dynamic authentication solutions. Its products are developed for various industries. eCommerce businesses, insurance companies, financial and ticketing service providers, banks, gaming, and gambling companies, as well as online communities can protect themselves from fraudsters with iovation.
The company has four solutions, two of which – FraudForce and SureScore – ensure fraud protection. Both ML products learn from historical data that contains over 55 million fraud reports and 5 billion known devices gathered by more than 4000 iovation fraud experts. Users can also customize the review with their own business rules for any customer touchpoints (stages of customer contact with your brand.)
FraudForce. The software detects and stops suspicious transactions from both desktops and mobile devices in real time through device recognition. FraudForce determines a device location and analyzes its recent activity. For example, it defines whether the device has a history of abuse/fraud or is linked to other devices associated with fraud. It also assesses a device with an account or accounts with which it is associated.
iovation explains how it deals with fraud with device reputation technology.
SureScore. Integrated into FraudForce, the service applies machine learning to forecast risk and legitimacy of transactions, including the ones from new customers or devices. The score identifies subtle and/or global fraud patterns from devices, accounts, and transactions. That way specialists can focus on the most suspicious transactions first, let the service analyze and validate the rest of orders, and eventually improve customer service. SureScore integrates with third-party platforms and doesn’t require coding skills.
LaunchKey. LaunchKey is a mobile multi-factor authentication solution for businesses that provide services across channels (e.g. mobile apps, websites, self-service kiosks, or help desks). With this solution, organizations can offer a single authentication method for customers, whether it’s a PIN code, a fingerprint scan, or a custom code.
ClearKey. ClearKey provides two-factor authentication (2FA) – an extra security level. Simply put, website users will not be only recognized by their credentials (password and username) but also by device.
Various integration options are available. Users can integrate the solution into native apps (iOS, Mac OS, Android, Windows) or web applications, and “at any customer touch point where fraud risk is a concern, such as an account creation or modification, purchase or transfer.”
iovation provides reporting capabilities, such as ad-hoc reports, daily, weekly, and monthly reports on transactions and suspicious activity.
The company doesn’t disclose pricing information, so you must contact the team to learn more about price and usage details. In addition, you can request a trial version.
SAS: versatile fraud prevention system for numerous industries
SAS has been on the market for more than four decades. The company develops and provides analytics software suites for numerous industries, such as banking, healthcare, insurance, media, retail, government, travel and transportation, etc.
The company addresses problems of fraud and digital and financial assets security with its Fraud, AML (anti-money laundering) Security Intelligence.
“SAS anti-fraud solutions are based on a hybrid approach that combines expert rules, mathematical models, analysis of the subject’s social setting, text analytics, anomaly analysis, and other methods,” notes head of fraud and security intelligence at SAS Alexey Konyaev.
How SAS Security Intelligence works
Such a mix of technology solutions can help businesses in their battle against any types of fraud and threats.
“These can be classical attacks on remote banking systems, e.g. termination of unauthorized access to mobile bank app or customer’s personal account in the online banking system. In the case of internal fraud, SAS solutions identify a complex scheme with numerous people involved, as well as various information resources and organization’s IT infrastructure nodes.”
The industrial anti-fraud system assesses behavior patterns of every single customer, knowing which actions are typical for them and which are not. That’s why organizations don’t need to do extra inspections that may be annoying for customers. “The system also looks for suspicious links between subjects involved and among their friends and family. For instance, common phone numbers, addresses, places of employment, or suspicious acquaintances,” says Alexey.
Once a suspicious behavior is detected, the system automatically determines fraud risk and evaluates potential damage and the economic feasibility of investigation. “In other words, the company may set different priorities for investigation of different fraud cases,” adds the specialist.
An example alert in SAS Fraud Management
Customers can choose between cloud, on-site, and hybrid deployment. The company shares video tutorials to ensure customers use all the software capabilities. You can request a demo and receive a free trial. The pricing model is flexible and depends on company size and performance.
Feedzai: data orchestration, case management tools, and risk engine
Feedzai provides a fraud management platform for retail banks, payment providers (acquirers), and merchants. The platform offers data orchestration and risk scoring using rules and machine learning along with case management tools.
Data orchestration entails receiving real-time data on a customer across channels they use to interact with an organization. Case management is about collecting and accessing data from numerous sources to understand the logic behind user behavior and use reporting to facilitate decision making. Feedzai case management tools include dashboards for reporting, analytics, and alerts.
Risk engine is another platform component. It uses a mix of rules and machine learning models to forecast fraud by scoring risk in real time. Through continuous data processing, the engine can identify new types of fraud. In addition, the risk engine meets such security compliance standards as multi (two) factor authentication and PAN Tokenization – the replacement of a customer’s primary account number with randomly generated numbers aka a token.
The Feedzai platform functionality
As Feedzai was developed by data scientists and aerospace engineers, it has some features for analysts and data scientists. For example, it contains a data science framework with automated feature engineering and Scenario Optimizer out-of-the-box. With Scenario Optimizer, data scientists can concurrently measure and test performance changes for multiple rules, lists, and models before putting them into production. No knowledge of technologies like Hadoop, NoSQL, or Java is required to use the framework.
Feedzai offers on-premises, cloud, and hybrid deployment options. Pricing details are provided on-demand.
SAP Business Integrity Screening: flexible rule sets and predictive analytics for various businesses
The SAP Business Integrity Screening application is a part of SAP governance, risk, and compliance (GRC) solutions. It helps businesses discover, prevent, and investigate anomalies through the use of flexible rule sets and predictive analytics. Powered by the in-memory SAP HANA data management platform, the software quickly processes large volumes of transaction data in real time and detects suspicious activity early to decrease financial losses.
The application can be used for various purposes. It allows users to define whether new business partners aren’t included in lists with high-risk or sanctioned parties. These lists are usually published by government and international organizations, including private content providers. Screening of existing partners is possible as well. Other use cases may include the monitoring and verification of employee travel expenses and external payments.
SAP Business Integrity Screening sends alert notifications once exception scenarios are detected.
SAP Business Integrity Screening functionality explained.
Users can adjust detection strategies and search rules using such granular criteria as customizable weighting factors (for data points) and thresholds to reduce false positives.
Weighting factors indicate the importance of every data point in a group. Thresholds define a normal range of scores for an indicator and alert users when specific events occur. For instance, a certain score indicates a transaction possibly coming from a stolen account.
The application can be integrated with other software from SAP or other vendors. For instance, the integration with another GRC solution – SAP Audit Management – allows users to automate audits by executing detection strategies they defined in SAP Business Integrity Screening. When integrated with SAP Predictive Analytics, the application lets users perform predictive data modeling and scenario planning. You can opt for cloud or on-premise deployment. Contact SAP representatives to learn about pricing and packaging.
Other products to consider
As we’ve looked at several fraud detection systems in detail, there are other products that have a large customer base. Let’s mention some of them.
- Riskified is an end-to-end prevention software for eCommerce merchants. Riskified claims to be the first and only solution to use deep learning models. It also provides a 100 percent chargeback guarantee.
- ThreatMetrix is a LexisNexis Risk Solutions Company that provides an “end-to-end platform for digital identity intelligence and trust decisioning.” The platform is used by government agencies and companies from various industries, including banking and brokerage, insurance, healthcare, gaming, eCommerce, and travel.
- Distil Networks focuses on bot detection and mitigation, and online fraud is one of the threats it deals with.
- Simility is a PayPal-owned company that was founded by ex-Google fraud detection specialists. It provides a platform for real-time fraud prevention that uses machine learning, big data analytics, and data visualization. Simility customers are payment processors, banks, eCommerce businesses, and marketplaces.
- Cyxtera (formerly Easy Solutions) provides security software to address online and mobile fraud. For example, DetectTA combines rule-based system, heuristic analysis, machine learning, and other AI techniques to ensure real-time transaction monitoring. Mobile Fraud Protection Suite, as the name suggests, provides threat-free experience for both businesses and their customers.
Businesses, especially financial institutions and large merchants strive to meet the high level of service that customers expect: from a website running fast across devices (channels), easy authentication, seamless order approval or a service request to a variety of payment options, payment approval, and fast delivery.
The digital economy continues to grow. For instance, during Amazon Prime Day the merchant held on July 16, customers bought more than 100 million products. Such sales volumes require businesses to have efficient fraud detection systems in place. Solutions using machine learning can monitor and process transactions in real-time, streamlining staff workflow, and minimizing both financial and reputational risks. Thanks to self-learning capabilities, ML systems are flexible and can recognize and combat new fraud attack patterns.
There are numerous features and aspects worth considering when making a software choice. A solution must be able to identify and prevent fraud across channels, use hundreds to thousands of attributes (indicating user activity, device data, or geolocation, for instance), and screen general and domain-specific blacklists to score every transaction. Integration options and ease of deployment, a vendor’s approach to customer service, and pricing model may also influence a choice.
What fraud detection products do you use? Share your feedback in the comment section below.