Big Data, Machine Learning Battle Online Payments Fraud as Criminals Target BNPL

 Most consumers don’t think about eCommerce fraud.

Until they become victims.

Eric Christensen, chief payments officer/vice president of product at Digital River, told PYMNTS that for financial institutions (FIs) and merchants serving those consumers, the growth in eCommerce has brought more opportunities for online fraud.

Though the ratio hasn’t changed much (measured as the fraud-to-transaction ratio), the money lost to the bad actors is significant. eCommerce losses tied to online payment fraud topped $20 billion globally in 2021, up 14% from the previous year.

And we’re seeing a shift in just who is trying to siphon off the funds.

As Christensen said, “It’s not necessarily the fraud conglomerates that are trying new things. It’s the individuals trying to figure out what they can and cannot get away with as they move into new eCommerce systems.”

One thing is for sure: The fraudsters are not taking vacations.

And they’re setting sights on some of the newer, wildly popular payment methods.

Christensen said as more consumers get comfortable with the emergence of super apps and digital wallets — that will provide more avenues across which the fraudsters can attack.

“We’re watching how the fraudsters will start attacking the buy now, pay later space,” he said. After all, it is the fastest-growing payments that will get the most attention from criminals.

For the firms that have been under attack, waiting and reacting is never a good strategy.

Especially with the seasonality inherent in eCommerce, “the last thing you want to be doing is messing around with new fraud technologies during your busiest times,” said Christensen.

Looking at Seasonality  

Retailers, merchants and all manner of enterprises, he said, should find the “low” points in their seasonality spread — and use that time to tweak rules so that they feel comfortable with their fraud defenses in place when the business does pick up.

No matter when the tweaking is done, said Christensen, firms must be cognizant about the balance between friction and the customer experience.

“Obviously you could stop all fraud, if you wanted to, by making the experience so horrible that customers won’t come back,” said Christensen, only a bit tongue-in-cheek.

The better thing to do, he said, is to build a holistic, multi-layered fraud approach — one that takes the rules-based guardrails of legacy systems and leverages Big Data to spot anomalies inherent in the transactions, and at the consumer level.

Christensen said data tied to how devices are used, how consumers are behaving, and how data is being input online can help firms to construct new, flexible, rules that optimize anti-fraud efforts.

That data, he said, can be as granular as knowing whether consumers are transacting over iPhones or laptops, and even the geographical location where the devices are being used.

The ways in which consumers type their information — directly into fields or “cutting and pasting” — can be a “tell” on whether consumers are genuine or not.

Big data and machine learning can work in tandem to glean information to help fraud systems make decisions without human interaction.

Rule optimizing, Christensen said, enables the most orders to get through while reducing false positives — giving rise to a happy and satisfied customer population.

As the EU has rolled out two-factor authentication the results have been mixed.

We’re in a better spot, now, than had been seen before the new regulations and multifactor authentication was first introduced a few years ago.

“It’s been a bumpy road,” said Christensen. There was not enough merchant interaction with regulators around what the rules, and their impact, would be. “We’re continuing, as an industry, to look at new ways to improve engagement with the merchant community.”

Christensen believes card brands, and card processors implemented the new rules inconsistently. The merchants were held to a waiting stage until everything was ready across the various parties that “touch” a transaction.

“There was very little time on the merchant side to make sure that this would be a seamless experience,” said Christensen, who added, “that’s why you’ve continued to see delays in the enforcement. It takes a lot to get everybody lined up, to get a payment transaction all the way through the system.”

“I think two-factor authentication is the right step for us as an industry. I think we need to do it more in the U.S. as well as we continue to move forward.”

Looking ahead, fraudsters are not going to rest on their laurels. The question remains as to how long it will be before the fraudsters find more effective ways to work around two-factor authentication.

As Christensen told PYMNTS, “we are always going to have to continue to innovate, because the fraudsters are going to continue to be innovating, too.”