search.noResults

search.searching

dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
ACI WORLDWIDE Sophisticated fraud solutions


Jackie Barwell, Director Fraud Product Management ACI Worldwide, looks at how merchants can protect their customers.


henever there is a major data breach, such as the WannaCry attack on the NHS, or the British Airways reward booking incident in which 185,000 payment cards were exposed, the news goes into overdrive because there is concern around our data being exposed and it being in the hands of the fraudster. However, for these fraudsters, the target is moving and there is an ever increasing ‘must-have piece of data’ that is becoming more difficult to obtain.


W


Naturally, when a breach does take place, the belief is that the fraudster who successfully conducted the attack now has a wealth of readily-accessible stolen data that they can utilise. Although these breaches are damaging and worrying for both brand and consumer, we’re seeing that the golden nugget of data that criminals require to commit fraudulent activity, is often far more difficult for them to access. This is often because mandatory pieces of information needed to complete a transaction or verify the identity of a customer are encrypted or hashed – or was never stored by the victim of the breach in the first place. This means that although the fraudster appears to have the full stolen ‘credentials’ in their possession, it’s a significant challenge to actually make a successful purchase with it.


In order for fraudsters to gain the information they require, they revert to old-fashioned social engineering techniques, or, as we’re now seeing, utilising bots; hundreds, if not thousands, of computers controlled by a single command terminal. These are used to quickly and randomly try to find out the key missing pieces of data they need. Data that can then be utilised to make purchases and commit fraud. To crack down on this, there are sophisticated fraud solutions available to both merchants and financial institutions, which help them to protect their


customers’ payment details. For example, companies such as BioCatch deploy cutting-edge behavioural biometrics to help determine whether or not the person is who he/she says they are, or whether or not it is likely to be a bot.


There is an ever increasing ‘must- have piece of data’ that is becoming more difficult to obtain


58 APRIL 2019 CIO


Beyond this kind of ‘click stream analytics’ technology, merchants are also utilising fraud prevention solutions (such as ACI’s ReD Shield) to protect their customers. These are increasingly able to profile the ‘shopper’ (among many other things) and pinpoint if there are any anomalies with a transaction, which go against the known shopper profile. Consortium data – such as that tapped by ReD Shield – is capable of analysing millions of transactions across thousands of merchants. For example, say a purchase is made where the delivery address, IP address or device fingerprint differs from the known profile, the conflict in profiles will raise an alert to the merchant, letting them know that fraudulent activity could be occurring. This will give the merchant ample time to cancel any transaction and protect themselves and the customer before fraudulent activity can occur. We’re also beginning to see real-time anti-fraud solutions being built on sophisticated architecture – able to mitigate against even the quickest of bot attacks. This means that the detection can take place so quickly that attacks can be thwarted at a merchant level, payment instrument level, IP level, or even a device level – fully protecting the full suite of access points through which merchants offer their products. These solutions understand, absorb and recognise every transaction as it happens in real-time, showing how the solutions provider is ‘giving as good as they get’ when it comes to fraudulent activity, no matter how sophisticated the attacks are becoming.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24