Banks face a significant risk of payment fraud. They must contend with traditional types of payment fraud like check fraud, but they also need to deal with the growing threat of instant payment fraud. With an instant transfer, the thief has the funds in their account immediately. This is more lucrative for the thief and makes it easier for them to pocket the funds before they’re detected.
Thieves rely on phishing attacks to get most of the information they need to commit payment fraud. They don’t have to learn how to hack a website. They simply need to send a convincing email, text, phone call, or letter to the victim to trick them into sharing their payment details. This low bar allows even an amateur to commit a stunning amount of fraud.
Financial institutions can’t rely on traditional fraud detection and prevention measures if they want to stop payment fraud. Instead, they need to employ methods that give them more comprehensive protection against all types of payment fraud.
The Problem With Rule-Based Fraud Detection
Rule-based fraud detection is simply not flexible enough to deal with the constantly changing ways that thieves commit payment fraud. Static rule sets can’t adjust to new types of fraud and different types of behavior. They can only flag transactions that fall outside of the levels associated with the rule sets.
Thieves can often figure out how the rule sets are set up, and they purposefully initiate transactions that fall inside of the rules so that they aren’t detected. They may, for example, only make purchases under a detectable level when they steal a credit card, or they may try to mimic the customers’ behavior to avoid detection.
Static rule sets are also notorious for creating a restrictive environment for customers who are making legitimate transactions. Rule sets cannot capture all of the unique ways that customers complete banking transactions right now. Because customers can handle transactions in a vast number of ways over online and mobile channels, thieves have an increased attack surface, and banks have an increasingly complex environment that the rule sets aren’t poised to address.
Challenges With Artificial Intelligence
AI offers advantages over static rule-based fraud detection. Because it uses dynamic detection models, it can spot payment fraud more accurately, and it generates fewer false positives. Compared to rule sets, AI improves fraud detection and the customer experience.
However, even AI is not perfect. Mainstream AI is limited by the nature of the bank’s datasets. Individual banks don’t have enough fraud examples to effectively train AI. This leads to overfitting which means that the AI has a very narrow view of fraud. It can spot the fraud that it knows very effectively, but it struggles to detect fraud incidents that it isn’t familiar with.
AI needs a lot of data to learn, and it requires balanced data sets. When you train an image recognition algorithm, for example, you show the AI an equal number of the target image and images that don’t contain the target. With payment fraud, this is nearly impossible.
An individual bank doesn’t have enough fraud cases to train the AI. This underscores the need for banks to share their information to improve fraud detection across the board, but there are limits on the available channels for doing this without compromising sensitive customer details.
Additionally, throughout the banking industry, the majority of payment transactions are legitimate, while only a small number are fraudulent. This imbalance disrupts AI’s ability to learn effectively. The AI learns how to spot certain types of fraud, but because the sample set is so small, the AI doesn’t learn to detect other types of fraud. With new fraud scenarios evolving almost daily, this creates additional risk for financial institutions.
Combining Managed Learning and AI to Detect Payment Fraud
Managed learning can help AI to avoid the risk of becoming overfitted. This approach uses both supervised and unsupervised machine learning to improve the efficacy of the system. In the initial phase, the fraud detection solution looks for payments that are outside of the customer’s usual patterns. It scores the transaction based on the severity of the fraud indicators.
Then, based on the score, it flags the transactions for review or requests verification from the customer. For optimal results when reaching out to customers to see if a payment is legitimate, you should require strong authentication factors such as the following:
- Knowledge that only the account holder knows such as a passcode.
- Something only the user possesses like their email address or phone number.
- Details that are inherent to the user such as a biometric.
This helps to ensure that a thief isn’t verifying the transaction. For instance, if you text a code to the customer’s phone and require them to enter the code to complete the transaction, you are verifying them with something that they possess.
Then, when the anti-fraud solution finds out whether or not the payment transaction is legitimate or fraudulent, it learns more about the customer’s behavior, and it also learns more about different types of fraud scenarios. It uses this information to improve its fraud detection accuracy.
Supervised learning improves fraud detection and reduces false positives. This saves time for your fraud team because they don’t have to investigate as many transactions. It also creates a better banking experience for customers because they’re less likely to have legitimate payments declined.
Instant Payments Create Additional Risks for Banks
Payment fraud gives criminals an easy way to earn money from a low-tech scam, and instant payments make this type of fraud more effective for criminals. They don’t have to commit identity theft, steal check blanks, or hack into a customer’s account. They only need to trick a customer into sending a payment.
Then, once the money is out of the customer’s account, it’s generally irretrievable. There is no lag between initiation and payment. By extension, banks need to focus more on prevention than detection. Once they detect this type of fraud, it has already happened, but if they can prevent the transaction from going through, they can prevent the losses.
At SQN Banking System, we have an in-depth understanding of the fraud landscape. We can help your bank detect and prevent payment fraud across all payment channels. To learn more, contact us today. We can start with an assessment of your anti-fraud measures, identify your vulnerability gaps, and help you find the best anti-payment fraud strategies for your bank.