fraud protection and chargeback tools

Machine Learning 101—What Merchants Need to Know About Fraud Protection

For many ecommerce merchants, understanding machine learning and its application to security management take a back seat to managing supply chains, activating marketing funnels, and maximizing conversions. After all, the latter three are much more conducive to profits.

Unfortunately, that couldn’t be further from the truth. You can have the best marketing strategy in place with a soaring number of new customers, but if your protection systems are weak, your bottom line is vulnerable.

Take the blockchain gaming platform Ronin as an example. Ronin was on a roll after its Axie Infinity game was one of the hottest on the market, so the company dialed back security protocols to free up its servers to handle its growing customer base and maximize revenues. Then, it was targeted by fraudsters between November 2021 and March 2022 when cyber criminals stole $625 million in cryptocurrency. Going forward, Ronin’s parent company will undoubtedly make security its number one concern.

Machine learning is fundamental to today’s fraud detection systems. In this article, we explain how the technology works, why it’s an integral part of any fraud management system, and how merchants can leverage machine learning and protect their bottom line.

Machine Learning and Artificial Intelligence – What’s the Difference?

Both artificial intelligence (AI) and machine learning are highly advanced technical concepts, but they are different. AI is a concept whereby machines simulate human thinking. Machine learning, on the other hand, is a subset of that concept, a process that allows machines to learn from data iteratively, without any changes in programming. Delving deeper, a subset of machine learning is “deep learning” which uses algorithms modeled after the human brain.

What Is Machine Learning When Applied to Fraud Management Systems?

Machine learning is a process powered by technology. Sophisticated algorithms are created to analyze and learn from data generated by daily transactions. Basically, machines learn iteratively.

The rise of mobile payments and the desire to improve the customer experience means that ecommerce merchants and banks strive to reduce the number of verification stages before a payment is accepted. One way they do this is to switch to data analytics, machine learning, and artificial intelligence.

One example of how machine learning applies to payments is following patterns in spending behavior. Let’s say a card owner goes to the grocery store near their house around 7 pm each night and spends between $20 and $40. They then also go to buy gas once a week. If a transaction occurs in a grocery store on the other side of town and for a different amount, or in a different gas station, the algorithm will consider this activity suspicious, assign a higher level of fraud likelihood, and send a verification request to a card owner.

When applied to fraud detection, models—files trained to recognize certain data—recognize good and bad transactions. Over time, and as more data are processed, the models become better at recognizing the bad or fraudulent ones.

Related: 9 Best Practices for Chargeback Management

What Are Static Fraud Detection Systems?

Static fraud protection tools or systems were the first generation of fraud detection technology, and they are still extremely useful and widely used. For example, address verification, IP address geolocation, and 3-D secure.

Address verification – Customers provide their billing address for their credit card, and the system checks the address with the billing address on file with the card issuing bank.

IP address geolocation. Merchants use IP addresses to verify that the location of people attempting to make purchases matches their billing or shipping address. If an order is placed from an unusual or high-risk country or location, the system can automatically prohibit the transaction.

3-D Secure. This protocol adds another layer to verification and requires the merchant, the cardholder’s bank, and the issuer (such as Visa or MasterCard) to approve a purchase. Cardholders must create a password for each card and provide personal information, such as their social security number.

The Problems With Static Fraud Detection Systems

In general, static fraud prevention systems are reactive rather than proactive. Basically, they are in a race to keep a step ahead of fraudsters adept at adapting to static tools. Fraudsters are constantly changing their penetration strategies using different cards, addresses, and devices.

But static tools are losing the race. Fraudsters can easily steal address information, IP addresses, and personal information through data breaches. Also, making customers jump through hoops, such as redirecting consumers to the issuer’s 3-D Secure system during the checkout process, affects conversions for merchants. While these tools require the user to submit information, such as card numbers, addresses, and CVV codes, they do not prove that the user actually has any association to that information.

For more on 3-D Secure read, “News Flash: Merchants Using Authorize.net as Their Gateway Provider Have Until October 2022 to Find New Processor for 3D Secure 2.0 Protection

How Do Machine Learning Fraud Detection Systems Work?

Machine learning systems are designed to be proactive rather than reactive. Granted, traditional static systems are proactive in that they can prevent a transaction if foul play is suspected, but the difference is that machine learning models use “unsupervised machine learning” with no human intervention. The systems are constantly adapting to the data they receive, changing what they perceive as “anomalies” and then triggering preventive action. The fraud prevention system has become a fluid and ever-more sophisticated tool without any updates.

There are two stages to machine learning fraud prevention. The first is building the model, and the second is implementing it.

For ecommerce merchants, the more transaction data they have, the better the system will be. A provider of a machine-learning fraud detection system may use sample or “starter” data sets if the provider lacks data.

The fraud detection system looks at specific pre-defined data points from each transaction and adds them to the model. For example, data points might include the customer’s name, order details, the date and time of the order, and the card number. These data points are the raw data used in the model, but the system still needs to recognize the difference between “good” and “bad” transactions based on its analysis of the raw data. This process determines the legitimacy of a transaction.

Drilling Down

To go into a bit more detail. A fraud detection system extracts its data points and analyzes them before accepting an order from a customer. It may look at an order for dog food, for example, and compare that order to a historical one.

The system then comes up with a risk score calculated by the model. The fraud score is similar to a credit score where various factors are weighted in its calculation. Depending on the risk score, the transaction is either accepted, rejected, or flagged for a manual review. Perhaps the card number is different this time, or the IP address has changed.

All of this occurs in nanoseconds, and the activity is then fed back into the model, further refining the algorithm.

What Machine Learning Can’t Do

Fraudsters are constantly working to confuse machine learning systems. They will find ways to create transactions that mimic real customer behavior. So, the systems are constantly facing new challenges and may not be able to reduce fraud risk completely.

Also, bad data in means bad data out. If a system misidentifies a transaction and it goes back into the model, over time, that model will be skewed, and the decisions made on transactions will be inaccurate.

Lastly, machine learning cannot replace human reviewers, which are preferred in certain contexts, such as high-value transactions like jewelry, collector items, or property transactions.

To learn about fighting “friendly fraud,” read “Customers Are Now the Biggest Fraud Threat to Merchants—How to Fight Friendly Fraud”

Do I Really Need Machine Learning in My Fraud Management System?

Yes. Why? Because static fraud management just won’t cut it any longer; the digital world is advancing too quickly. Not only is machine learning a vital component to fighting fraudsters today, but quantum computing will be the next must-have where technology and protection is concerned. According to Fortune magazine, “quantum computing is the next big cybersecurity threat.”

According to Fortune, although a quantum computer — a new system that can execute in minutes calculations that would take hundreds of years on the world’s fastest conventional supercomputers—has not yet been created, they may be less than a decade away, and merchants need to prepare.

Mega data breaches from quantum computer-driven fraudsters are expected to occur, and hackers will be able to leverage past breaches by deciphering data they’ve already stolen. Customers will demand post-quantum data security, and merchants that cannot provide it may lose the ability to operate. So yes, merchants must keep up, and machine learning is one necessary step in the right direction.

The Ultimate Fraud Detection System

Bear in mind that machine learning is just one component of a total fraud detection system. No one is pretending that the human element and static tools are not a critical part of fraud detection systems. But the appeal of machine learning is that it can sort volumes of big data within seconds, and the results are faster and more accurate. The same outcomes would be impossible with static fraud protection systems or human agents alone.

In fact, because of the nature of machine learning, the large datasets that are so challenging for humans are actually what give machine learning fraud management systems their strength. Best of all, these systems don’t need rest or breaks; they work tirelessly 24/7. According to the tech consulting firm Capgemini, machine learning solutions can improve detection accuracy by 90 percent and reduce fraud investigation time by 70 percent.

Now that you know what machine learning can do for you, integrate the technology with your payments infrastructure. With fraudsters upping their game at every turn, you’ll benefit in the short and long run and protect your bottom line.

Cartis Payments is a merchant services provider of streamlined digital payment gateways, fraud protection, and chargeback prevention tools. Find out how easy it is to integrate machine fraud management solutions with your payments infrastructure.