arrow left facebook twitter linkedin medium menu play circle
June 12, 2019 - Kohki Yamaguchi

3 Tips for Adopting a Fraud Prevention Approach for the Long Term

Fighting fraud is a marathon, not a sprint. Success requires vision, patience, and innovation. Learn how to adapt rapidly to emerging fraud channels, patterns, and techniques.

The risk landscape is evolving faster than ever before, and disruptive changes are happening everywhere in the industry. Mobile and other cardless payments are gaining significant traction. Open banking is seeing increased momentum. Finance is increasingly moving to the cloud. With these evolutions come new authentication approaches such as 3DS2. Many other changes are looming over the horizon, all of which will fundamentally change fraud, and fraud prevention.

As the industry evolves, so do its bad actors. With the widespread availability of cloud services with free tiers and sign-up promotions, it is now easier than ever for criminals to rapidly spin up multiple servers and conduct attacks at scale. Cloud-based machine learning platforms are increasingly accessible, making advanced technologies available for abuse.

What does this all mean for fraud risk?

One thing is certain: new and previously unknown patterns of fraud, abuse, and crime will continue to emerge. As with previous waves of change, these changes will initially disrupt the status quo, increasing fraud in some channels but reducing it in others. Conventional wisdom suggests that this cycle of disruption is inevitable. That may be so, but that doesn’t mean we can’t develop a response that will consistently stay ahead of the changes. The truth is, we can, and we have.

An Anti-Fraud Strategy for the Next Decade

Defining a fraud prevention strategy that can accommodate continuous change is no easy task.  

As fraud experts know, the only thing constant is change when it comes to fraud. This truth is complicated all the more by the fact that our adversaries are human beings who can evolve and refine their techniques over time. By definition, there exists no such thing as a single static fraud system that can stand the test of time.

However, it is possible is to design and implement a system that can respond to change virtually as rapidly as it happens. Doing so achieves the ultimate goal of fraud prevention: disincentivization. The speed and adaptiveness with which you can respond to new and emerging threats will not only limit your financial loss, but it will also protect your business from being targeted by criminals in the first place.

Fraudsters are generally very pragmatic when it comes to both techniques and targets. Inevitably, they will gravitate towards whatever scheme will net them the most illicit revenue for the least amount of time and effort. If you can minimize the financial loss resulting from each fraud scheme, this will also minimize the fraudsters’ gains and discourage them from targeting you again. The result is a virtuous cycle—the better your fraud system is at quickly detecting and shutting down new schemes, the less likely you are to be targeted in the future.

Here are three tips on how you can implement a fraud prevention strategy that enables you and your team to react rapidly to emerging fraud channels, patterns, and techniques.

3 Tips for Adopting a Fraud Prevention Approach for the Long Term

1. Invest continuously in data infrastructure

With fraud detection, everything starts and ends with data. Whether you are using a rules-based system or advanced machine learning, your ability to identify fraud is entirely dependent on whether you have the infrastructure in place to collect and compile relevant signals from various data sources. Even if you are not able to leverage every signal, it is it better to make the investment today so that you are better equipped when you are ready to make use of the data.

Is there a new product launching next month? You should have data collection in place from day one. Are you working with external vendors that provide fraud and risk signals? Make sure that you are not only using the signals at the time of decision, but also storing the signals for future reference. All stored data should be easily mapped back to the original customer, account, and event so that there is no confusion later as to what each attribute represents.

The single most important infrastructure to have in place is a data pipeline to collect and join together data from your various data stores. For the best fraud detection, customer profile data, transaction data, web and mobile access data—along with additional customer touchpoints and 3rd party signals—should be combined to construct a holistic customer profile.

Additionally, you should make sure that the data being stored is relatively clean and free of errors. Machine learning, in particular, relies heavily on historical data to generate features and train models. In traditional slice-and-dice analytics, data issues can reveal themselves with sufficient exploration. However, machine learning models can be more of a black box where the cause of the subpar model performance is often difficult to trace back to a specific data issue. As the old adage goes, “Garbage in, garbage out.” Machine learning is no exception.

2. Make sure your fraud technology stack is adaptive and future-proof

Gone are the days of buying a monolithic platform and expecting it to serve your needs over the next five years. With the pace at which both fraud and technology are advancing, you can consider yourself lucky if the platform requirements have not changed significantly between the time that you purchased the platform, and when the implementation is complete, and the platform goes live.

Fraud systems being built today must be architected for change, with the expectation that data sources, detection algorithms, business logic, and infrastructure needs will be subject to ongoing upheaval.

3 Tips - Legacy Fraud - NextGen Fraud - DataVisor

Does the system allow you to add or replace components easily as business requirements evolve? Can you easily incorporate additional signals to enhance detection over time? Are you able to leverage the latest open-source machine learning models? How quick and easy is it to build a solution for a new fraud use case? These are all questions that should be asked when evaluating how future-proof a fraud platform is.

Over time, the flexibility and adaptability of your fraud technology will make a huge difference in how quickly you can identify and respond to new fraud use cases.

3. Consider new fraud pattern discovery to be a core capability

Fraud is ever-changing by nature, and new fraud patterns and techniques are being tested and used by bad actors every day. Historically, new fraud patterns were discovered only after the fact, when the damage had already been done and customers impacted. However, this kind of reactive approach is clearly not ideal—some types of fraud such as credit card application fraud will only surface months after the originating event, which means that hundreds or thousands of similar cases may have slipped through the cracks before an alarm is sounded.

What is needed is the ability to proactively identify new patterns of fraud prior to damage spreading—ideally before any damage is even done. Such a capability is impossible to achieve using rules-based or supervised machine learning systems. As these types of systems rely on historical data to validate rules or train models, by definition they are optimized for identifying fraud that is similar to historical cases.

The alternative is technologies that are designed to catch new and unknown fraud patterns. One example is DataVisor’s unsupervised machine learning, which can detect new types of fraud with high precision by identifying suspicious correlations across users and accounts.

You should consider the ability to detect new and unknown fraud to be an integral component of a modern fraud system. This is important not only from the perspective of limiting your loss—successful fraud attempts on your business encourage criminals to target you again and again, changing up techniques each time. It’s only when they fail, that they cease.

Taking the Fight to the Fraudster

The fight against fraud is a marathon and not a sprint, and minimizing your long-term damage requires you to make the right investments today. In order to take the fight to the fraudster, continuously putting out fires is not enough—the fraudster will simply keep on making adjustments to their techniques to evade detection.

Instead, what is necessary is to put in place a system that will enable your team to identify and respond to emerging attacks as rapidly as possible. If you can make it prohibitively expensive or time-consuming for bad actors to crack your system, while simultaneously limiting the illicit revenue they can obtain as a result, the criminals will naturally gravitate away towards easier and more lucrative targets. With such a system in place, there is nothing to fear from change, now or in the future.

At DataVisor, our proactive fraud prevention solutions are built to ensure maximum agility over time. Reactivity is a doomed approach from the start. As our CEO and co-founder Yinglian Xie is fond of saying, “If you’re just keeping up, you’re already behind.” We may not be able to forecast fraud’s next move, but with a comprehensive fraud management solution like dCube in place, we can ensure that the moment a storm begins to gather force, we’ll know it. With that knowledge, we can put up defenses that will neutralize the attack before any damage can occur. Most importantly, we can do it again, and again, and again.

Photo of Kohki Yamaguchi
about Kohki Yamaguchi
Kohki is Director of Product at DataVisor. He has over 10 years of experience leading product and marketing for B2B technology companies including Adobe, Origami Logic, and Efficient Frontier. His current and past work has focused on building products that apply big data analytics and machine learning to provide groundbreaking solutions for enterprise companies.
Photo of Kohki Yamaguchi
about Kohki Yamaguchi
Kohki is Director of Product at DataVisor. He has over 10 years of experience leading product and marketing for B2B technology companies including Adobe, Origami Logic, and Efficient Frontier. His current and past work has focused on building products that apply big data analytics and machine learning to provide groundbreaking solutions for enterprise companies.