Data fraud remains one of the payment industry’s biggest challenges. According to a recent report from the Association of Financial Professionals, nearly 80% of merchants that process payments online are hit by a data fraud in a year, the highest among alternative payment methods.
Only about 50% of organizations encounter check frauds, for instance, while wire fraud is reported by just over 40% of organizations. It shows the scale of work that lies ahead for both payment processors and merchants.
What’s worse, today’s payment frauds take many forms, most of these being organized crime-like syndicates. A syndicate can include professionals with high-level coding skills, money mules, and fraud specialists with access to stolen credentials, fraudulent SIM cards, and hacked smartphones.
Together, these people can form an advanced network of fraudsters, with diverse and cutting-edge skills and tools, capable of planning and executing data breaches on a large scale.
A Multi-Layered Security Approach is Key
The only way to counter such an army is through a carefully-thought, multi-layered digital security strategy. Merchants must especially consider implementing the main layers in the ATO solution; protection, policy, and reporting.
At the top-most layer, protection, merchants focus on evaluating user behavior, devices, and networks to flag any anomalies. An anomalous login activity such as a bot, could, for instance, serve as a red flag. The same applies to credential stuffing and attempted brute force attacks.
The protection layer focuses on identifying these threats and determining, in real-time, how to react. With regards to suspicious login attempts, options would include allowing, denying, or challenging the attempt with step-up authentication.
In the middle layer, policies are formed to protect the consumer and the customer experience. One way to do this is to identify and segment customers based on identity trust levels. A high-risk merchant account, can, for instance, classify the most trusted customers as VIPs. Then, you can also have a separate category for trial users.
Such segmentation allows the merchant to provide a different set of services to customers based on trust levels. Some of the datasets you can use to establish identity trust levels include geo-location, custom data, IP risk, and device specifics.
Finally, the reporting layer dwells on login trend data. Here, merchants are required to collect device and IP information and swiftly report on failed login attempts, compromised accounts, risky IPs, and any other inbound anomalies. Doing this allows fraud prevention teams to tackle account take-over attempts better as well as uncover rich data that might inform future policies.
AUTHOR BIO: Blair Thomas has been a music producer, bouncer, screenwriter and for over a decade has been the proud Co-Founder of eMerchantBroker, the highest-rated high-risk merchant accounts processor in the country. He has climbed in the Himalayas, survived a hurricane, and lived on a gold mine in the Yukon. He currently calls Thailand his home with a lifetime collection of his favorite books.