It’s no secret that data crime has developed on an industrial scale. Measured in terms of damage done, it comes third in the world ranking of economic crimes, behind corruption and drug trafficking. In 2020, data security specialist Varonis calculated that close to 10 billion data records had been lost or stolen since 2013 — a third more records than there are people. Six billion data records were hacked in the U.S. alone, 19 per inhabitant.
Every American lives with the risk that, once a quarter, someone somewhere will get sight of their personal data by, for example, hacking into the systems of banks, companies and local authorities. From a shopping perspective, the scene of the crime has evolved from the POS to the internet, and the number of victims is huge. McAfee reports that two-thirds of the three billion people online are affected by data theft.
The first phase of spying is often automated (e.g. bots). Manual attacks, however, remain a problem — and often the victims are not individuals but businesses. There are two sides to the fraud coin: crimes committed against customers and crimes committed by customers. “Shoplifting 2.0,” the new, digitally enabled way to steal from a store, is an example of the latter. In 2018, 151 million conventional (non-bot) attacks were observed, and of these, 91 million were directed at online merchants. In other words, a shoplifter is hiding behind more than every hundredth customer on the net.
For example, some perpetrators specialize in self-print gift vouchers. Others are so brazen that they use click-and-collect services in the branches of omnichannel stores, to pick up goods that they’ve paid for online with credit card credentials they’ve stolen.
Traditional fraud prevention mechanisms are no longer sufficient, particularly given the rapid increase in ecommerce over the past year. So how can retailers defend themselves against fraud? The answer lies in the use of big data and machine learning.
Minimizing fraud requires detective work that nobody can do independently. The answer to this challenge is big data. In large amounts of data, modern analytical tools can detect hidden patterns that would never be noticed at the level of an individual merchant. But this is still challenging for retailers to do on their own. Payment service providers, banks and/or credit card partners can scan the data stream on a completely different scale and offer fraud prevention services to retailers to protect their businesses and their customers.
Machine learning is a method from the toolbox of artificial intelligence (AI) — but it doesn’t mean that computers are left to their own devices and to program themselves. Instead, the traditional “if-then” rules are supplemented with new insights and observations that a human would not come up with on their own.
First, the self-learning system is “trained” with clean, categorized data. It is then able to filter out deviating patterns. If recurring patterns emerge that do not correspond to expectations, this can mean one of two things: the habits of consumers are changing, or there’s a new attack vector.
When the AI system is running in everyday operations and suspicious activity is detected, appropriate rules can be applied — for example activating 3-D secure authentication, recommending a manual check or blocking the customer with a request to contact customer service. The tools used in the live monitoring of transactions also include behavioral analysis. Characteristic patterns are assigned to customers, merchants, user accounts and devices, and the respective profiles are constantly updated. Thus, a prediction of future behavior can be made at any time, which can be compared with actual behavior in real time. With regard to protecting customers’ personal details, retailers and their payment service providers can separate the analysis from the person and anonymize the data using tokenization.
Fraud is increasing in scale and complexity, and the focus has shifted online. The digital economy creates opportunities for all — including criminals. The spoils are concentrated in a few large-scale attacks a year, but the damage is spread over billions of smaller incidents. These smaller incidents are rarely worth the effort of consistent criminal prosecution — but they represent a significant cost to retailers and customers.
Developments in AI and data collection — the ability to “mine” and analyze data amassed at speed and at scale — can make it easier to combat this fraud. For companies that can keep the fraudsters in check there’s a double advantage: a simpler and safer checkout experience for the customer, and greater profits for the retailer.
Ralf Gladis is CEO of payment services provider Computop.