A Providerless Network Sees the Big Picture: Noam Naveh, Fraud Strategy
In my engagement with clients and when I meet colleagues at conferences, we often lament the lack of collaboration between companies on fraud prevention.
To us fraud fighters it makes perfect sense: fraud has become highly sophisticated, collaborative and organized while companies continue to operate in silos, reinventing the wheel time and again.
But until the advent of providerless technology such as F.A.I.R., collaboration on data — which is at the crux of fraud prevention — was impossible.
I know this first hand, because I recently participated in a series of meetings between companies in an attempt to bring about such collaboration. This effort ultimately failed: business leaders were reluctant to work with competitors and lawyers were justly worried about privacy.
The almost sci-fi ability to consult the entire “community’s user database” without ever sharing user PIIs is immensely valuable for every online business.
We know that someone out there has already approved a user that is new to us, or has already seen this user’s new device. If we can spare the user an annoying identity verification process while preserving fraud prevention firepower for fighting real fraudsters, it’s a clear win-win.
On the fraud side, there’s some interesting math that proves why we need to work together.
Behind every fraudulent transaction is an ROI calculation for the fraudster: when the gains from a successful fraudulent transaction fail to justify the time, money and effort the fraudster invests in them, they will give up.
One of the best ways to increase the fraudsters’ investment is to require them to come up with a new identity, a new device and a new payment instrument for each and every transaction.
In practice, this is achieved using velocity checks that prevent reusing the same assets excessively. When a fraudulent attempt is detected, all of the assets are “burned.” Even when initial detection fails, we can still notice repeated use and stop the attack before it scales.
Alas, all the fraudster needs to do to circumvent these checks is go to a different online store, where these assets have not yet been seen. With the abundance of online stores, the fraudster’s assets can safely be used repeatedly, maximizing their value.
Consequently, what we need is a “velocity check” that is shared by all the major online businesses. This is one of the clear advantages a collaborative data network can provide. Companies that opt out of such a network will ensure the fraudsters achieve increased ROI.
Combining these capabilities with the ability to strongly identify and provide a great user experience to the trusted users is a one-two punch to the fraudster, and a huge leap in capabilities for any fraud fighting organization.
Beyond the immediate value, I think that data collaboration among online merchants, marketplaces and service providers is a very promising development. It may help us, one day, to tackle challenges that are quite intractable today.
As an example, consider “chargeback abuse”, where buyers falsely report to their bank that, say, their new Nike Airs were actually an unauthorized purchase, even as they post selfies of themselves wearing them to their Instagram followers.
This phenomenon, according to multiple reports, is on the rise, and I’m constantly hearing people in the risk management community looking for solutions.
It is a type of problem that no merchant can fight on their own, because even if they decide never to let this fraudster (yes, we should call them that!) shop at their store again, it’s not a real deterrent; the fraudster can repeat this trick at endless other stores. However, when merchants join forces, an effective management of this issue will one day be possible.
Noam Naveh is an identity and payment fraud prevention consultant with 15 years of experience in tackling fraudsters online. He helps payment providers and online merchants and marketplaces deal with the ever-increasing challenge of online fraud. Prior to his consulting business, he spent four years at PayPal’s risk management department, working on technology infrastructure, real-time decisioning, and data sources. Before that, Noam was the Chief Analyst of Fraud Sciences, the startup famous for pioneering accurate online fraud detection, which was acquired by PayPal in 2008.
This article was originally published in “How Providerless Technology is Changing the Way We Validate Identities Online.” You can read further articles by other industry experts in the same eBook, here.
This blog post is part of our Fighting Fraud on the Front Lines series, bringing the expertise and experience of veteran fraud fighters to a wider audience. Identiq is all about collaboration, and we firmly believe that the more we pool our knowledge (though not our data!) the stronger we become as an industry.
Do you have something burning to share with the community? Or do you know someone who has a lot of fraud prevention wisdom to share? Reach out to us!