Fraud Prevention in Payments: Through the User Journey - Ofer Golan, Wix
Faster payments leads to faster payments fraud. Payment facilitators (Payfacs) and financial institutions (FIs) are evolving extremely fast and users expect those services to be delivered instantly and securely.
Fraud and financial crime is evolving just as fast and pushing payments companies and FIs to seek new strategies to manage risk and stay ahead of criminals.
This is why risk management and fraud prevention is so necessary to protect both businesses and users.
Touchpoints from online account creation, the onboarding process, through to the ever-evolving user lifecycle have emerged as growing vectors for fraudulent activity, causing financial, compliance & reputational risks like account takeovers (ATO), new account fraud and more.
As Head of Risk & Fraud Operations at Payments by Wix, I not only witness threats grow more sophisticated by the day, but also - and equally crucially - pushe for a frictionless user journey for good customers, using all the data points my team and I can imagine to do most of the checks behind the scenes with minimal impact on our users.
Mitigating payments risks, implementing compliance, and taking care of AML & CTF requirements, requires balance between two efforts: the work to ensure a frictionless user journey and efficient risk mitigation. This dichotomy is also sometimes referred to as speed versus security, or friction versus fraud. Of course, achieving this balance is challenging, but it is possible.
The first and most important step: Onboarding
The onboarding process, and the account opening phase more generally, need to be as seamless and simple as possible; it’s the point of the user’s journey where you’re most likely to lose them, after all, if you don’t make it an easy and pleasant experience. On the other hand, predicting, detecting and stopping fraud at onboarding, the first step of the company relationship with the user, is the most important and effective point for protecting the company from fraud.
During the approval process, FIs must comply with KYC and AML requirements. This includes verifying the applicant’s identity information against external watchlists and public record databases, as well as collecting and integrating the necessary external sources with internal data and systems.
With Identity Theft remerging as a serious threat, companies that can verify identity and authenticate users effectively, will have lower risks. In addition, companies can save time, money and resources by avoiding fines, cutting the cost of compliance and directing resources to business growth initiatives.
A streamlined onboarding process leveraging intelligent automation keeps users’ information secure and delivers a great customer experience. Device information, device biometrics, facial recognition, biometric signatures, digital tampering detection, and multifactor authentication creates a positive impact by building greater trust and reducing business risk.
Ongoing Monitoring: Account Activity and Ongoing Transactions
When monitoring for suspicious activity, companies must analyze huge amounts of data, events, and their context to spot anomalies in user behavior and respond in real time to a threat - in order to both stop fraud attacks and also reduce false positives and false negatives.
Continuous fraud monitoring looks at and analyzes the data related to online and mobile sessions, devices, IP addresses, behavior, and all the events that users perform to determine the level of risk.
Customer experience should be most important. When funds held to prevent fraud or a transaction must be declined, every effort must be taken to communicate with the user and prevent dissatisfaction.
Unlike humans, machine learning can analyze incredibly large volumes of data in real time. Anomalies detection reduces friction for legitimate users. FIs must invest in data science talent combined with domain expertise. A rules-only system cannot achieve this because rules are designed to spot known fraud attacks only. Machine learning works on top of the rules engine.
Collaboration: The Way Forward
Data enrichment tools and pooling data, or the understanding gained from data, within privacy limitations, can add a great advantage for fraud fighters. If we could all join forces together and leverage one another’s knowledge and experience we all could stop criminals at an early stage and verify genuine users with very low friction. That’s the missing piece that would tie all of the stages I’ve described together, for best results.
Identiq’s vision to solve the identity validation problem by creating an anonymous distributed network to validate new users, could improve performance and increase approval rates and create a better user experience. I can’t wait to see the impact.
About Ofer Golan
Ofer Golan has been preventing fraud and financial crime, and mitigating risk, for nearly fifteen years. He has tremendous experience in the payments sector, having tackled a wide variety of risks from the perspective of fraud prevention, compliance, anti-money laundering and security. He is currently the Head of Risk at Payments by Wix.
This blog post is part of our Fighting Fraud on the Front Lines series, bringing the expertise and experience of veteran fraud fighters to a wider audience. Identiq is all about collaboration, and we firmly believe that the more we pool our knowledge (though not our data!) the stronger we become as an industry.
Do you have something burning to share with the community? Or do you know someone who has a lot of fraud prevention wisdom to share? Reach out to us!