Real-time payments fraud and the key to outwriting the cat-and-mouse game

Is it true that real-time payments imply real-time fraud? ‘Maybe’ is the answer to that question. For banks, merchants, card networks, and issuers, who have not invested the time and implemented the software and processes to detect fraud, the simple answer is ‘Yes’. Is it also not a clear ‘No’ for those who have updated their fraud technology and strategies, but have not continually improved their architectures and payment rails to take on the real-time aspects of payments in 2021. The best-in-class companies have implemented leading-edge fraud technologies to assess risk and make automated fraud decisions in real time using artificial intelligence, specifically deep learning techniques that are both supervised and unsupervised to detect fraud in real time, leading the way to protect the consumer and their payment ecosystems. 

So, while payment channels and digital interactions have seen unprecedented innovation due to customer demand for real-time payments, fraud has also increased. More than ever, organisations are supporting efforts to combat online and mobile payment fraud as well as check cashing and wire transfer protections. Deep learning fraud systems enable consumer transaction data and automated actions (based on machine learning ‘confidence factor’ scores), and configurable risk thresholds (based on transaction type, internal risk, consumer entry point and account age, friction tolerance, mobile and web signals intelligence, and related decisions deployment of such systems). The key lies in AI-powered actionable insights and real-time adjustable capabilities.

Critical advances to deploy AI for real-time fraud detection

Fraud teams involved with real-time payment coverage strategies must look for solutions that address speed and a more comprehensive set of capabilities associated with AI-built deep learning. There are a lot of opinions depending on who you ask, but based on my own experiences with modelling identity for fraud detection, I would suggest the following capabilities.

Ecosystem and federated networks – massive pre-trained deep learning models that can tackle any difficult problem with a substantial temporal or context dimension to understanding session-based actions, anomaly behaviour, text, mobile and web signals, and inputs. 

Behavioural biometrics – anomalies in real time that indicate machine bot automated responses, such as fast form fill or multiple form process speed, and social engineering fraud can be detected by monitoring account patterns and entity behaviour. The goal should be to start the journey by assessing a new consumer at account opening or digital onboarding and then use that behavioural context and session baseline as a starting point for a risk score that evolves over time to monitor inbound and outbound payments.

Synthetic ML models – new artificial intelligence solutions can be developed faster with synthetic data, oftentimes with insights from fraud detection teams, which can also be used to improve the accuracy and resilience of existing AI models while preserving sensitive data.

As a result, it is possible to build models that optimise various objectives/constraints or decide on an action built on positive and negative environmental feedback using reinforcement learning techniques, such as simulated environments or a large number of micro-intensive experiments. 

When models are trained on different sets of data, the combined models can be utilised to share intelligence between devices, systems, or industry-specific companies to get around privacy concerns or bandwidth restrictions. 

Cause-and-effect linkages in data can be determined using techniques including structural equation modelling and causal Bayesian networks, which can be deployed for business insights and bias prevention, where understanding and the ability to easily explain outcomes and decisioning are just as important as accuracy in predictions especially in a GDPR framework of protecting consumer data.

The cat-and-mouse game of fraud 

Armed with these abilities, you can only get a seat at the table. I would argue that since August 2020, when The Federal Reserve Board announced details of the FedNow Service – a new 24/7/365 interbank settlement service with clearing functionality to support instant payments in the US – the cat-and-mouse game has taken on a whole new focus. As FedNowSM joins The Clearing House’s (TCH’s) Real Time Payments (RTP) in the market, fraudsters look for open vulnerabilities and online payment platform holes to exploit.

Real-time payments have been a gold mine for bad actors looking for ways to receive instant cash. They have targeted payment providers by looking for flaws in recently released digital products and services. Fraudsters rapidly test the governance of the controls to identify weaknesses and then quickly adapt methods to drive fraud through these gaps. 

Fraud teams should consider real-time payment coverage strategies that address the total transaction time (friction/speed) in addition to the more comprehensive set of capabilities mentioned above. The idea is to use these newly discovered deep learning models, mainly from vendors that have a federated network capability, in order to enable best practice and benchmarking against a much larger set, as well as the consents, privacy controls, and security measures that come with it.

As providers rethink their fraud strategies, tacticians must take into account new AI-based models redesigned for payment transformation. The cat-and-mouse game never ends. Fraud strategists must devise and implement new messaging standards, evaluate new transaction types and API ecosystems, all with AI-powered deep learning models at the forefront to fight fraud and provide the best frictionless consumer experience.

The content herein reflects the views and opinions of Ralph Rodriguez. It does not necessarily reflect the views or opinions of Summit Partners, L.P. and has not been independently verified by Summit Partners, L.P.

This editorial is part of The Fraud Prevention in Ecommerce Report 2021/2022, the ultimate source of knowledge that delves into the evolutionary trail of the payments fraud ecosystem, revealing the most effective security methods for businesses to win the battle against bad actors.

About Ralph A. Rodriguez 

Ralph is an Executive-in-Residence at Summit Partners where he works alongside Summit’s technology team to identify new opportunities within growth stage technology companies. Previously, Ralph was an MIT Fellow and a Research Scientist at Facebook where he led Applied Identity and Intelligence. Prior, he was the Co-Founder and CTO of Confirm.io, which Facebook acquired in 2018. As the longest-serving Fellow at MIT, he pioneered research on AI, cloud, mobile, neural science, and security at the MIT Media Lab and Harvard-MIT Health Sciences and Technology (HST) department.

About Summit Partners

Founded in 1984, Summit Partners is a global alternative investment firm that is currently managing more than USD 42 billion in capital dedicated to growth equity, fixed income, and public equity opportunities. Summit invests across growth sectors of the economy and has invested in over 500 companies in technology, healthcare, consumer, financial, and business services, and other growth industries. Summit maintains offices in North America and Europe, and invests in companies around the world. For more information, please see www.summitpartners.com or follow on LinkedIn.