21st January, 2020
Travel merchants must look at various aspects of the shopping experience as they opt for new payment methods.
Shoppers are open to embracing new payment methods, as witnessed over the last nine months or so. And this also means that travel merchants have to match up the expectations of shoppers on various counts, be it for the preferred payment method and then other related aspects.
These and many more questions need to be addressed as airlines support payment methods that customers value and prefer.
In addition to having the flexibility to deploy new payment methods when customers demand them, a merchant must also let a travel shopper opt for their preferred payment currency along with the chosen payment method thereby knowing exactly how much they are spending in their chosen currency, said Sandeep Mander, Vice President – eCommerce, Continuum. Importantly, he also explained how airlines gain additional revenue by opting for the right pricing solution during Ai's first webinar of 2021.
Referring to price certainty and transparency, Maarten Rooijers emphasized that “assurance part” is very important to the customer.
Annemarie Graham, Partner Director, Airlines and Travel at WorldPay mentioned the significance of how currency influences payments and shared that 44% of passengers are more likely to book a flight when they see prices in their preferred currency.
For upcoming Ai’s events, click here - https://www.aiconnects.us/events/
11th January, 2021
Interview with Hubert Rachwalski von Rejchwald, CEO, Nethone
The expertise of fraudsters in committing a fraud is what merchants/ ecommerce specialists need to be wary of at this juncture.
Experts believe that fraudsters not only act as an organized group and learn fast from their own errors but they are also well aware of which platforms are using which security measures.
Ai’s Ritesh Gupta spoke to Hubert Rachwalski von Rejchwald, CEO, Nethone about the same. Excerpts:
What would you term to be the biggest challenge in managing fraud today – would it be false positives?
Hubert: It’s not that fraudsters stopped pursuing their activities during COVID. In fact, we have actually witnessed an increase in signals that indicate fraud attempts. So it becomes an issue of riskiness of traffic. But at the same time, the volumes are down. False positives cost a lot in such a scenario. Fraudsters have evolved their technology rapidly over the last year, making it more difficult to keep false positives to a minimum.
How to fight fraud with scalable and flexible infrastructure?
Hubert: We recommend cloud-based infrastructures and cloud-based solutions. From an operating cost perspective, on-premise implementation is way too time consuming and costly. We hope to see that all of the merchants that are thinking about implementing these solutions will be more inclined to go with cloud-based systems.
It allows them to be effective because if there are changes in traffic, they don’t need to worry about server capacity. The latest features are added to their solution with minimal cost.
Fraudsters continue to evolve. What new methodology would you like to highlight as far as e-commerce fraud is concerned?
Hubert: There is currently a big offensive among the most sophisticated and organized fraudsters to leverage more and more professional tools. These days it’s actually becoming less about the manual setups and configurations organized by individual fraudsters. It has become a problem of dealing with sophisticated, sometimes ML-based, scalable solutions that were specifically designed for “frauding”.
The barrier to entry to this space is merely having the financial resources to subscribe to these tools; there is less training needed, fraudsters just purchase access, generate credentials, go through basic configuration of parameters, and they’re ready to go. And it’s difficult to detect these tools. We’re happy to share some of the names of the tools that are available in private meetings, but we don’t want to promote them in publicly accessible content. In order to stand a chance in this fight, you need profiling capability that is able to recognize that you’re not dealing with a normal user, but instead an excellent imitation. Just to put in perspective how quickly the evolution happened, 12-18 months ago, these tools just started to appear. The majority of fraud was conducted with easier tactics and less advanced tools.
Just as with any innovation, it’s a matter of convenience and ROI. If you’re a fraudster and have the financial resources, why not go for tools that will automate your work, supported by SaaS organizations that provide professional, 24/7 customer support complete with YouTube tutorials. It’s an arms race. So much innovation is being poured into methods to extract money from the system. It needs to be met with comparable investment on the merchant side.
Considering that mobile plays a pivotal role in commerce today, how are fraudsters finding ways to commit mobile commerce fraud?
Hubert: The reality is that most of the biggest anti-fraud solutions on the market today were built in the late 1990’s and early 2000’s. The newest ones are from the 2010s. Back then, the share of transactional traffic going through web browsers was dominant. And then in 2012, mobile began to grow. In growing markets like Asia/Africa/LATAM, mobile is dominant.
Merchants who use legacy systems now have a hole in their security. When we were starting in 2016, we saw the future growth in e-commerce, and predicted that the bulk of the growth would come from the mobile channel. So we invested in research and development to find data that will help us fight mobile fraud, such as extracting data from gyroscopes and accelerometers in devices. The R&D helped us build a richer risk profile of a given mobile session. And now the investment is paying off.
Fraudsters are perfectly aware of which platforms are using which security measures. They know which ones are leaky with regards to mobile data. Fighting fraud in native mobile is a whole different game.
There have been interesting discussions around improvising on both traditional/ rules driven as well as machine learning to combat fraud. What’s your advice to merchants when it comes to working out a solid defense mechanism?
Hubert: This is a discussion that we’ve participated in for the last 4 years. We actually understand why fraud prevention managers are in favor of rules. Rules are easy to understand. If something happens, then you can rebuild the logic in your mind and find what triggered an event. With ML the complexity is much larger, hence the hesitation for moving to an automated setup. It becomes difficult for an analyst to grasp what’s happening without some additional help.
That’s why we decided to invest in Explainable AI. It’s a machine learning setup that allows for granular explanation of why a particular prediction is being made. We are able to leverage the analytical potential of the most powerful tools out there, including deep learning where applicable, but still be able to precisely understand why a particular decision and recommendation has been made. We’ve expanded on the ELI5 (Explain Like I Am Five) library/ methodology to be able to provide more context for what an ML model was sensitive to. For each transaction there is a recommendation, and we can provide a prioritized list of arguments why a particular recommendation was made. This is important for both regulatory and adoption reasons. The analysts on the fraud managers’ team are now feeling more in the loop.
Regulations impose strong obligations on the merchant or institution especially if there are disputes, if a transaction was rejected, to provide arguments why an end customer wasn’t accepted. Being able to just go to the panel, search the ID of the transaction attempt and extract a list of features with their weights from the model that suggested the decision, that’s super helpful and powerful.
One of our engineers recently wrote a piece that illustrates the topic well---how studying connections in networks built from transactional, tabular data helps us uncover relationships that are hard to extract when keeping the data flat.
At the end of the day, a client wants to understand why a decision was made. We can pinpoint that this particular model made this particular decision.
My recommendation to merchants: there are so many tools out there, so think about your priorities. I suggest thinking about false positives and the cost of rejection given difficult times. Think about having a setup that allows you to leverage powerful tools while having transparency and control. It’s difficult to jump into unknown waters, and a “black box” ML solution isn’t reassuring. But if you can use a solution that is heavily automated, allows you to maintain some rules logic if your processes require it, then you can take advantage of the most sophisticated tools out there while having the option to see and extract explanations---that sounds pretty compelling to me.
Shopping patterns have evolved – for instance, order during day-time as people mostly worked from home this year. How to ensure there is a balance between security and CX?
Hubert: It’s true, shopping patterns have evolved. That’s why you cannot use rules. If you have a rule that it’s unlikely for a user of a particular card value to make purchases during typical working hours from a certain geography, then you will reject or at the very least send to manual review very legitimate users. The internal cost of modifying dozens of rules is a killer. That’s why we advise our partners (and anyone who asks, really) to leverage as many data points as possible. Save all of the data points of what is being bought and when, which time stamps, etc. and use models that will be retrained periodically. Rules are very aggressive, they like to discriminate right away. With ML we can be much more subtle and look at shades of gray.
It’s good to remember that fraudsters know what might be confusing to merchants right now, because they know what’s changed in the world. It’s all about discerning what is typical and what is not. If they know that the hours of shopping have changed, then they will blend into crowds that are relatively new to confuse the merchants. So we recommend that merchants use all of the available sophisticated techniques to extract information value from this data that the organization possesses.
We hope to see increased adoption of unsupervised and supervised ML. We recently resolved the velocity rules functionality with unsupervised ML. We created a group of models that compare a session against the previous 10,000 session using 5,500 distinct attributes. With that scope you’re able to spot a lot of similarities, and you can identify a fraud attack as it happens without having to wait for the feedback. The historical way of dealing with this was velocity rules. For example, if a user has the same BIN number that was used in many other transactions in the last 30 min or 30 hours, then the transaction is stopped with velocity rules. What if there are a lot of legitimate users with the same BIN that want to buy from your portal because they’re responding to an adwords campaign? It doesn’t mean it’s a fraud attack. If you can compare 5,500 attributes at the same time, and act on it automatically, then that is power.
The role of behavioral biometrics must be ascertained as it relies on dynamic data. It's prowess lies in understanding both legitimate shopper and fraudsters' journey, writes Ai’s Ritesh Gupta
7th January, 2021
Travel merchant must adjust to novel buying patterns that have emerged in the last nine months or so. If they don’t then they might end up with a set of unsatisfied customers as well as satisfied fraudsters.
Think of evolving purchasing hours, device usage…there are too many variables to consider in today’s shopping environment.
The time of the day when transactions are being conducted has changed as consumers have been working from home. Also, more people are making e-commerce buys on the behalf of others, as indicated by Vipin Surelia, Head of Risk, India & South Asia, Visa, during Ai’s ATPS virtual conference in October. This is also resulting in a shift in fraud pattern, added Surelia.
So in a fast-changing shopping environment and the associated fraudulent activity, if the defense layer can't adapt swiftly then a merchant is likely to end up with an alarming number of false positives.
How to tackle the issue then?
A major concern, as always, is to ensure a fraudster’s attempt shouldn’t go unnoticed, whereas a genuine customer doesn’t end up being denied to pay for a transaction.
Progress has been made in the arena of dynamic detection and merchants must gear up and incorporate the same in their defense mechanism. Tools must be able to adapt in real-time to ensure the balance between the user experience (UX) and security isn’t disturbed during the booking flow and is rather optimized.
Fraud prevention specialist SecuredTouch’s co-founder, Ran Shulkind, rightly points out that you can't see what you're not looking for.
This is where the role of behavioral biometrics comes into play. It uses machine learning in order to adapt and learn from the moment a user session begins.
As for what it is based on, it considers how a shopper’s dynamic behavioral characteristics interact with a device, and is being utilized on both desktop and mobile devices. For a mobile device, the level of pressure exerted to the screen, the angle at which the device is held and the speed of finger movement across the screen are individual to each particular user, and can now be used to accurately identify fraud, according to specialists. A use case: in case a fraudster is committing an account takeover and working on the same manually then the behavioral pattern can be identified. Behavioral data features numerous sensor readings to uncover intricate and nuanced gestures. So the efficacy lies in understanding the actual behavior to gauge subtle differences between a legitimate user and a fraudster. “This technology is designed to identify threats you aren’t looking for,” asserts Shulkind.
Being pragmatic and ready
According to SecuredTouch, behavioral biometrics delivers continuous authentication. This means that data is continuously being collected in real-time. This data is used to optimize machine learning models so as to continually assess legitimate customer journeys. These can be contrasted with behavioral patterns that may be indicative of fraud.
Machine learning’s role in fraud detection can’t be undermined but it shouldn’t be forgotten that it takes time to recalibrate.
A human fraud analyst can take charge and control the situation, ensuring a genuine shopper’s experience isn’t hampered. Merchants must assess how to make the most of a machine learning system with a rules-based approach.
Buy-in or testing for any new project it isn’t a straightforward task. At the same time, it is imperative for travel e-commerce players to have a long-term perspective. Any effort made now to secure accounts or protect customer data will go a long way in protecting the interests of an entity as well as serving the customers when they are ready to travel again.
21st December, 2020
It is always fascinating to read into a description of fraudsters’ activity. Fraud prevention specialists use interesting analogies or context to denote what fraudsters are up to.
Here are some of them made during Ai’s online events or interviews in 2020:
By Ai Team
25th November, 2020
Ekata has identified five markers of success that could also help entities unlock the potential of PSD2 SCA, be it for a provider or a merchant.
In its latest study, the company asserted that the “security enhancements provisioned under PSD2, such as SCA, quickly become more than a legal protection checkbox – they are a matter of vital strategic importance to the bottom line of any organization”.
The markers that also differentiate leaders from the rest of the pack are:
The study featured over 36 PSPs and acquirers who represent over 60% of European card-not-present (CNP) volume.
By Ai Team
23rd November, 2020
A number of organizations have fallen short of keeping their data secure even though they believe that they have a defense mechanism in place to protect their information and systems. But any breach or illegitimate access to data is a big blow considering that teams are working remotely.
Capabilities of hackers/ scammers continue to get more sophisticated and it is vital to for organizations to identify any unusual behavior before a databreach happens.
Some of the pertinent areas that need to be focused on are:
By Ritesh Gupta
10th November, 2020
“Keep talking, keep innovating” – this is what Kate Morgan, Head of International Partnerships, Auriemma Group recommended to those who are managing co-brand and loyalty initiatives, stressing on the significance of maintaining the existing credit card customer base in today’s environment.
“Good news from our research – existing customers are still spending across verticals,” said Kate during Ai’s Co-brand & Travel Reward Cards Virtual Conference 2020.
Ref. to UK Finance’s recent figures, Kate shared that debit card spending in the UK reached a record high of £59.1 billion in July. Credit card spending has recovered slightly but continues to be impacted by ongoing economic uncertainty.
As for why consumers haven’t been using credit cards over the past month or so, Auriemma Group’s consumer research indicated that 69% prefer using debit cards and 46% mentioned that credit card is for “emergencies”.
“Very little behavior seems to be driven by the financial aspects of the credit card (for instance, interest rates, credit limit etc.),” said Kate. Outstanding balances on credit card accounts have contracted by 13% over 12 months to July, as a result of repayments outstripping new borrowing in the year.
Even as managing of co-brand and loyalty initiatives has become challenging, the focus must be on maintaining the existing customer base.
Also, referring to Auriemma’s recent research on cobrand spending patterns in the U. S., she said 54% of consumers used co-branded credit card for purchases outside the associated brand.
“Loyalty is a long-term play,” said Kate. She emphasized that airline and hotel redemptions are typically large-ticket items, which take time to accrue. Companies must evaluate:
Kate referred to certain offers/ initiatives resulting in more frequent use of cards. The list included discount delivery on food orders, increased cashback rewards in certain category, extended sign-up bonuses etc. are examples of the same.
Kate also referred to few noticeable developments. American Express has chosen to extend the period by additional three months (doubled it) to allow one to make eligible purchases to earn welcome bonus for certain cards issued earlier this year. In India, Amazon Pay and ICICI Bank have just shared that their credit card has become the fastest in the country to cross the milestone of one million, in less than 20 months of its launch. Highlights include issuance of reward points directly into Amazon Pay balance and contactless feature embedded in all cards.
By Ritesh Gupta
6th November, 2020
The travel sector is going through its toughest balancing act – staying afloat with less. Every penny has to be meticulously spent, contribute to the much-needed cashflow. And most importantly, every stakeholder is looking to play a bigger role than ever, foraying into unchartered territories to ensure the demand is captured in the best possible manner.
Even as senior travel industry executives, for instance, Travelport’s CEO Greg Webb recommend rapid, accurate testing at airports as a feasible alternative to maintain traveler safety, it is imperative for travel brands to be open and up-dated about every aspect of a trip.
It is not what travel providers usually focus on, even though it is a part of the services they need to provide, acknowledges Manuel Hilty, CEO, Nezasa. “You don’t need to know everything on your own, you just need to build a solid partnership and network of expertise,” he says.
As for what products to offer in order to match expectations of a consumer, Plusgrade 2020 Survey underlined that travelers intend to “travel better” and are showing signs of paying a premium. A seat-blocker is not a “COVID product”, highlighted Pramod Jain, COO, Plusgrade.
New initiatives are coming along - Airasia.com’s travel vertical has been expanded to encompass non-AirAsia flights; Wizz Air’s mobile app has added ground mobility services for both pre-booking and on-demand requests. The airline launched this mobility platform with CarTrawler.
“This emphasis on the customer will help rebuild the travel sector and offer strong foundations on which we can all grow and thrive,” said Aileen McCormack, Chief Commercial Officer at CarTrawler.
4th November, 2020
Payment specialists are taking vital initiatives to meet merchants’ local and global needs by strengthening their competency across a spate of key areas including digital payment capabilities, cybersecurity and fraud prevention.
This week Worldline has welcomed Ingenico . The group has expanded the coverage of its payment value chain and its expertise in cross-border acquiring with Ingenico’s global exposure to online commerce.
Also, Nuvei has completed the previously announced acquisition of Smart2Pay Global Services to expand its geographic footprint.
COVID-19 is being tipped to remain an active driver for investment, particularly in the fintech segment.
All this means that specialists are gearing up to support merchants in several areas - transaction routing, authorisation rates and the ability to roll out new payment methods quickly and seamlessly.
Last year witnessed a couple of mega-mergers in this arena. One was the US$42.5b acquisition of WorldPay by FIS. And the other one was the US$22 billion acquisition of First Data by Fiserv.
28th October, 2020
How vulnerable is your critical data? How to respond to a data breach?
Organizations must delve into new risks and repercussions of a data breach with insecure home networks and strained security resources.
Fraud prevention specialists should take note of not only financial aspects, but also associated “soft costs” or hidden cost of data breaches, asserted Tom Madden, Sr Partner Client Succes + Growth, ICFNext, and Matt Silverman, Sr Partner Corporate Communications and Brand Strategy, ICFNext during the LSA Fall Virtual Conference 2020.
A data breach results in a sweeping impact, bringing about not only financial losses but also damages reputation, decreased trust and changed perceptions of organizational strength.
Silverman explained that reputation issues shouldn’t be overlooked. Customers want to feel safe, and since fraud is growing, the probability of an organization’s data assets getting stolen should be brought down.
“Planning is critical,” said Madden.
It is vital for loyalty executives to assess – are they ready to deal with a breach? When it comes to security and transparency – how to communicate? In case a data breach happens, then what to share and what not to share? Timing of communication – within a day or a week?
“All of this and more has to be a part of a thoughtful decision-making, it can’t be spontaneous,” said Silverman.
Focus on limiting access to data
Data security isn’t a “set it and forget it” exercise and an ongoing effort is need to address threats to data privacy, data leakage etc.
Experts highlight that within a company, one cannot misuse or leak what they don’t have access to. So either limit access by default or control the size of the potential leak.
By Ritesh Gupta