Fraudsters and e-Commerce

  • Share some of the challenges relating to fraud
  • CNP – How big of a challenge is it and is it secure?
  • What technologies can help us tackle fraud?
  • Give us an example of Kount helping fight fraud
  • Please share a casestudy where Kount has helped manage fraud costs for a customer


  • Random notifications from Facebook
  • SITA awarded for delivering a new secure, paperless and deviceless self-boarding process
  • AnyVision has teamed up with NVIDIA to promote a facial recognition
  • Microsoft wants to put you in charge of your digital identity
  • Visa and Worldpay take responsibility for charging Coinbase customers multiple times for the same transaction
  • Oracle said that it has agreed to acquire cloud security firm Zenedge
  • Apple has pushed out an emergency update for the Telugu bug

Biometric Authentication News BAN-049 Release Date : 2018-02-23

Satish KARRY: You’re listening to Biometric Authentication News, and this is your host, Satish Karry. Today on our show we have Don Bush. He is VP of Marketing at Kount. Welcome to the show, Don. How are you?

Don Bush: Thanks, Satish. I’m doing great.

Satish KARRY: Thanks for joining in today. We plan to talk about fraudsters and e-commerce. Very excited about that, and let us get directly into the question. E-commerce shares some of the challenges relating to fraud. What do you see in the market, and what are the recent trends?

Don Bush: You know, we see a lot of things in the marketplace for e-commerce or m-commerce, mobile commerce, that are trending. Some of the challenges that you have, though, is today consumers have been trained to expect things immediately. If I click the buy button, I want to see a confirmation number or a download start immediately, and so speed is very important in the process. And that provides a challenge, because fraudsters, what they try and do is mask themselves to look like legitimate folks making legitimate transactions, and yet, because we have to respond so quickly, we’ve got to be able to take information that we’re given and make a decision, literally in a fraction of a second, whether we think that’s a legitimate transaction or somebody trying to steal from us as a merchant online.
The second part of that is the requirement for data. In order to make that determination, we’ve got to have a lot of data, and when you do things online you leave lots of bread crumbs or fingerprints or whatever you want to call that. There’s a lot of information for us to look at, literally hundreds of pieces of data on every transaction that we want to look at, run through our machine learning and artificial intelligence and other algorithms, so that we can help the merchant determine whether that’s a real transaction or not. Again, that goes back to how much data can we get, how fast can we process it?
And then the last part of that is we’ve got to get the answer correct. I don’t know if you’ve had this experience, but I certainly have, where I get on a website or I use my phone, I put in all my data, and it declines me. I’m not a fraudster, but maybe something I did flagged a suspicion, and so the merchant, rather than taking any risk, just decides to cancel the order or decline my order. That’s what’s called a false positive. A transaction has been canceled, even though it was a legitimate transaction and everything on it was accurate and authenticated. And that can be very costly for merchants too.
So you get an idea of some of the challenges. I’ve got to have the right data, I’ve got to use it very quickly, and I’ve got to make the right decision, all within that fraction of a second, in order to grow my business and make sure customers are happy.

Satish KARRY: Yeah, and that brings me to the next question. Card not present is relatively prevalent today compared to a few years ago, and it’s growing at an alarming pace, and that also is a challenge. How secure is it or what are the challenges there, some of the challenges?

Don Bush: You’re right, it is growing at an alarming rate. I’ll give you some statistics. For 2017, e-commerce fraud grew at a rate of about 22% across the board globally. Some regions it grew much faster, some regions it was slightly slower. When you start looking at where the market is going into the mobile area, we see about 53% of transactions today are happening on a mobile device, and fraud on mobile devices in 2017 grew by more than 80%.
So it’s happening very quickly, and as you can see on the PowerPoint, some of the reasons are it’s really easy for fraudsters to get into business. There’s lots of tools. There’s lots of data, as you might imagine, rhe data breaches that we see in the newspaper every day, literally hundreds of millions. Last year, in 2017, 1.9 billion records were compromised across the world. So getting the data is easy, getting the tools to commit fraud is reasonably easy, so it’s a really low risk and high return for these folks that are inclined to do that.
And so combating fraud requires a multilayer approach. We want to put … Think of this as a prison. You don’t just put a gate there, you put a gate and a wall and concertina wire and electronic surveillance and lights and bells and alarms. It’s the same thing with card not present fraud or e-commerce, m-commerce fraud. You want to put a number of things in place that try to detect the probability of fraud early on so that you can protect yourself. It’s becoming much more challenging for online merchants than it ever has been, and much easier for the bad guys than it has been in the past.

Satish KARRY: Sure, and you alluded to one of the questions which I wanted to ask, which is what technologies can help us tackle fraud? I think you just started talking about it a little bit before, so I think I would like to get a lot more detail around that.

Don Bush: Sure. You know, one of the things that’s been in the industry over the last couple of years, has been hyped quite a bit, and that’s artificial intelligence and machine learning, and while that is a fantastic technology, it can do things that it would take humans literally years or decades to do with the amount of data that we have to sift through, and while it’s a great technology … Here at Kount we’ve been doing this for over a decade. It’s fantastic, but you’ve got to make sure that it’s being done properly, and that’s often … I’m the VP of Marketing, and sometimes we do a disservice by making things a marketing term and not explaining it fully to folks.
Artificial intelligence or machine learning, there’s many branches in this technology. Whether supervised or unsupervised machine learning, what it does is it takes enormous amounts of data, looks for trends, looks for anomalies, looks for clusters or linkages, and says, “Gosh, we’ve seen this particular, let’s say, payment device or mobile device or email address, we’ve seen it associated with these other things that are not good.” It raises the profile of whether we think that’s a fraudulent transaction or not. So it really is helpful. It can look through all kinds of data and help us out there.
Using that information, we create a score, let’s call it … it’s similar to what you would call a FICO score, your credit score. Each transaction has a rating, and that gives the merchant the idea whether that is a relatively safe transaction or a relatively risky transaction. It doesn’t mean they can’t accept the order, just like if I have a lousy credit score, it doesn’t mean I can’t get a car loan, just means there’s more risk involved in it. And we make them aware of what that is.
Then you’ve got the human intelligence, which I think sometimes is underrated. We talked about machines doing all this wonderful stuff, but every business is different. What I like to say is machines don’t run your business, humans do. They’re the ones that make business policy, business strategy, and what you want is your fraud system to mimic the policies that you have for your business. And if you can’t do that, then it makes it difficult to maintain a good user experience and customer satisfaction.
And then one that I don’t have listed here, and I don’t know why I didn’t do it, but it’s behavioral technologies that are really starting to push ahead now. We saw Apple with the thumb scanner come out and really popularize that type of thing. There’s voice recognition, retinal scanning. There’s now facial scanning. One of the ones that we think is really on the rise is called behavioral biometrics, and that is how does a customer interact with their device? So let’s take, for instance, your phone. If I were to watch you with your phone, I don’t know if you punch in a five- or six-digit code to open your phone or if you swipe your phone, how you hold your phone, how you speak into it, how hard you press it when you select an application. All those things are telling and are just as unique to the user as a fingerprint, and by looking at those biometric behaviors, we can tell a lot about is this really the person that has interacted with us before?
Let’s say you’re getting into your bank account. Your bank can look at that and say, “Gosh, by the way Satish accessed his phone and popped in his code and did all that, we know that’s him.” It’s a very, very difficult thing for fraudsters to mimic, and so it’s a great technology that’s really starting to come of age.

Satish KARRY: Sure. We’ve covered quite a few technologies here. We talked about artificial intelligence, machine learning, and you did talk about human intelligence, which is really an important component in finally what we get to do. And behavioral biometrics is taking off, as you said. So as we use all these technologies, and I’m sure Kount has helped a lot of organizations fight fraud, can you give us a specific example, which you can walk us through?

Don Bush: Sure. I’ll give you two really brief ones, and the easiest one is payment fraud. Let’s say you go to, you buy yourself a new printer with some toner, and you go to the checkout page and you pop in your payment credentials, whether you’re using a PayPal account or a credit card, and then, of course, you hit “buy”. What fraudsters try and do is gather that type of information, put it into the site, and try and get away from it. They want to look like you and me, and by stealing some of that information or buying it on the Dark Web, oftentimes they can mask who they are and make those transactions go through.
What Kount does is looks at all the information that is on that checkout page and other areas of the website that’s been interacted with, and we run that through our worldwide network, literally billions of transactions, and say, “Are there things in here that would concern us? Have we seen these transaction data elements in other areas?” And then we go back to Staples and we say, “We think this is a good transaction” or “a bad transaction.” And then they determine whether they would like that to go through or not.
Another one would be, let’s say that you have a 401(k) account. You’ve got an ID and a password to get in to take a look at your 401(k) account. What’s becoming more and more popular with the fraudsters around the world over the last couple of years, with all the data breaches and all the data that’s available, it’s much easier for them to find those IDs and passwords, or they’ll use malware, bots and Trojans and others, to try and record keystrokes. And they’ll say, “Gosh, every time Satish goes to, he types in this, hits tab and types in this. That’s very much like an ID and a password.” And then they’ll get into that account, and they can do all kinds of malicious things.
But even worse than that, I don’t know about you, but if you’re like me, I’ve got probably 20 online accounts. I’ve got a bank account, a savings account, a 401(k) account, my Delta account, my Marriott account, and the list goes on. I know that for security reasons, every 90 days I’m supposed to change my ID and password. Well, I’ve got at least 20 accounts. That would mean every year, I’m coming up with 80 different IDs and passwords. I don’t think I’m much different than you or other people. I don’t do that, and so if they can get into one of my accounts, they can probably get into multiple of my accounts, which makes that even more dramatic.
What Kount will do is, when they start to input information into log into account, we’ll do the same thing. We’ll look at all the data there and say, “Hey, this isn’t who they say they are. Don’t let them into that account.” Or ask them other security questions: what was your first pet’s name or where did you go to school? Those types of things to secure and authenticate that that really is the user you want getting into that account.

Satish KARRY: Oh, okay. Sounds very, very true, and it’s a real case scenario, so I think based on what you said, I understood a lot, at least I understand some basics of fighting fraud. So while we wrap up, I have one question, the last question. Please share a case study where Kount has helped manage fraud costs for a customer, a customer whom you have worked with and helped them save a lot when it comes to fraud.

Don Bush: Sure. There’s a game developer in the UK. They’re called Jagex, and they’ve got some really fun games, and their multiple player games and things like that. When we came to them … Let me explain what a chargeback is. When you don’t have sufficient funds in your account and you spend money, you get a fee, a bounced check fee or a insufficient funds fee. A chargeback is very much like that to a merchant. If you buy something and then you call your bank up … Excuse me, if a consumer buys something from, let’s go back to, and they call their bank and say, “Hey, that wasn’t me,” that’s considered a fraudulent transaction. It’s a chargeback to Staples, and what the bank does is, not only do they take the money out, but then they charge that chargeback fee. And so Staples loses the product, they lose the dollars they got, and they’re charged a fine. So fraud is really detrimental to them.
Jagex was having a fraud problem, and they had a high chargeback rate. When they put Kount in, that chargeback rate dropped to a fraction of what it was, because we were giving them better information, better insight into who was transacting with them, and sending fraudsters away. They were able to reduce what they call their rejection rate. Oftentimes when online merchants aren’t sure that it’s real, that’s that false positive rate, they’ll reject the order, and that costs them money.
With Jagex, they had a chargeback problem, they were rejecting a lot of orders and turning down memberships, because they couldn’t get the data that they needed to authenticate the user. And so with Kount, we lowered their fraud, which means their chargeback rate goes down. They were able to accept more good users, and they saw their membership conversion rate increase by about 3%. Now, that doesn’t sound like a lot, but take your annual revenue and add 3% to the bottom line, and that can be a lot.

Satish KARRY: That’s significant.

Don Bush: Yeah. So overall, when you look at Jagex, they saved hundreds of thousands of pounds by finding fraud, screening it, and allowing good customers in and keeping those fraudsters out. It was the turnaround of, in American dollars that could be a few million dollars. So it’s a big deal.

Satish KARRY: Sure, Thanks a lot for sharing information about Kount and Jagex, and really appreciate. Thanks a lot for being on the show, Don, and I will talk to you soon.

Don Bush: Thanks, Satish. You have a good day.

Don Bush

VP Marketing


Copyright @BioMetAuth.Com All Rights reserved
%d bloggers like this: