Payment fraud remains pervasive, but initiatives to prevent it in new ways continue to show up on the radar screen.
Here’s a recent example. Visa has, for some time, made it a practice to examine incidents of fraud in tandem with the affected merchants and banks, looking into how these incidents happened as well as assessing the extent of the damage and what can be learned from it. However, Visa has decided to take preventive measures to the next level by pursuing online fraudsters to prevent them from striking again. It is also working with law enforcement agencies to quantify potential losses and, if feasible, help out with threat mitigation.
In a presentation at the recent #PayThink conference, Penny Lane, vice president of payment fraud disruption in Visa’s global risk group, said it engages in looking for digital fingerprints and following attackers. She noted that in one instance, Visa located the actual buildings where fraudsters were operating. The practice of following cybercriminals is not new, but is reportedly unique because it is now a common practice for the card network, rather than a one-time endeavor. Clearly, Visa sees that it cannot effectively mitigate online fraud unless perpetrators are identified before they have a chance to pinpoint additional victims.
Meanwhile, exemplifying processors’ efforts to take preventive measures on the former side, there is First Data’s FirstSense, which the company is promoting as a comprehensive solution that integrates threat intelligence with its fraud detection and transaction authorization engine to identify payment cards at risk throughout the fraud lifecycle, before they (and cardholders) fall prey to the dark web. The latter is said to be growing at an annual rate of nearly 40 percent and to be approaching a $100 billion industry, with fraudsters that are driving that growth becoming ever more sophisticated and successful in their attacks. Adding fuel to the fire, some threats in this realm originate in regions that lack enforcement and/or in which illicit activity is actually government-sponsored.
According to First Data, FirstSense harnesses a variety of proprietary data collection methods and advanced analytical tools to identify at-risk accounts. Integrated with the company’s DefenseEdge™ fraud-decisioning solution, it lets financial institutions use indicators of risk exposure to create rules and strategies, in turn yielding them the ability to prevent potential fraudulent transactions in real time. Such seamless integration is being positioned as setting FirstSense apart from stand-alone threat intelligence solutions.
Earlier this year, the FirstSense team was acknowledged by federal law enforcement for providing key intelligence related to two national breaches that led to arrests of leaders of the FIN7 cybercriminal group, also known as the Carbanak Group. To date, FirstSense has been first to notify compromised merchants of breaches affecting approximately 17.5 million payment cards.
There is no reason why Visa’s approach, as well as that of FirstSense, will not prove effective in combating online financial and payment fraud. Other industry constituents need to take note and follow suit, and potential end-users must consider pushing for and, where appropriate, adopting them.