In a world where anyone has access to technology, businesses need to learn how to anticipate fraud.

Earlier this year, there has been a lot of articles for tips on how to do online transactions securely. The idea being that cybercriminals are a lot more innovative and technologically capable to commit crime like stealing identities or finance records. But while we work to at securing our personal information, have we ever wondered how online businesses secure theirs?

Technology has made it easier for fraud to happen and for cybercriminals to attack professional businesses. In fact, in a survey by ACI Worldwide, nearly a third of consumers globally experienced card fraud in the past 5 years, with 17 per cent reporting to experiencing it multiple times.

Just recently, the Malaysian government investigated a massive data breach that affected 46 million mobile phone users across all of the country’s mobile service providers. Said data was put up for sale before being taken down – the personal information in the data is extensive enough to allow criminals to create fraudulent identities to make online purchases.

Also read: Why you need to talk to your team about data security

According to Justin Lie, Founder and CEO of fraud prevention solutions provider CashShield, increasing availability of the internet and the lowering of barriers for anyone to access anything means that anyone can access too much. “Even teenagers can get access to different software and information online and start attacking businesses.”

Lie’s first experience with fraud was when he was a teenager, juggling school and running his own online shop. “I received an order worth US$500. A week later, the bank calls and says it was purchased by a stolen credit card and we need to reverse the payment.”

“Within the e-commerce space, especially, we realised that payments were no longer safe,” Lie said. And for businesses who simply rely on information that are submitted online, it gets tricky trying to determine if they are dealing with a real or fake customer.

While Lie worked on websites created for his business, he researched into behaviours of fraudsters and developed algorithms to protect his sites. As he validated the effectiveness of the algorithm in his own websites, he realised that he could bring the technology to other larger companies. That was how CashShield started.

Protecting businesses

While there have been an increasing number of payment providers offering consumers access to secure online payment facilities, these provide no protection for businesses.

“We have been around for quite a long time – since 1997 – and we have seen how the payment providers have evolved over time,” Lie said. “If you look clearly at the mandate of payment service providers, their business is focussed only on processing payment. Fraud is not really the core of their business, although it’s starting to haunt them.”

Payment providers would always side with the consumer. Oftentimes, when consumers would report that the information used to make payments were stolen, payment reversals are made and taken out of the expense of the business; it does not matter if the business has already delivered the service or not.

There is also the fact that there are some information – such as user online behaviour and habits – that payment providers do not process but that is what fraud prevention solutions are built for.

Also read: In Tweets, Singapore makes cybersecurity push

“How CashShield works is that we add a layer of defence,” Lie explains. “Let’s say a user goes to Razer website. They click Pay before entering their credit card or PayPal details. Once they click the button, CashShield is activated. All the information that we can get beyond what the user keys in – for example, how they surf around the website until they reach the payment stage – we use to these to compute [probability of fraud] within 0.1 second.”

Behind the computation, there are millions of data points being crunched that would ultimately lead to CashShield either saying Yes – the user can proceed with the payment – or No – the transaction is classified as fraud and will not be processed.

“Immediately we know things like whether or not you are using a phone or a computer. [If you are] Using a phone, we have information about how you swipe – are you a left swiper or a right swiper – how fast you type, how long are intervals between each typing or key stroke, what is the pressure point on the screen, or how close your face is to the phone when you are typing,” Lie says.

Information such as computer screen resolutions, language settings, and programs within the computer can also be gathered by fraud prevention providers, which they then use to profile behaviour to prevent fraud – something that payment solutions either do not have access to or do not process.

This is why companies should consider an added layer of protection to their payment facilities and not rely on the ones from the payment providers.

Technology versus technology

CashShield, in particular, uses machine learning to prevent fraud. Their algorithm processes a huge amount of data to determine which transactions are possibly fraudulent, as well as analyses data trends and usage patterns to predict potential risks based on data evolution.

But when it’s technology (businesses) versus technology (the fraudsters), winning depends on who moves faster.
“It’s a cat and mouse kind of scenario,” said Lie. “When you move within technology, it really depends on who anticipates each other’s move earlier.”

Also read: In video, driverless cars and how technology challenges our morality

It helps that companies are now conscious about fraud and preventing it. “Being able to partner closely with enterprises, being able to use their data, and having access to their facilities to gather more data to process became our edge over the hackers.”

A few years ago, using machine learning for fraud prevention was a very new idea. Some companies do have human risks analysts to do data analytics, but Lie found that pitching to these companies was very difficult. “They know that there is risk, they just don’t see why they have to use machine learning when they have a whole team of risk analysts.”

But since hackers are using machines to commit fraud, businesses have caught up and opened to the idea of using technology to prevent them.

Moving to account-based transactions

“One of the biggest trend we see is the shift from online payments, credit card payments to account based payments,” Lie said.

This can be seen in companies like Tencent and Grab who are building an ecosystem within their facilities, allowing users to do so many things with their account – from sending messages to making payments to booking rides to opening accounts in other platforms.

And this trend is showing up everywhere in the world, not just in Asia.

“What this means is that rather than just using stolen credit card payments to buy online, hackers are shifting to attacking accounts online,” Lie said. “Accounts are now valued more than a stolen credit card because it can be abused in many ways that can make you lose even more monetary value.”

This is why companies have to be alert, because even as they move against cybercriminals, those cybercriminals are also leveraging on technology and building their own machines to one-up businesses.

“When businesses adapt technology, cybercriminals also do,” Lie said. “Companies need to watch out for that.”

–
CashShield is an SG:D accredited global online fraud risk management company headquartered in Singapore, that helps enterprises detect and prevent online fraud. They have recently opened an office in Silicon Valley, and has offices in Shanghai, Berlin, and Jakarta. They are looking to strengthen their foothold in the United States and China – the two countries with high e-commerce activities.

CashShield has and is currently securing billions in Gross Merchandise Value for small and large enterprises including Razer, Alibaba, T Mobile, and Vodafone

–
Disclosure: this article was produced by the e27 content marketing team, sponsored by Accreditation@SGD. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the position of Accreditation@SGD.
Featured image credit: vska / 123RF Stock Photo

The post The race for innovation is on, as businesses and cybercriminals try to get ahead of each other appeared first on e27.