Tech: The Latest Weapons Against Online Fraud

Source: Matthew Parsons @ TTG Digital, 17th April 2013

(Note: The following item has been re-produced with kind permission of TTG, the original article can be found on their website here)

Online facial recognition tools such as Facebanx are the latest weapon in the fight against fraud. By Matthew Parsons

Card fraud is big business. As an industry, its turnover is in the millions. Although 46% of global credit fraud occurred in the US in 2011, according to data from Frost & Sullivan, European fraud is gaining pace. In 2011, the bill came to €1.3 million – a rise of 4.3% on 2010.

And in February, Abta issued a new warning, following fresh caution from the Financial Fraud Action UK and the American Society of Travel Agents.So how are travel agents affected? In Europe, more than half of the fraud comes under “card not present”. This involves the theft of genuine card details that are then used to make a purchase online or by phone. It’s a major bugbear for agents – who are liable for a chargeback, where the transaction they initially receive payment for is later rejected by the cardholder or issuer, and debited back to them.

FacebanxFortunately, new tools are developed to help reduce the risks. One such tool, Facebanx, launched at the Fraud Conference 2013, which took place at the end of last month. It is an online facial recognition tool that uses a video stream to check a person’s identity.The software makes use of any device’s in-built camera, and checks shadows, capturing several images, and waiting for movements.

The facial algorithm technology was developed over 12 months by German technology company Cognitec and is “pretty damn accurate”, according to Facebanx founder Matthew Silverstone, who claimed it could be the “holy grail” in the fight against identity fraud.

“Fraudsters can do anything with a bank number, or a phone number. They ask themselves, ‘what’s the easiest way?’ But if they see a face on the account, it’s no longer a soft target. They’ll then look elsewhere. The more faces there are, the smaller the pool they have to operate in.”

He adds the tools would be particularly relevant to online travel agents – to stop people using stolen credit card details and then ask for a refund into a separate bank.

The issue remains, however, for Silverstone to ensure there is “critical mass”, with a general acceptance from the public that it is OK to have your face uploaded to a database. Yet with Google poised to launch similar tools – in September last year it patented “Login to a computing device based on facial recognition” – this may come sooner than later.

Facebanx uses a video stream to check a person’s identity

Fighting Fakes

Silverstone also believes Facebanx could apply to review websites. For example, TripAdvisor has been criticised over fake reviews, and he says this product could put an end to this, asking every third reviewer, for example, to provide a face.

“Technology has caught up with the idea. Big brother is here, but for the good reasons, not bad reasons – it’s not about pushing products to people, it’s about stopping fraud.”
Meanwhile, Fraud Consulting director Darren Hodder, who previously worked at Lloyds Banking Group and Experian, said at the conference that chargebacks were still the number one issue for agents, especially where margins are tight: “Each individual chargeback can be very painful”. Yet he added that airlines were also feeling the pinch. “According to the CyberSource 2011 Airline Fraud Report, airlines lost 0.9% of website revenue due to fraud with full fare operators being harder hit (at 1.2%) compared to no-frills airlines (at 0.4%),” he said.

“In recent years there has been a general downward trend in incidences of fraud across all types of online business. However, recent statistics point towards an upturn. This could be indicative of a greater number of merchants operating online with insufficient fraud controls, or that organised fraudsters are becoming more sophisticated,” he added.

As conference organiser Paul Lucraft said: “Fraudsters will attack through the weakest links, they will seek to obtain information about genuine customers through any channel. Fraud seeks out the lowest common denominator and finds the easiest way through the controls.” The challenge for agents is to make sure they are not part of the weakest link.

New online tools to help protect against fraud:

Fraud Consulting director Darren Hodder recommends these tools to help your business:

  • Sharing intelligence is a great way to reduce fraud. This can be a sensitive topic in the travel industry but there are options whereby no PII (personally identifiable information) is shared. Device identification and reputation solutions such as that offered by Iovation allows online merchants to spot activity from suspect devices (smartphones, tablets, laptops, any internet-connected devices).
  • In modern-day online processing we are faced with challenges around “big data” and information overload. Sometimes it can be difficult to spot issues if we are not able to make sense of all the information available to us and turn this data into actionable intelligence. Organisations such as BusinessForensics are able to process vast quantities of data in real time and provide useful visualisations which can assist in complex cases where there are many connections and relationships.
  • The challenge is to reduce manual reviews as far as possible while minimising fraud. By making clever use of social media networks it is possible to not only improve the customer experience by pre-populating data fields, but you can also obtain a social fingerprint and trust score. This is made possible via this Cork-based start-up.

Inside job?

As banks’ regulatory requirements become tighter, there’s greater pressure on agents to get their own houses in order. The Security Standards Council’s Payment Card Industry Data Security Standard (PCI DSS) comprises a minimum set of requirements for protecting cardholder data – and applies to any organisation that is involved with payment card processing.

However, many agencies and call centres are unwittingly failing to comply. Simon Beeching, director at Syntec, warned many were non-PCI DSS compliant when it came to taking card payments by phone. Agents should not be taking card details over the phone unless in a “clean” environment, according to the Security Standards Council, meaning no pens, stationery or other media should be present that could allow staff to note customers’ details.

The merchant providers themselves are under pressure to show their acquiring banks they are compliant – and can hold the agency or call centre responsible, should staff commit card fraud.

Beeching said Syntec’s new CardEasy tool allows an agency’s customers to enter their card details mid-call, with the customer being diverted to a separate service, where they enter the details using the phone’s keypad. This removes call centre staff – as well as homeworkers – from the scope of PCI DSS audits.