Are you agile enough to take down a fraudster?
By Felix Eckhardt, CTO, and Piet Mahler, COO, RISK IDENT
Fighting fraud is a fast-paced business. Fraudsters are working 24/7 to exploit any weaknesses in merchants’ systems. To defend ourselves we need to innovate at the same pace.
At RISK IDENT we are focused on increasing the agility and speed of development in our software engineering, in order to meet this evolving threat.
Freedom beats fraud
Fraudsters do not operate within boundaries. Nor are they the masked criminals depicted in stock imagery across the world’s media. They are, however, professional entities, operating with one sole aim: to extract as much money from transactions as possible, in as quick a time as possible. To beat them, we also need to work towards a single goal and match their freedom to innovate.
We are 100% customer-centric and one of our core objectives is a time to market delivery in this approach. Not only in our core markets of ecommerce, telecoms and financial services, but in new markets we hope to expand into across Europe and North America in future.
To serve these markets with industry-leading fraud prevention, we will continue growing our software engineering team with bright minds that bring the right mindset and the right skillset to further develop innovative products for the industry. All of our engineers are problem solvers – their curiosity is something you can’t teach, but which is invaluable to anyone working with data and a constantly-evolving foe.
Scaling for future threats
We are inspired by the Spotify model that is widely admired across the tech development community, but of course apply our own version of it to suit our targets.
Our team has grown significantly to over 80 people, many of whom are focused on defining and refining our award-winning fraud solutions. Although we’re moving from start-up to scale-up, we need to retain and grow our agility so that we can accelerate our development to get products to market quicker.
We also aim to work under the OKR mindset, inspired by Intel and Google: Objectives and Key Results. In combination, this approach to our team structure will enable us to forge a shared commitment to achieving specific goals, which studies have shown help improve productivity and performance.
Simply speaking, we now create an ambitious yet achievable objective and our data scientists and software engineers have complete freedom in how they achieve these targets. Defining these targets is based on the experience and knowledge of RISK IDENT’s fraud experts, combined with regular, honest, unfiltered feedback from merchants on the challenges they’re facing.
“Fraud” is not always fraud
Fear of fraud can be just as damaging as fraud itself. False positives, where a retailer’s anti-fraud setup incorrectly determines that a genuine purchase attempt is fraud, costs the industry millions in lost revenue each year.
At RISK IDENT, we aim to accurately identify the genuine fraudsters through a number of techniques, including device identification through DEVICE IDENT, and by linking and analysing multiple data points using FRIDA. We incorporate machine-learning into our software so that each of our customers’ defences get stronger over time. It’s this approach that has made us an award-winning international fraud prevention company, staying one step ahead of the fraudsters.
Think like a fraudster
Benedict Cumberbatch is an inspiration to many of us at RISK IDENT; or more precisely, his world-famous on-screen portrayal of Sherlock Holmes. The English detective employs a mnemonic memory technique, known as his ‘Mind Palace’, where he stores each detail of every case, linking and carefully analysing each detail in order to deduce the true story behind the crime.
Visualising the potential steps of the criminal is crucial here. Fraud, for example, is never just a single transaction. Fraudsters do not simply target one victim, succeed and then retire. So, there is a whole journey here to identify their process and beat them to it with a trusted, reliable defence.
They are organised, even attending their own secret ‘conferences’ to share best practice, and they have a growing information pool at their fingertips with the advent of the dark web and repeated large-scale data breaches, such as those recently highlighted by Ticketmaster and British Airways.
If you are to understand and trace the actions of the perpetrator, you need to step into their shoes and think like them: what is their goal, what is their skillset, what is their mindset and what identifiers might they hide or accidently leave behind?
Apply this approach to fraud and you have a far more effective defence. We’re in a technology arms race, and knowing what the enemy is doing gives you an advantage in each battle. It’s equally important to learn from your mistakes (also a Sherlock Holmes trait). DEVICE IDENT acts as our information retriever, and FRIDA is our information determiner, enabling us to find the hidden thread that connects and confirms a case of fraud.
The future of fraud prevention
Fraudsters’ tactics change over time, as they aim to get through defences before they are noticed. But the industry we’re operating in is also changing, fast. Consider the last time you interacted with a loan provider, an online retailer, or even your cell phone company – it’s likely you did so online.
Our embrace of digital has put pressure on companies to deliver their products and services to us faster than ever before. Whether providing digital or physical goods, there is now an expectation for a quick and seamless payment experience, followed by near-instant dispatch of goods. This has significantly narrowed the window in which merchants can confirm whether a transaction may be fraudulent and prevent valuable goods coming into the possession of fraudsters. Too many delays and you risk the customer leaving and never coming back. It’s a balancing act.
So, we need to enable quicker fraud decisions and improve response times for active payments processing. Fraud managers cannot do so alone, but are a key part of the equation. Machine learning alone cannot function with the same specialist knowledge of the company fraud officer(s) either. But combine the two, and you have a winning formula.