Over the past year, we have had countless discussions with financial institutions, retailers and payment service providers expressing their frustration over the limitations of existing fraud solutions to immediately identify front end attacks and card anomalies such as EMV fallbacks. They often struggle with high false positives and false negatives, advanced persistent threats (APT) that bypass the systems entirely and malware attacks that override fraud rules.
Most organizations have come to the realization that a layered defense strategy is the best way to go – a single point monitoring solution is no longer a viable option as they still run a risk of being compromised. With an independent, real-time, multi-point transaction monitoring platform, many FIs have found that it is a reliable, cost effective way to audit the end-to-end journey of every transaction from the network in real-time, while adding another layer of security around the payment switch.
By tapping into a rich source of transaction data, independently collected and correlated across the multiple links that make up the end-to-end transaction path, real-time rules-based alerts have been proven to detect fraud attacks that are often overlooked or missed entirely by traditional single-point monitoring solutions.
Examples of the top 10 fraud alerts that INETCO customers are currently using include:
- Missing back-end transaction links not being married to ISO front end links, identifying potential “man-in-the-middle” malware attacks
- Rise in transaction declines, unexpected EMV fallbacks, reversal rates
- Excessive transaction clearing or stand-in transactions by the payment switch
- Unexpected transaction anomalies and a rise in failed transaction rates
- Transaction status codes and response code errors that require investigation
- Suspicious repeat terminal usage
- Implausible transacting scenarios and terminals used in a coordinated ATM cash-out attack
- Cards reported stolen are used
- High withdrawal velocity or abnormal numbers of high-value transactions on a specified terminal
- Geographic distance between locations of back-to-back transactions on the same card that are not physically possible or likely
But this is not where real-time fraud detection stops. With adaptive machine learning capabilities, we can now get even more creative with our customers and explore new ways to harness the power of real-time transaction data.
On September 17th, INETCO Insight 7 was launched. Not only are a whole host of fraud alerts now available to all INETCO customers, but with new fraud specific machine learning and AI capabilities, INETCO solutions are now able to help our customers stay one step of ahead.
INETCO Insight 7 independently captures rich contextual information related to each payment transaction – straight off the network and in real-time – while remaining out of band so that no delays or points of failure are introduced. This data is continuously fed into a real-time rules engine and adaptive machine learning model that examines transactions in real-time, rebuilds individual customer models on the fly, and extracts behavioral patterns from past card transactions that signal potential fraud. Real-time transaction risk scoring on an individual customer basis is a game changing advancement from existing approaches that only rebuild customer models as part of a scheduled batch ETL (extract, transform and load) process.
The real-time transaction risk scoring model in INETCO Insight 7 is highly configurable and takes into consideration pre-defined transaction elements and anomalous behavior patterns such as card usage velocity, transaction amount thresholds and geolocation data. The result is improved precision of real-time risk scoring for financial institutions – when a consumer swipes their card, the transaction is tested against the customer model and, if the features match the fraud behavior profile, a real-time alert is triggered or an automated action can be taken that instructs the firewall to block the offending transaction(s). Fraud teams can immediately research flagged card profiles and take action to reduce false negatives and positives, saving banks money and easing customer frustration.
An example of where this adaptive machine learning algorithm will have an impact is when a card is compromised, and used in quick succession for fraudulent transactions. This could be done using a bot or the card could be printed multiple times and used across the globe. With INETCO Insight’s real-time risk scoring, these events would be flagged for immediate investigation – and action could be taken before the damage is done.
If you are interested in learning how a multi-layered defense strategy can help secure your systems and information assets, meet security expectations and defend against APTs – including ATM cash-outs and cybersecurity attacks, read our contribution in the latest issue of Payments Business Magazine on page 8 or sign up for a demo of INETCO Insight 7.