Payment Fraud and Cybersecurity Teams

Payment Fraud and Cybersecurity Teams

Speed up the detection of suspicious transaction behavior and strengthen your security monitoring to stop payment fraud before it impacts customer experience, reputation and the financial bottom line

Helping payment fraud and real-time cybersecurity monitoring teams increase fraud coverage and accurately detect suspicious transaction-level activity in milliseconds – without breaking the budget

The recent surge in digital transaction volumes has paralleled an increase in self-service and cybersecurity attacks which is forcing businesses to revisit their security monitoring strategies and cyber defenses. To win customer trust and minimize financial loss, you must take steps to reducing onerous false positives and make sure every transaction is secure. This means it is time to increase the speed, coverage and precision of payment fraud detection and prevention – across all channels.

The authentication or the decline of a payment transaction is often the defining factor of the end-customer experience. This is why there has never been a better time for payment fraud and cybersecurity teams to layer their omnichannel fraud detection and prevention strategies with INETCO Insight. Maintain the highest security standards, and avoid detection lag times. Leverage insightful, real-time data to improve the customer experience thanks to security threat monitoring.

How payment fraud and cybersecurity teams benefit from INETCO Insight

  • Monitor every link along every card-present and card-not-present transaction – from both a performance and fraud perspective – in real-time.
  • Decrease the operating costs and resource hours associated with harnessing payments data across disparate data stores, multiple schemas and different channels.
  • Increase fraud coverage to all self-service and digital channels, and reduce the number of legitimate customers accidentally blocked from accounts as a result of cyber attacks.
  • Identify transaction anomalies and compromised network components that would fly under the radar of individual security monitoring systems.
  • Reduce fraud prevention costs through streamlined workflows and faster analysis of flagged transaction activity.
  • Detect, investigate and block multi-vector fraud attacks, advanced persistent cyber threats, account takeovers and suspicious transactions as they are unfolding – not after the reputational and financial damage is done.

Use cases for payment fraud monitoring and cybersecurity defense

Real-time suspicious activity monitoring and cross-channel anomaly detection

Detect suspicious card-present and card-not-present payment transaction patterns, unauthorized card transactions, message tampering, card succession attacks, BOT related DDoS attacks, phishing and account takeover scams in milliseconds. Look for unusual foreign usage patterns, account to account transfers followed by withdrawals, and repeat usage by the same card, same customer ID, same terminal or in the same geography.

Payment outlier detection, card geography hopping, negative countries and blacklists

Configure rules-based alerts, supervised and unsupervised machine learning models to pick up on new event anomalies and suspicious behavioral patterns from past card transactions. These include high purchase ticket items, unexpected reversals, EMV fallbacks, erratic withdrawal patterns and stand-in modes, or repeat card usage by device or store. Identify distance-based card usage and potential cloning, where card transactions are taking place close in time, but too far apart geographically to be the same customer.

“man-in-the-middle” malware attacks

Independently audit the payment transaction journey to know when a front-end ISO transaction link is not married with a back-end database transaction link, but the transaction is being approved anyway. Missing back-end links are indicative of potential “man-in-the-middle” malware on a payment switch, a common scenario during cash-out attacks. INETCO Insight’s end-to-end transaction view allows you to see every step along the path of your transactions so that you can identify any network nodes with anomalous behavior to reduce cyber attacks.

Transaction reversal fraud, high velocity card usage and ATM cash-out attacks

Customize a real-time alert that marries transaction reversal data to hardware events such as ATM device sensor errors, thereby identifying transaction reversal fraud scenarios. Also flag high volumes of repeat card usage from on-us and foreign cards. Set alerts based on accumulated cash withdrawn within a specific time period to flag ATM terminals repeatedly used in a coordinated cash-out cyber attack. This allows for the identification of scenarios where one user is using a large number of stolen cards to extract cash.

Suspicious device fingerprint and IP geolocation changes

Flag suspicious device fingerprint and IP geolocation changes that correspond with high purchase velocity, larger than normal purchases, and repeat customer ID usage by mobile or online applications. Utilize the X-Forwarded-For HTTP header field for identifying the originating IP address of a mobile device. Identify transaction traffic by IP address to filter and block suspicious activity from specific self-service or mobile devices, applications or customer accounts.

Real-time transaction risk scoring and adaptive machine learning

Improve speed and precision of real-time risk scoring by rebuilding individual customer or card machine learning models every time an event occurs. Know that rebuilding customer risk models as an end of day process will not allow you to detect payment fraud or a cyber threat in real-time.

Internal fraud and message field tampering

Identify when amounts, status or other message fields contained in a payment transaction appear to have been altered. Also be on the lookout for new message fields that have been added or hidden. Monitor the entire payment transaction journey to know when a front-end ISO transaction link or back-end link is missing, as this could indicate a fraud attack from within your organization. Also detect transactions that stem within an organization, but have no associated payment request transaction

Blocking of offending card transactions and specific IP address traffic

Review transactions across pre-set criteria. Set up automated action scripts to surgically block offending card transactions at the network and application layer firewall level. Immediately research flagged individual profiles and take action to reduce false negatives and positives.

Fraud analytics and data forwarding

Utilize structured data dictionaries to help forward rich transaction intelligence to analytics tools, fraud applications and data lakes of choice. This includes message fields such as transaction type, amount, response codes, terminal IDs, card types, dates, transaction status and message types.

Case management and workflows for audit trails of every flagged transaction

Create a systematic process for tracking, evaluating and prioritizing flagged transactions. Logical workflow rules help streamline fraud investigations – with alert specifics, risk scores and suspicious transaction details linked directly to each task.

Real-time transaction profiling and reconstruction for faster research

Automatically construct a full profile for each transaction. Extract and assemble application payload messages, metadata, response/request timing and network communications information – across correlated transaction links – to speed up research, mean-time-to-detect and remediation efforts by ~80%. These are the data fields that the rules-based alerts engine and machine learning models will use to assess the validity of a transaction or to decipher threat intelligence.

Money laundering – When are unusually large withdrawals or deposits occurring?

Use fraud detection analytics to investigate unusually large deposits or withdrawals. Isolate when a specific ATM device, card or customer ID experiences higher than normal payment transaction values. Detect when high value payments are occurring using a higher-risk product service, such as a money order or bank draft in real-time.

BIN Trolling Attacks

View authorization volumes that are approved and declined in the same dashboard. Identify when decline rates spike, indicating the possibility of a BIN troll attack. Spot high volume usage patterns on virtual merchant terminals that indicate a merchant has been phished and their credentials are being used by fraudsters.