Billions of data-points from thousands of companies globally are crunched to create a digital fingerprint of users and a forensic understanding of money flows. And these shared insights are the strongest tool businesses can gain to protect against tightening regulation. Rob Woods, fraud expert at LexisNexis Risk Solutions, explains.
Catching fraudsters is getting harder. They are more sophisticated, armed with tools such as Gen AI, and lavishly financed by the spoils of their successful hits. UK Finance estimates last year alone £1.17bn was stolen via fraud. The founder of the Evil Corp hacker gang (yes, that is the name) in Russia drives a custom-made Lamborghini.
With the Payment Systems Regulator’s compulsory reimbursement rules looming over banks and PSPs, there’s a renewed incentive to get a firm grip on fraudulent payments entering and leaving their virtual walls.
The fight back begins with shared data combined with powerful machine learning. By examining a vast array of indicators covering customers’ every interaction with their device, apps and web browser, banks are able to predict fraud with a high level of accuracy, before it happens.
A key ingredient is behavioural analytics. Real-time user behaviour is tracked and compared against past behaviours considered normal for that individual. Crucially, these behaviours are largely unique to the individual, almost impossible to fake.
1. Phone Movement
Is the phone being held in a landscape or portrait position? What is the rotation or angle of the phone? Do the sensors match the situation?
2. Touchscreen Behaviour
How is the touchscreen used? How much pressure is being applied? What is the swipe speed and motion?
3. Keyboard Behaviour
How is a keyboard used? What is the typing cadence? Were any special keys pressed? Were any keyboard shortcuts taken?
A bank or e-commerce provider can monitor these factors and look for deviations from normal. Maybe the user types in a different way or clicks the mouse in a manner suggesting a bot is behind the movements.
But these indicators are just the start. Adding dozens more user interactions builds a digital fingerprint for each customer. What device are they using? If it’s the Apple iPhone they’ve used for five years the bank can trust it. But what if the user suddenly switches to a cheap Android? This could be a red flag, triggering an additional authentication via a code sent by text message. Are they using a Virtual Private Network (VPN)? Are they using private browsing, or wiping cookies? What time of day are they logging on? Are they cut and pasting into fields like forename that most users would type?
Every click, every device, and every transaction is logged and incorporated into the risk model. Banks can then discover patterns for suspicious behaviours which would be undetectable to the human eye.
Each time a fraud is perpetrated, the model gets another boost. Retrospective analytics can be run to see what the giveaways were.
Looking backwards helps banks to look forwards. Understanding how dirty money flows through the banking system and overlaying this with these other fraud indicators then adds another layer of protection.
For example, mule accounts are usually tested by fraudsters in advance of laundering money to ensure transactions are able to pass through. They’ll deposit a small amount, £1, for example. Then transactions will be sent and received of equal value. The behavioural analytics engine can spot this and flag the risk to the bank.
The model is nuanced. Users are given a trust score which moves up and down depending on the full gamut of factors.
The result? An automated fraud detection system, which lets valid users open accounts, login, make payments, and take out loans with unobtrusive security, but shines a spotlight on criminals. Every good customer’s footprint, as defined within ThreatMetrix, is a unique representation of their actions in the digital realm. In 2023 fraud in the UK dipped, as detection methods outpaced the thieves.
Our approach
There are many anti-fraud engines based on device intelligence and collaborative fraud modelling, but at LexisNexis Risk Solutions, we have the industry-leading solution.
ThreatMetrix is used by nine out of the ten largest UK banks, by the top 20 S&P 500 companies, and thousands of organisations in 200 countries. It is the most sophisticated approach in the world, by far. It’s part of the reason why we’re consistently named as a leader in fraud prevention by global analyst firms.
A major factor is our scale. Thousands of customers feeding data into ThreatMetrix globally means many billions of data points, crowdsourced and shared across borders and across industries.
The vessel for this crowdsourced data is the Digital Identity Network. Another world-first innovation, it shares information from thousands of participants across banking, gaming, retail and other industries. We create digital identities for consumers based on their online fingerprint – devices, habits, transaction patterns and so on. Collectively we crowdsource information on valid consumers and fraudsters, to distinguish between the two. Last year we logged 92 billion transactions for 4 billion email addresses. When a user arrives at a website run by a member of the Digital Identity Network their reputation – for better or worse – precedes them.
Does it work? Our case studies show just the impact our approach has on fraud.
Metro Bank wanted to combat mule accounts ahead of the forthcoming PSR reimbursement rules. LexisNexis Risk Solutions ThreatMetrix analysed all Metro Bank’s consumer behaviour and transactions data. We quickly identified the hallmarks of a mule account.
In six months at Metro Bank, our behavioural analytics platform identified £2.5 million of mule account payments, an uplift of 105 per cent. An additional one in eight of the accounts flagged as possible mules were investigated and confirmed. This initiative helped Metro Bank reduce first-party fraud by 44 per cent, with detection up 71 per cent.
The mission
The focus for anti-fraud technology is, as ever, to create a superior customer experience.
Behavioural analytics and real time transactional intelligence means consumers can be evaluated in a live environment. Genuine customers can be left to shop and bank without obstacles. A moving scorecard means less reliable actors can be flagged, given higher security requirements, or have access suspended, depending on their rating.
Complying with PDS2 is made easier. Banks are required to impose Strong Customer Authentication, composed of two factor authentication (2FA). With our approach the device itself can be reliably nominated as one of the two factors – a convenient time saver for genuine users.
Behavioural analytics is now mandatory for banks and other organisations who wish to combat fraud and improve the customer experience. Fortunately, installing a system such as ThreatMetrix is straightforward. A cloud system can be connected via an API to ingest any data within an organisation. Improvements in analytics are introduced regularly, with no input from the bank required.
It’s important to stress, human intelligence can be included in the mix too. Our data scientists work with banks to act on their feedback, fine-tuning the models to adapt to new fraud concepts. Thresholds for asking customers for additional authentication, for example, can be set by banks’ policy teams. Implementation is personalised for every organisation.
Fraud is an arms race. The perpetrators are constantly innovating and launching attacks on ever large scales. Behavioural analytics turns the tables. The more data the banks accumulate, the more accurate their detection.
Behavioural analytics is above all a customer-centric approach to crime, liberating genuine users from intrusive checks, and quarantining villains before they’ve even got started. It marks a turn in the tide in the war on fraud.
To find out more visit: LexisNexis® Risk Solutions ThreatMetrix®