Why “Point-In-Time” Solutions Are Losing The Battle Against Sophisticated Fraud

By Alisdair Faulkner, CEO at Darwinium

Cybersecurity and fraud teams have been locked in a technology arms race with their adversaries for years. Once again, they are on the back foot. Over two-thirds (68%) of businesses face the challenge of fraudsters adapting faster than their current tooling according to our latest research. The stats speak for themselves. US consumers reporting losing nearly $6bn to scammers in 2021 alone, a 70% increase on the previous year. The real cost to businesses will be many times higher.

It’s time for change. Legacy fraud and risk solutions rely on incomplete, siloed intelligence extracted from “point-in-time” interactions. They’re inflexible, unwieldy, slow to deploy and update, and add needless customer friction—which can end up costing businesses more than potential fraud losses. Organizations need a better way: risk-based journey orchestration that works seamlessly across the entire customer journey for better-informed decision making.

Deep fakes and adversarial AI: an armory of innovation

There’s no doubt the offensive team holds much of the advantage today. Fraudsters are leveraging the latest tools and techniques to emulate devices and mimic user behavior, disrupt risk models through adversarial AI, and automate attacks by testing millions of stolen identities in seconds. They use stolen and synthetic data to open new credit accounts, hijack existing accounts for payment and personal info. They deploy highly convincing techniques like social engineering to trick users into handing over data and money, and use stolen card details to make fraudulent payments.

According to one estimate, new account fraud (NAF) in the US surged 109% between 2020 and 2021, account takeover (ATO) increased 90% and credit card scams rose 69%. Another predicts that payment card fraud losses alone will exceed $343bn globally between 2023 and 2027.

The problem with point-in-time: the risk of digital snapshots

The challenge for fraud teams faced with this onslaught is that they’re mainly working with first- or second-generation tools which exacerbate existing operational silos between security and fraud divisions. In short, attacks span the entire user journey, from browsing and new account creation to logins, payments and more. Yet security and fraud teams lack full visibility and context. Security analysts might have insight across all traffic, but without the full context of customer behavior further downstream. And fraud teams have full business context but only make risk assessments based on single, point-in-time digital interactions. Put simply, attacks happen across the journey so why is prevention technology currently point in time?

For fraud and risk specialists, this disjointed approach plays right to their opponents’ strengths. Fraudsters masquerade as real customers in ever more complex attacks across a business’s digital touchpoints, safe in the knowledge that risk decision engines will not be able to join the dots between user information silos to flag suspicious behavior. Even worse, these legacy systems require significant integration effort and a high level of front and back-end development resource. And they often create extra customer friction, leading to cart abandonment and churn.

Why understanding risk is a continuous journey

Rather than adopting this point-in-time approach, fraud teams need a way to continuously scrutinize the digital journey of their customers from before they even land on a site to the second they leave it.

How would this work in practice? The smartest move would be to install these risk-based orchestration capabilities at the content delivery network (CDN) layer, residing on the network edge. This way businesses could risk assess all digital traffic from the perimeter edge, rather than via individual API calls on certain pages of their website. This delivers several advantages around latency, security and privacy. Data is processed within existing infrastructure; reducing risk and better protecting customer experience.

Making sense of complex data

Once a continuous view of a customer journey has been established, how can businesses best aggregate this complex and extensive data to make effective and quick risk decisions? One of the challenges of current fraud solutions is that their risk assessments rely on the aggregation of multiple rules based on digital identity data and user behavior across multiple individual interactions. For some organizations, these rules can run into the hundreds and thousands, which means making a risk decision is both complex and lengthy. Alongside this, there is an industry movement towards simplicity in systems due to lengthy, adhoc and often complicated decisioning processes which can fail during times of employee churn and talent shortages.

Businesses need a simple way of aggregating complex data over time so that they can compare an existing action, or user journey, against previous patterns, but without overcomplicating this with multiple, extensive lists of rules.

Creating ways of aggregating data across devices, locations, behaviors and user journey behavior would allow risk assessments to be made based on patterns, or signatures, rather than binary rules.

This is particularly powerful across user journey behaviors. For example, businesses could track similar journey signatures for something like Account Takeover, linking particular credential testing and bot attacks with downstream attacks on a user accounts, or fraudulent credit card payments.

Trusted behavior patterns can essentially be “cohort-modelled” to reduce the number of legitimate customers that are stepped up, even if they’re new to a business and the system hasn’t had time to baseline them. Further, any anomalies can be spotted at multiple stages of a digital interaction and interventions made in real time, on a per-user basis. It all makes for a more seamless customer experience while keeping fraud losses and chargebacks to a minimum.

Eliminating the siloes that fraudsters exploit

By understanding the context of the entire user journey and harnessing aggregated digital “signatures” to simplify risk decisions, organizations can start to join together every step of a user’s digital journey, removing the siloes that fraudsters play in and better separating good and bad intent.

And as part of this approach, real time intervention is key. Businesses want to block high-risk behavior before it impacts either their customers or their bottom line. They can’t afford to wait for the next release cycle or resource availability. Seeing high-risk behavior and either stopping a transaction dead, or sending it for further review, reduces both risk and the opportunity for fraudsters to pivot to a new vulnerability. In this way, they can enhance the user experience by making sure their best customers are recognized and rewarded with digital experiences they deserve.

About the Author

Alisdair Faulkner is the CEO and Co-Founder of Darwinium, a pioneering customer protection platform that holistically assesses every digital interaction to identify bad behavior, in real time. The Darwinium team has a combined experience of over 200 years managing fraud and risk for some of the world’s largest banks, ecommerce platforms and fintech providers.

Prior to building Darwinium, Alisdair co-founded, built and scaled ThreatMetrix, the world’s leading Digital Identity company which he sold in 2018 for $830 million. Alisdair created the Digital Identity category, grew recurring revenues from $0-100M USD, resulting in a billion-dollar acquisition by a FTSE 100 company.

Before ThreatMetrix, Alisdair was a founder and head of products and business development for NetPriva, a leading network performance software provider, acquired by Expand Networks now Riverbed.

He is now a noted industry expert in issues relating to online fraud, cybercrime, identity theft, information security and networking technology.

Alisdair can be reached via the company website at https://www.darwinium.com/.