Matthias Valcke

Finding the best fraud detection and prevention solution for your organization can be challenging. Requirements from internal stakeholders and vendor fact sheets can give an overwhelming impression that your solution needs to have it all and then some. In reality, your choice should simply tick all the boxes on your must-have list and cover your business use cases. It should contain most of the necessary features out-of-the-box, to minimize the need for time- and resource-consuming customizations.

What should a fraud monitoring tool include to be able to meet your needs? To start, an ideal solution should be able to identify and respond to a wide array of fraud scenarios, both industry-known and specific to your organization. However, it’s also essential for the tool to be able to react to unknown and perhaps surprising fraud occurrences. It should provide a versatile mix of features to collect and analyze the data, draw correct conclusions, take actions based on results, and finally produce comprehensive reports. It should be able to integrate in your existing ecosystem and, at some point, this tool should become something your fraud team cannot imagine living without.

Clearly, that’s a tall order for fraud detection software. Not every fraud detection solution on the market lives up to this standard, so it is crucial that organizations do their research and find a tool that can provide comprehensive fraud monitoring.

To help you evaluate the key requirements, our Buyer’s Guide to Evaluating Fraud Detection Tools explains the top nine capabilities that a fraud monitoring tool must provide in order to meet the needs of modern financial institutions. Here’s a preview with four of the top nine capabilities we recommend evaluating.

Key Functions of a Fraud Detection Tool

1. Detect a wider range of fraud by combining machine learning with an advanced rule engine.

An advanced rule engine with a proper set of rules will filter out the fraudulent events meeting specific criteria. For example, the rule engine will catch transactions whose time, place or amount values deviate from a normal scenario. It can also help with detecting more sophisticated cases, like phishing attacks or transactions to mule accounts. Think about it as a system of filters that blocks transfers, allows them down the pipeline or alerts the system to step-up authentication.

But your solution should not rely solely on rules. A rule-based system can no longer keep up with fraud attacks that evolve in complexity, speed and automation. Rule libraries keep on expanding, which puts pressure on the system, slows operations and increases the false positives rate. In order to provide ultimate capabilities to combat a wide array of fraud attempts without affecting the processing speed, think of a combination of rules with machine learning algorithms.

Machine learning lives up to the hype. With the capability to analyze an incredible amount and variety of data, it is an indispensable element of your fraud detection mix. It can easily extract value from data with little human input.

Choose a machine learning solution that implements different algorithms and, with support from your vendor’s experts, pick the best algorithm for your situation. Look for a machine learning implementation that will provide insights into the analysis process as well as evidence about why a transaction was declined or accepted.

2. Prevent fraud out-of-the-box.

You should expect your anti-fraud tool to be able to detect fraud right from the start. Make sure it supports your business continuity requirements and, as such, ensures a smooth transition from the existing fraud processes. You cannot afford any freeze in your anti-fraud and risk analytics efforts, so it’s important to find a solution that will provide a sufficient level of protection out-of-the-box, from day one. A turnkey package should be available for you to analyze transactions through a combination of a rule engine and machine learning. Both should work on deployment even without reference data.

Of course, while out-of-the-box is a good start, the solution should be flexible enough to customize it to your own needs and data.

3. Apply a dynamic approach to your authentication flows.

The fraud monitoring framework should be able to integrate with existing and future multi-factor authentication options. It should constantly evaluate the risk of a particular event and, based on this evaluation, orchestrate the authentication flow. It should dynamically trigger the most suitable authentication method for a given situation, according to its risk level. For example, if a certain transaction is evaluated as suspicious, due to unusual timing, location of the user, or significantly larger amount than before, your solution should be able to step up the authentication criteria instead of simply rejecting the transaction or putting it on hold for manual review.

4. Be prepared for the challenges specific to the mobile channel and explore the full potential of data.

The mobile channel brings additional challenges that distinguish it from the standard internet banking experience. Your fraud monitoring solution should recognize these distinctions.

Monitoring of the mobile channel needs to take into account, among others, diversity of devices, operating systems or the fact of no control over what else is installed on these devices. Without recognizing the specifics of the mobile channel, the tool may not collect all the data points and therefore draw incorrect conclusions. Because mobile phones in general provide much richer context and enable more advanced analysis, leveraging the broader context of the mobile channel is essential for fighting mobile fraud.

Your fraud monitoring framework must provide analysis based on a wide array of data collected from your users’ devices. This data can include for example device health, detecting, among others, if the device has been jailbroken or if there has been any suspicious activity. Insight can also be provided for authentication and biometrics, for example face recognition score or PIN strength. General device information is another example from a wide array of mobile-specific intelligence, and can include the version of the operating system, device model, etc.

But these data points are only valuable if they are valid. This means that you should make sure that both the data collection and the transfer between the mobile device and the server are safe. A secure communication channel independent from other existing communication protocols will ensure that the device security status can be trusted upon arriving to your fraud monitoring system.

Additional Key Requirements for Your Evaluation

The ultimate goal of an anti-fraud framework is to stop criminal activities while streamlining the legitimate ones. Simple tools are no longer enough. Fraud keeps evolving simply because it has a huge profit potential for criminals, therefore your anti-fraud weapons must evolve as well.

Download the Buyer’s Guide to Evaluating Fraud Detection Tools to get the top nine requirements for a modern, effective fraud solution – from machine learning to the ability to orchestrate the authentication flows.

  • 4

Leave a Comment