GVX Consulting global - TECHNOLOGIES

Fraud Prevention Technology for Mobile & Online Payments

Mobile & Online Fraud Management

The mobile payments market is growing at an exponential rate, as consumers and merchants alike are adopting new financial, eCommerce and digital wallet payments methods. With mobile payments becoming mainstream, fraud continues to shift to the mobile channel, threatening this developing ecosystem. Banks, eCommerce and other payment providers are challenged to raise the security of their money transfer and payment solutions, while at the same time providing a smooth user experience and maintaining trust.

Our frictionless authentication and mobile fraud prevention solution protects the entire user-journey, detecting fraudulent transactions from app download to ongoing transactions, while seamlessly authenticating the legitimate customers. Our end-to-end (login to logout) mobile provides the customer with a smooth payment experience.

The Changing Mobile Fraud Landscape

As mobile use grows so does mobile fraud. New mobile payment solutions are reaching the market offering more value to consumers, in the form of in-store and mobile payments, P2P money transfers and mobile wallets. Mobile payment providers, card issuers and merchants are challenged to secure their applications and payment channels against three main attack MOs: transaction fraud, new account fraud and account takeover fraud (ATO). 

New Account Fraud

Is often referred to as the use of a fake or stolen identity data to open a new account. Fraudsters have become experts at stealing personal identities and using them for mobile fraud. Whether fraudsters use someone’s true identity, or bits and pieces of real data to create a synthetic identity, the goal is always to defraud by creating a new online account.

Account Takeover

Is commonly identified as the stealing of credentials and accessing an account previously set up by a legitimate user. The attack vector is common as follows: starting with a user ID and password data stolen from an online service. The stolen credentials are then sold on an underground market and used to automatically scan target sites and mobile APIs. Along the way, the perpetrators collect validated accounts, which can later be used to commit mobile fraud. ​

Transaction Fraud

Occurs when a stolen payment card or data is used to generate an unauthorized transaction. The move to real-time transactions is causing significant security challenges for banks, merchants and issuers alike. Quicker transaction times increase the chances of fraudulent transactions going undetected.

Historically banks, eCommerce and digital wallet providers have been pursuing the mitigation of these types of fraud, while absorbing losses written off as a cost of doing business. However, as fraudsters become more sophisticated and the cost of fraud continues to increase, this sense of urgency too is changing.

Our Fraud Detection and Authentication Solution

Our mobile fraud detection and frictionless authentication solution is a combination of a lightweight SDK, and a powerful, analytics-based backend risk engine. Using multiple and unique data-gathering intelligence sets, our solution can decisively identify fraud/no-fraud transactions in milliseconds. 

Our Six Intelligence Sets to Authenticate Customers and Determine Fraud

By integrating, correlating and analyzing six separate fraud intelligence sets, we can determine, with high probability, whether a mobile-based transaction is legitimate or fraudulent. We look at several data layers including user behaviour, user device, a user transaction, and bot activity. This is used to weave an identity representation of the mobile user, providing a score that indicates the risk level of the transaction. Our unique mobile fraud methodology consists of multiple intelligence sets including App Insights, Bio Markers, Activity Map, User Space, Device DNA, and Transaction View. 

Device DNA

Various attributes observed on the device can contribute to the detection of fraudulent behavior and to the derivation of a device ID. Device model, screen, memory, UUID, OS, IP, geolocation, emulation, rooting/jailbreaking and more are observed. Device DNA analysis is especially helpful in hard-to-analyze scenarios like new account origination, where there is no established history for the user/account. The mixture of hardware characteristics and device settings are used to generate a unique fingerprint for each device. This fingerprint enables identifying legitimate users and serial fraud attacks.

User Space

Intelligent, privacy preserving analysis of the User’s Space on the mobile device, provides valuable insights into fraudulent activities. It allows distinguishing between a legitimate user returning from a new device, and an account takeover attempt. Indicators related to media, contacts and call logs activity are also examples of fraudulent environments.

Bio Markers

Our technology observes bio markers to passively identify fraud activity. Common bio markers that we observe include touch time, time between touches, size of touch inputs, finger velocity, scrolling pace and drag length, typing biometrics and more. A combination of all the Bio Markers factors create, over time, a dependable bio profile for the user.

App Insights

As data becomes available to our technology by means of the application, it’s utilized for the purpose of validating the identity of the user. This is performed by cross-referencing it with internal and external data sources.

Transaction View

We employ propriety transaction behavioral maps. The Behavioral Maps represent the purchasing patterns/behavior of a specific customer and are created using our proprietary machine learning algorithms. A Behavioral Map shows a clear, high resolution picture of the different risk zones, and is a key factor in determining the risk of a specific transaction.

Activity Map

Our technology looks at how the user interacts with the mobile application, to determine if the interactions are consistent with the legitimate user. For example, if a user navigates directly to a high-ticket item and immediately proceeds to check-out, then that suggests something fraudulent might be happening.

The behavioral map has the following  key characteristics:

  • User specific: each map is unique, calculated and maintained on a per-  user basis, therefore representing a transaction risk level for each  customer’s transaction.
  • Lightweight: Resolution variations enable maintaining only the  necessary data, reducing the map’s weight to a bare minimum.
  • Dynamic: As the purchase behavior changes, the map will be modified.

Our behavioural maps

Fraud Identified at Every Stage of the User's Journey

The mobile transaction user’s journey is the process that a typical user takes when conducting  a transaction. The course of action includes the following steps:

App Launch (Stage 1)

Once the App has been downloaded and launched, we immediately begins to work  scrutinizing the user’s space and device DNA. Basic attributes, that would characterize a stolen  device or swapped SIM, are investigated. We flag the potential threat from the  moment the app has been initially launched.

Onboarding/Registration (Stage 2)

After the users have launched the app, they proceed to onboard and register to the specific  service/offering. At the Onboarding/registration stage, Device DNA, User Space and  Activity Map work in-concert to provide insights that determine a fraud/no-fraud activity.

New Card Enrollment/Bank Account (Stage 3)

In the New Card Enrollment stage, we refer to the Activity Map, App Insights and Bio  Markers intelligence sets to distinguish a dubious transaction from a legitimate payment. The  Anti-Bot detection mechanism is triggered as well to negate any non-human activity. It’s the  combined attributes of the sets that provide a reliable risk assessment.

On-going Transactions (Stage 4)

Once the users are completely onboard and enrolled, we employs the full arsenal of  intelligence sets, including transaction View and generates a respective risk score.

Summary

Our unique mobile detection and prevention approach integrates and correlates multi-  intelligence data sets to determine fraudulent behavior from the app launch stage, to on-going  transactions. Without impacting and imposing on the user, we run in the background to  seamlessly stop real-time fraud in its tracks. Our ability to provide ongoing and  continuous data-analysis, ensures that step-up escalation occurs only when fraud seems very  likely. In the event of a true-fraud, real-time alert is triggered, and the application can decline  the transaction.

Utilizing machine learning technology, our data intelligence sets run in-the-cloud,  making transaction frictionless and secure for customers, merchants, payment service  providers and banks.

© Copyright GVX Consulting Global Ltd 2020