In the coming decade, single-click payments will pave the way for invisible and embedded transactional experiences. An increasing number of customers are already using payment apps where the transaction is executed in the background, and the nuts and the bolts are hardly visible. Juniper Research predicts invisible payments will account for US$78 billion in annual transactions by 2022.
Customers are not the only ones who have recognized the ease and convenience of digital channels. As transactions become more intelligent and adaptive, new digital channels (e.g., mobile, social), new products, and new business lines present a new set of risk vectors from fraudsters. The fraud threats are growing in sophistication and volume, magnifying the bottom-line importance of properly managing payments risk. At the same time, the imperative of minimal friction and zero false positives, driven by customer expectations, will only continue to increase. Card-not-present purchase, which includes purchases made using mobile devices, equalled 15.4% of all purchase volume worldwide in 2019. However, according to the Nilson Report, it was tied to 65% of all losses due to fraud in 2019. This is increasingly challenging for fraud executives to strike a fine balance between revenue opportunity and risk mitigation.
With invisible payments, authentication needs to be seamlessly baked in behind the scenes and become as frictionless as possible, while adding speed and convenience. Current authentication models are reliant on multi-factor authentication - wherein all transactions are stepped up for additional verification. In an environment where customers can program their devices to execute payment orders, such intrusive countermeasures are incongruent with the very concept of autonomous payments. Further in the current environment merchants have valuable data about the customer’s behaviour but currently have no way to share those insights to help inform the issuer’s authentication decisions. Intelligent authentication processes that leverage risk-based workflows can help strengthen fraud defences by transparently discerning good users from bad actors and providing a modern, streamlined user experience that aligns with customer expectations.
To achieve the promise of invisible payments, fraud investigators need to leverage advanced analytics and machine learning combined with new authentication protocols such as 3D Secure 2.2 to pre-emptively respond to escalating threats and complexities of today's payment environments.
FSS defines invisible authentication as a set of activities requiring:
- Collection and normalization of data real for real-time threat detection and compliance use cases
- Analysis of transaction patterns to build baseline profiles and detect fraudulent transaction
- Out-of-the-box trust scoring models
- Flexibility in relation to form factors
Intelligent, Risk Proportionate Authentication Models
In a rapidly expanding data-verse, issuers must understand who their customers are to counter fraud. This can be achieved via creating a “segment of one profile” and by building a unique understanding of the customers’ transactional and digital DNA. This could involve analysing multi-dimensional data sets spanning device, location, merchant, and cross-channel, cross-device transaction patterns aggregated from multiple sources to build a comprehensive view of risk. The intelligence around customer transaction activity can be used to determine the user’s buying schema — stores they frequently visit, times they shop, and channels, location, and devices through which they shop. As an example, if the customer watch executes a payment order, is the purchase near where the customer lives?
Real-time transactions are mapped to these rich baselines and assigned a trust score, which can help to easily detect patterns that are incongruent with customer transacting patterns. Only transactions that are truly suspicious are stepped up for manual authentication and low-risk transactions are automatically approved, thus increasing authorization rates, while also detecting fraud and ensuring friction is minimized to maintain a positive customer experience.
As embedded payments become pervasive, programmable rules to score transactions would increasingly be replaced by machine learning algorithms. Based on continual data feeds, these ML-based models self-learn and automatically adjust the trust score weightings to improve the tuning of fraud detection. The implementation of data-driven authentication decisioning is however not without its challenges. Out-of-the-box ML-based models require large data sets to train these modules for a nuanced assessment of whether the activity in question fits normative patterns. Getting real-time updated, transactional system information from core payment and banking platforms, as well as payment processing solutions, poses challenges. Hence the transition from rule-based to ML-based models needs to be carefully planned and potentially rule-based and algorithmic models could coexist in the initial deployment phase. ML-based models, additionally, need to be explicable. The days of closed risk scoring models for fraud management are over. The reasons for declining, stepping up or barring transactions need to be available in a human-readable language not only for auditing, and compliance but also for extensibility reasons.
FSS is working on new-age risk-based authentication models to design a solution that gives financial institutions better insights into possible fraud and false positives, which in turn helps approve more good payments and prevent fraudulent ones.