The world of fraud is a constant back-and-forth struggle between the people who want to abuse users and platforms and the people who want to prevent that from happening. On the fraud fighting side, we use a combination of tools and software to help weed out fraudsters from among thousands or even millions of good users, which is no small feat.
However, finding the best combination of solutions is easier said than done. Incorporate too many different tools, and you run the risk of an inefficient fraud stack that doesn’t serve your business or your users the way it should. Incorporate too few, and the fraudsters may have a field day finding gaps in your security. With so many solutions available that can help defend your platform, it’s challenging to optimize your fraud prevention stack, but it’s definitely valuable work.
When it comes to deciding whether your fraud stack needs reevaluating or not, there are a few smoke signals to keep in mind.
Possibly the most obvious side effect of having too many fraud solutions in place is that monetarily speaking, it isn’t efficient. Every dollar that goes into fraud prevention is a dollar that could also have been spent in other areas, like product development or marketing. This isn’t to say that fraud prevention isn’t worth the investment, but that any money put towards fraud fighting has to be carefully considered for maximum effectiveness.
Fraud detection supports the bottom line by saving the company money that might’ve otherwise gone to enterprising fraudsters. You want the gap between what you spend on fraud prevention versus the earnings you might’ve lost if you didn’t spend it to be as large as possible. If you’re still seeing significant fraud losses despite having multiple solutions in place, it might be time for a deeper look to see where your stack can improve.
Most users have a threshold of friction they’re willing to tolerate before they decide a transaction isn’t worth it. The more solutions you have in place, the more challenges presented to users, and the more likely they are to cut their losses—or worse, switch to a different provider. In a webinar with About-Fraud, Anand Bajoria of Varo Bank mentioned that Gen Z in particular is quick to abandon transactions if there’s too much friction. Because switching banks is so easy in our digital age, they’re also more than happy to jump ship to a less friction-heavy bank while they’re at it.
Fighting fraud is all about managing the balance between user experience and security. When your fraud strategy is too heavy on challenge-based security, your user retention suffers for it. High onboarding or transaction abandonment rates might be the canary in the coal mine that you need solutions that are optimized for better risk assessment with fewer user input requirements.
The big benefit of in-house fraud solutions is that they’re infinitely customizable to your company’s specific needs. Unfortunately, their biggest drawback is that they require time, resources, and ongoing maintenance to stay effective, and the return may not be worth your investment.
Security that doesn’t compromise user experience is the balance that every fraud fighter wants to strike in their toolset. Optimizing your stack can bring you one step closer to finding the right equilibrium for your specific use cases.
Fraud prevention is an ongoing battle between fraudsters and fraud fighters—one side adapts a counter-strategy to the other, a counter to the counter develops, and so on. This cycle means that fraud, as a technological arena, innovates at a rapid pace. The fraud market of even a decade ago was a vastly different landscape than the one we have today, and that advanced pace is only getting faster from here. Reevaluating signals constantly is one smart way to stay ahead of the curve and ahead of the bad actors.
What promising new signals are emerging? What are competitors incorporating into their stacks, and how is it working for them? What new fraud challenges are you facing? Are your legacy signals holding up to the pressure of new use cases and fraud techniques?
Take location as an example. Location is an emerging risk and identity signal with amazing promise, but only when the right kind of location technology is used. Legacy location signals for fraud prevention like GPS and IP address alone aren’t enough to keep up with today’s fraudsters and their technological toolkits, which include GPS spoofing apps and VPNs.
But Incognia offers a more modern approach to location intelligence, fusing together a number of signals like GPS, Bluetooth, WiFi, and device intelligence to provide highly precise location while detecting location spoofing attempts. It’s clear in this example that not all location signals are created equally. In light of this, it’s wise to evaluate any location signals your stack leverages to see whether they’re still effective, and whether stronger intelligence is at your disposal.
The same logic applies to other types of signals as well. Device ID and device fingerprinting are another good example of this concept—being able to identify unique devices and tie them to discrete users is important, but legacy device fingerprinting isn’t as reliable as it used to be. Fortunately, there’s now a more modern method of device fingerprinting that layers device data with a signal like location to make it more resistant to spoofing and factory resetting.
Evaluating your fraud signals for effectiveness (or lack thereof) is a vital step in paring down your solutions to what works best for today’s threats, rather than yesterday’s.
Multi-layered approaches are a buzzing topic in the fraud prevention space. Like multiple layers of chainmail, the negative space in one solution is covered by the positive spaces in another. Multiple fraud prevention layers is a solid security approach, however it can also become a liability if the chosen solutions don’t mesh well together.
But robust multi-layered fraud prevention is still possible if you use an efficient, cost-effective approach. Consider solutions that kill two birds with one stone. For example, our solution at Incognia works well for assessing fraud risk in transactions and new signups, but our technology can also be used as a reliable authentication factor for returning users or a supporting signal for IDV using address verification.
The more companies can invest into “prevention,” the less they have to invest into “detection.” Putting an emphasis on risk assessment solutions at the top of the user journey can help you weed out a lot of fraudsters before it becomes necessary to invest more in bans, moderation, and account restoration.
Fraudsters are operating based on a cost-benefit analysis, just like your business. If joining a platform to commit fraud is too difficult or expensive, they’re likely to take their game elsewhere.
Not every industry will have the same fraud prevention needs, and neither will individual businesses within the same industry. Your fraud prevention tools should be tailored to the use cases your team specifically sees on your platform.
For example, a bank won’t have much trouble with promo and voucher abuse, but these issues are public enemy number one for many food and grocery delivery clients. At the same time, a peer-to-peer marketplace may not have KYC requirements to contend with, but a financial institution not doing proper KYC is a quick ticket to civil and legal penalties. Keeping your specific use cases in mind is a good way to stay on target when evaluating new solutions and signals.
The constant evolution of fraudulent activities means you need an equally dynamic approach to fraud prevention. It’s hard to strike the right balance between maintaining a great user experience and ensuring maximum security, but the way to finding this equilibrium lies in constantly re-evaluating the tools and signals you’re using, keeping your eye on emerging signals, and adopting multi-layered, efficient solutions.