What's it? Fraud-translated from English means "fraud". Antifraud is a system that tracks illegal actions and blocks them. They are most often used to secure financial transactions, such as payment confirmation via a text message code.
How do they work? A well-configured anti-fraud tool does not slow down the transaction process. At the same time, while the money transfer goes from point "A" to point "B", the security system checks dozens of parameters: IP address, fingerpoint, amount and number of transactions, and much more.
The article explains:
Antifraud (from the English anti-fraud —letters. "anti-fraud" is a system used by financial institutions to check suspicious transactions.
A set of measures to protect against fraudulent transactions is called fraud monitoring. Antifraud blocks the execution of operations that arouse suspicion. Verification takes place in real time.
Let's explain with an example. Let's say the user didn't install antivirus software and started visiting all sorts of suspicious sites. Naturally, the computer picked up a banking Trojan.
An unsuspecting user enters the marketplace and makes a purchase. The virus reads bank card data and transmits it to its owners, who spend all the money on their own needs. If the anti-fraud system is activated, then theft can be prevented, since fraudsters simply will not be able to use the stolen data.
The following example. You, being the owner of an online store, announce a special offer: 50 % discount on the first purchase. A clever fraudster immediately creates a lot of accounts and pays for goods with one-time cards. And you suffer losses instead of the expected profit. Antifraud has not only the function of evaluating bank card data, but also analyzing consumer behavioral responses.
Antifraud contains solutions that will protect everyone:
There are many filters available: country that issued the card; digital fingerprint; transaction geography; transaction history, stop lists, and validators.
There are two options for anti-fraud training: under human control (IT analytics) and automatic, in which the system itself finds fraud and signals anomalies.
Researchers estimate that credit and financial institutions have invested about $ 217 billion in the development and application of artificial intelligence in order to obtain effective anti-fraud systems of the bank.
Speed is a very important criterion, because transactional antifraud is an intermediate link in the chain of posting payments and transfers.
Therefore, the speed of anti-fraud work is a key factor. The second most important criterion is ease of setup.
The system itself is not too complicated. Here are a few parameters it analyzes:
It is not entirely correct to evaluate antifraud by the "bad-good" criterion. The fact is that a lot depends on the correct configuration. And if the system does not meet expectations, then probably incorrect rules were written, some options were incorrectly used, etc.
Optimal system performance is very important for your business. And not because such a bank with an inadequately functioning anti-fraud system will soon run out of customers. The banking system operates as a single well-established mechanism. And if an excessive amount of Chargeback is recorded in any of the individual links, then after numerous checks, it will simply be disconnected from the payment system.
This is exactly the right approach. Conducting transactions with other people's financial resources imposes additional security responsibilities. If you are not able to do this, you should look for another job.
Therefore, either the bank works with a well-established anti-fraud system, or it does not work at all in the market.
The UKassa system has many options. Verification is carried out at lightning speed, and suspicious transactions are blocked. Who uses this aggregator:
SCASSA customers can use the anti-fraud service for free. If you install it separately from the service, you will need to pay a certain amount depending on the volume of traffic processed.
For example, if you run a firewall on a tunnel, the system does not recognize open ports. And if you put an anonymizer in front of the dedicated server, the ping will not show whether the IP address belongs to the provider from the stop list. Moreover, when the user first visits several dozen random sites, opens over 100500 images on google. In this case, his behavior will not cause any suspicion.
Funds are transferred from cards that fraudsters have gained access to in small portions – this is how the anti-fraud vigilance is lulled. Thus, you can steal quite impressive amounts.
Often, fraudsters make direct contact with potential victims, posing as a bank security officer and get the information they need.
For a more successful fight against fraudsters, anti-fraud systems are constantly being improved.
It should be remembered that circumventing antifraud is a criminal offense. 159.3 "Fraud with the use of payment cards", which provides for a fine of 120 thousand rubles, up to 4 months in prison or up to 2 years of probation, up to 2 years of forced or correctional labor.
How do they work? A well-configured anti-fraud tool does not slow down the transaction process. At the same time, while the money transfer goes from point "A" to point "B", the security system checks dozens of parameters: IP address, fingerpoint, amount and number of transactions, and much more.
The article explains:
- Antifraud Description
- How the antifraud system works
- Criteria for a good antifraud
- Popular antifraud systems
- How scammers circumvent antifraud
Antifraud Description
Probably, each of us has confirmed a purchase online by entering a code from a text message. This is how we prove our authenticity. This process is called two-factor authentication.Antifraud (from the English anti-fraud —letters. "anti-fraud" is a system used by financial institutions to check suspicious transactions.
A set of measures to protect against fraudulent transactions is called fraud monitoring. Antifraud blocks the execution of operations that arouse suspicion. Verification takes place in real time.
Let's explain with an example. Let's say the user didn't install antivirus software and started visiting all sorts of suspicious sites. Naturally, the computer picked up a banking Trojan.
An unsuspecting user enters the marketplace and makes a purchase. The virus reads bank card data and transmits it to its owners, who spend all the money on their own needs. If the anti-fraud system is activated, then theft can be prevented, since fraudsters simply will not be able to use the stolen data.
The following example. You, being the owner of an online store, announce a special offer: 50 % discount on the first purchase. A clever fraudster immediately creates a lot of accounts and pays for goods with one-time cards. And you suffer losses instead of the expected profit. Antifraud has not only the function of evaluating bank card data, but also analyzing consumer behavioral responses.
Antifraud contains solutions that will protect everyone:
- consumers-from theft of funds from a bank account;
- sellers-from fraudulent manipulations with bonuses, and from tedious proceedings with buyers whose cards were paid by intruders;
- fraudsters-from committing illegal acts.
How the antifraud system works
Let's take a closer look at what antifraud means. Imagine this situation: an attacker managed to get hold of the data of other people's bank cards, and he is in a hurry to spend money in an online store. It seems that the algorithm of actions is quite simple: he needs to create several accounts and make a payment from each card. In this case, both cardholders and marketplace owners will be affected.Initial validation and filters
Based on the rules of the antifraud algorithm, initial filtering takes place, which focuses attention on:- number of operations per unit of time;
- amount of payment or transfer;
- number of holders of one card;
- limit on the purchase of goods;
- the number of bank cards that a single customer can use to pay for purchases within a certain period of time.
There are many filters available: country that issued the card; digital fingerprint; transaction geography; transaction history, stop lists, and validators.
Using machine Learning
Since antifraud is a whole set of programs, their algorithm is systematically adjusted and updated. To do this, use Machine Learning. Artificial intelligence (AI) generates behavioral scenarios (patterns) of users and, using clustering algorithms, predicts the most likely amount that a given customer will spend on a purchase.There are two options for anti-fraud training: under human control (IT analytics) and automatic, in which the system itself finds fraud and signals anomalies.
Researchers estimate that credit and financial institutions have invested about $ 217 billion in the development and application of artificial intelligence in order to obtain effective anti-fraud systems of the bank.
Final check: placemarks
Filtered transactions receive the following tags from the system:- Green — "approved", no fraud detected. For example, when a customer makes utility payments, they transfer approximately the same amount at the same time. If the system detects an anomaly in the behavior – a sharp increase in transactions and their volume, it will run additional checks and change the color of the label.
- Yellow — "revision required", the probability of fraud is increased. Suspicious behavior causes additional checks. Possible situations: frequent transactions of small amounts from one account to a number of others; periodic debiting of funds in small portions. It is likely that the reason is the store owner's decision to count purchases separately, and there is nothing wrong, but the system responds and enables additional checks: confirmation of identity with a text message code or a fingerprint. You may also need to involve an operator to find out why.
- Red — "alarm", unusual behavioral reactions of the client. For example, a user may set a transfer limit of 70 thousand rubles, and suddenly a transaction of 1.5 million rubles is attempted. Alternatively, a customer from Germany uses a Russian card to pay for purchases in Finland. In such cases, the decision to block it is made by the anti-fraud analyst.The amount frozen by antifraud will be available to the client after the verification measures are completed. The Bank will send you a text message with instructions on what actions to take. Depending on the banking app's functionality, additional identification may be required.
Criteria for a good antifraud
Decent antifraud has the following qualities::- Intuitive interface for writing rules.
- Use a special language to create these rules.
- High speed of operation.
Speed is a very important criterion, because transactional antifraud is an intermediate link in the chain of posting payments and transfers.
Bypass
As you know, time is money. Therefore, many businessmen often sacrifice security for speed. If the session anti-fraud service suddenly thinks too much about analyzing the client's behavior, then its warnings are ignored, and transactions are carried out at its own risk.Minimizing threats
More responsible businessmen understand the importance of using antifraud. If it is triggered, they honestly suspend financial transactions and conduct risk analysis.Therefore, the speed of anti-fraud work is a key factor. The second most important criterion is ease of setup.
The system itself is not too complicated. Here are a few parameters it analyzes:
- IP.
- A fingerprint.
- Bank's BIN.
- Merchant account.
- Bank card token.
It is not entirely correct to evaluate antifraud by the "bad-good" criterion. The fact is that a lot depends on the correct configuration. And if the system does not meet expectations, then probably incorrect rules were written, some options were incorrectly used, etc.
Optimal system performance is very important for your business. And not because such a bank with an inadequately functioning anti-fraud system will soon run out of customers. The banking system operates as a single well-established mechanism. And if an excessive amount of Chargeback is recorded in any of the individual links, then after numerous checks, it will simply be disconnected from the payment system.
This is exactly the right approach. Conducting transactions with other people's financial resources imposes additional security responsibilities. If you are not able to do this, you should look for another job.
Therefore, either the bank works with a well-established anti-fraud system, or it does not work at all in the market.
Popular antifraud systems
Antifraud - the UKassa system
One of the most popular anti-fraud systems in Russia. The aggregator uses Machine Learning. The system supports 14 options for making online payments. Antifraud works with legal entities, individual entrepreneurs, and the self-employed.The UKassa system has many options. Verification is carried out at lightning speed, and suspicious transactions are blocked. Who uses this aggregator:
- Marketplaces. The fight against unscrupulous bonus users is being implemented;
- Game servers. Reliable protection against account hacking.
- Payment systems. The built-in 3-D Secure technology checks customers for fraud.
- Banks and credit institutions. Provides threat and risk assessment.
- Yandex users. Yandex.Direct. Effective fraud filter to ensure high-quality advertising traffic.
SCASSA customers can use the anti-fraud service for free. If you install it separately from the service, you will need to pay a certain amount depending on the volume of traffic processed.
Antifraud - JuicyScore system
JuicyScore is an example of a session antifraud that has a wide range of authentication technologies. Most commonly used:- online stores verify transactions and identify suspicious accounts;
- in the field of finance, it detects threats and risks of theft of personal data of the customer base;
- in the insurance industry, it identifies potentially dangerous clients at the registration stage;
- in trading, it helps to identify scammers who are trying to log in to the system;
- in the travel business, it provides effective protection against hacking of personal accounts in order to steal bonuses;
- in online games, it signals about cheaters and attempts to hack accounts.
Antifraud - Payler system
This service specializes in providing acquiring services with adaptive antifraud. Basic functionality:- Tracking the dynamics of transactions. Making a decision based on the degree of threat: either offers additional authentication or blocks the payment.
- The response time to the solution is 300 milliseconds.
- High degree of performance – relative error of only 0.1%.
- Work efficiency — 99.9%.
- The ability to increase the conversion rate to successful payments by 17%.
How scammers circumvent antifraud
Experienced scammers who use stolen payment details to make their purchases in online stores can bypass the protection of even such leaders as MasterCard, Visa, eBay, AliExpress, etc. They have quite ingenious schemes in their arsenal that allow them to mimic completely reliable transactions.For example, if you run a firewall on a tunnel, the system does not recognize open ports. And if you put an anonymizer in front of the dedicated server, the ping will not show whether the IP address belongs to the provider from the stop list. Moreover, when the user first visits several dozen random sites, opens over 100500 images on google. In this case, his behavior will not cause any suspicion.
Funds are transferred from cards that fraudsters have gained access to in small portions – this is how the anti-fraud vigilance is lulled. Thus, you can steal quite impressive amounts.
Often, fraudsters make direct contact with potential victims, posing as a bank security officer and get the information they need.
For a more successful fight against fraudsters, anti-fraud systems are constantly being improved.
It should be remembered that circumventing antifraud is a criminal offense. 159.3 "Fraud with the use of payment cards", which provides for a fine of 120 thousand rubles, up to 4 months in prison or up to 2 years of probation, up to 2 years of forced or correctional labor.