Antifraud: how the system stops fraudsters

Lord777

Professional
Messages
2,578
Reaction score
1,520
Points
113
What's it? Fraud-translated from English means "fraud". Antifraud is a system that tracks illegal actions and blocks them. They are most often used to secure financial transactions, such as payment confirmation via a text message code.

How do they work? A well-configured anti-fraud tool does not slow down the transaction process. At the same time, while the money transfer goes from point "A" to point "B", the security system checks dozens of parameters: IP address, fingerpoint, amount and number of transactions, and much more.

The article explains:
  1. Antifraud Description
  2. How the antifraud system works
  3. Criteria for a good antifraud
  4. Popular antifraud systems
  5. How scammers circumvent antifraud

Antifraud Description​

Probably, each of us has confirmed a purchase online by entering a code from a text message. This is how we prove our authenticity. This process is called two-factor authentication.

Antifraud (from the English anti-fraud —letters. "anti-fraud" is a system used by financial institutions to check suspicious transactions.

A set of measures to protect against fraudulent transactions is called fraud monitoring. Antifraud blocks the execution of operations that arouse suspicion. Verification takes place in real time.

Let's explain with an example. Let's say the user didn't install antivirus software and started visiting all sorts of suspicious sites. Naturally, the computer picked up a banking Trojan.

An unsuspecting user enters the marketplace and makes a purchase. The virus reads bank card data and transmits it to its owners, who spend all the money on their own needs. If the anti-fraud system is activated, then theft can be prevented, since fraudsters simply will not be able to use the stolen data.

The following example. You, being the owner of an online store, announce a special offer: 50 % discount on the first purchase. A clever fraudster immediately creates a lot of accounts and pays for goods with one-time cards. And you suffer losses instead of the expected profit. Antifraud has not only the function of evaluating bank card data, but also analyzing consumer behavioral responses.

Antifraud contains solutions that will protect everyone:
  • consumers-from theft of funds from a bank account;
  • sellers-from fraudulent manipulations with bonuses, and from tedious proceedings with buyers whose cards were paid by intruders;
  • fraudsters-from committing illegal acts.
Anti-fraud is not limited to monitoring online payments. There are systems that counteract other threats. For example, they recognize fake leads and ad clicks. Anti-fraud technology in Yandex. Yandex.Direct filters out different types of fraud.

How the antifraud system works​

Let's take a closer look at what antifraud means. Imagine this situation: an attacker managed to get hold of the data of other people's bank cards, and he is in a hurry to spend money in an online store. It seems that the algorithm of actions is quite simple: he needs to create several accounts and make a payment from each card. In this case, both cardholders and marketplace owners will be affected.

Initial validation and filters​

Based on the rules of the antifraud algorithm, initial filtering takes place, which focuses attention on:
  • number of operations per unit of time;
  • amount of payment or transfer;
  • number of holders of one card;
  • limit on the purchase of goods;
  • the number of bank cards that a single customer can use to pay for purchases within a certain period of time.
Even if the buyer uses multiple IP addresses or presents a card whose origin does not coincide with the country of residence, the monitoring system recognizes suspicious behavior. However, anti-fraud will not block the transfer or payment, but will subject the transaction to verification at other levels.

There are many filters available: country that issued the card; digital fingerprint; transaction geography; transaction history, stop lists, and validators.

Using machine Learning​

Since antifraud is a whole set of programs, their algorithm is systematically adjusted and updated. To do this, use Machine Learning. Artificial intelligence (AI) generates behavioral scenarios (patterns) of users and, using clustering algorithms, predicts the most likely amount that a given customer will spend on a purchase.

There are two options for anti-fraud training: under human control (IT analytics) and automatic, in which the system itself finds fraud and signals anomalies.

Researchers estimate that credit and financial institutions have invested about $ 217 billion in the development and application of artificial intelligence in order to obtain effective anti-fraud systems of the bank.

Final check: placemarks​

Filtered transactions receive the following tags from the system:
  • Green — "approved", no fraud detected. For example, when a customer makes utility payments, they transfer approximately the same amount at the same time. If the system detects an anomaly in the behavior – a sharp increase in transactions and their volume, it will run additional checks and change the color of the label.
  • Yellow — "revision required", the probability of fraud is increased. Suspicious behavior causes additional checks. Possible situations: frequent transactions of small amounts from one account to a number of others; periodic debiting of funds in small portions. It is likely that the reason is the store owner's decision to count purchases separately, and there is nothing wrong, but the system responds and enables additional checks: confirmation of identity with a text message code or a fingerprint. You may also need to involve an operator to find out why.
  • Red — "alarm", unusual behavioral reactions of the client. For example, a user may set a transfer limit of 70 thousand rubles, and suddenly a transaction of 1.5 million rubles is attempted. Alternatively, a customer from Germany uses a Russian card to pay for purchases in Finland. In such cases, the decision to block it is made by the anti-fraud analyst.The amount frozen by antifraud will be available to the client after the verification measures are completed. The Bank will send you a text message with instructions on what actions to take. Depending on the banking app's functionality, additional identification may be required.

Criteria for a good antifraud​

Decent antifraud has the following qualities::
  • Intuitive interface for writing rules.
  • Use a special language to create these rules.
  • High speed of operation.

Speed is a very important criterion, because transactional antifraud is an intermediate link in the chain of posting payments and transfers.

Bypass​

As you know, time is money. Therefore, many businessmen often sacrifice security for speed. If the session anti-fraud service suddenly thinks too much about analyzing the client's behavior, then its warnings are ignored, and transactions are carried out at its own risk.

Minimizing threats​

More responsible businessmen understand the importance of using antifraud. If it is triggered, they honestly suspend financial transactions and conduct risk analysis.

Therefore, the speed of anti-fraud work is a key factor. The second most important criterion is ease of setup.

The system itself is not too complicated. Here are a few parameters it analyzes:
  • IP.
  • A fingerprint.
  • Bank's BIN.
  • Merchant account.
  • Bank card token.
Let's say you need to track the activity of the owner of a particular card in the payment flow, or look at the operations of a particular fingerprint. Such information can be useful for a businessman.

It is not entirely correct to evaluate antifraud by the "bad-good" criterion. The fact is that a lot depends on the correct configuration. And if the system does not meet expectations, then probably incorrect rules were written, some options were incorrectly used, etc.
Optimal system performance is very important for your business. And not because such a bank with an inadequately functioning anti-fraud system will soon run out of customers. The banking system operates as a single well-established mechanism. And if an excessive amount of Chargeback is recorded in any of the individual links, then after numerous checks, it will simply be disconnected from the payment system.

This is exactly the right approach. Conducting transactions with other people's financial resources imposes additional security responsibilities. If you are not able to do this, you should look for another job.

Therefore, either the bank works with a well-established anti-fraud system, or it does not work at all in the market.

Popular antifraud systems​

Antifraud - the UKassa system​

One of the most popular anti-fraud systems in Russia. The aggregator uses Machine Learning. The system supports 14 options for making online payments. Antifraud works with legal entities, individual entrepreneurs, and the self-employed.

The UKassa system has many options. Verification is carried out at lightning speed, and suspicious transactions are blocked. Who uses this aggregator:
  • Marketplaces. The fight against unscrupulous bonus users is being implemented;
  • Game servers. Reliable protection against account hacking.
  • Payment systems. The built-in 3-D Secure technology checks customers for fraud.
  • Banks and credit institutions. Provides threat and risk assessment.
  • Yandex users. Yandex.Direct. Effective fraud filter to ensure high-quality advertising traffic.
Reliable clients use a simplified procedure for making payments and transfers. This increases your audience and increases your loyalty.
SCASSA customers can use the anti-fraud service for free. If you install it separately from the service, you will need to pay a certain amount depending on the volume of traffic processed.

Antifraud - JuicyScore system​

JuicyScore is an example of a session antifraud that has a wide range of authentication technologies. Most commonly used:
  • online stores verify transactions and identify suspicious accounts;
  • in the field of finance, it detects threats and risks of theft of personal data of the customer base;
  • in the insurance industry, it identifies potentially dangerous clients at the registration stage;
  • in trading, it helps to identify scammers who are trying to log in to the system;
  • in the travel business, it provides effective protection against hacking of personal accounts in order to steal bonuses;
  • in online games, it signals about cheaters and attempts to hack accounts.
The complex is distributed on the principle of Shareware. Activation and operation during the trial period does not require payment, and the further cost depends on the volume and frequency of operations. It will take about 8 hours to install, launch, and configure antifraud.

Antifraud - Payler system​

This service specializes in providing acquiring services with adaptive antifraud. Basic functionality:
  • Tracking the dynamics of transactions. Making a decision based on the degree of threat: either offers additional authentication or blocks the payment.
  • The response time to the solution is 300 milliseconds.
  • High degree of performance – relative error of only 0.1%.
  • Work efficiency — 99.9%.
  • The ability to increase the conversion rate to successful payments by 17%.
To connect the system, you must sign a contract. Antifraud has a flexible and simple setup, and will be fully operational in a day. The cost of the service depends on the scope of application and payment method. If the client uses the CONTACT system and their monthly turnover is less than 500 thousand rubles, the commission for each transaction will be 5 %.

How scammers circumvent antifraud​

Experienced scammers who use stolen payment details to make their purchases in online stores can bypass the protection of even such leaders as MasterCard, Visa, eBay, AliExpress, etc. They have quite ingenious schemes in their arsenal that allow them to mimic completely reliable transactions.

For example, if you run a firewall on a tunnel, the system does not recognize open ports. And if you put an anonymizer in front of the dedicated server, the ping will not show whether the IP address belongs to the provider from the stop list. Moreover, when the user first visits several dozen random sites, opens over 100500 images on google. In this case, his behavior will not cause any suspicion.

Funds are transferred from cards that fraudsters have gained access to in small portions – this is how the anti-fraud vigilance is lulled. Thus, you can steal quite impressive amounts.

Often, fraudsters make direct contact with potential victims, posing as a bank security officer and get the information they need.
For a more successful fight against fraudsters, anti-fraud systems are constantly being improved.

It should be remembered that circumventing antifraud is a criminal offense. 159.3 "Fraud with the use of payment cards", which provides for a fine of 120 thousand rubles, up to 4 months in prison or up to 2 years of probation, up to 2 years of forced or correctional labor.
 
TABLE OF CONTENTS
1. Antifraud: what is it?
2. How antifraud verification works
3. Antifraud vulnerability
4. Basic safety rules

In the period from April to June 2021, fraudsters stole ₽3 billion from customers of Russian banks — 1.5 times more than a year earlier. Criminal operations are countered by an anti-fraud system. How does it work?

1.Antifraud: what is it?
When paying for a purchase online, you probably had to enter a code from a text message to confirm that it was you who was using your card, and not an attacker who was stealing your funds.

This is an example of how anti-fraud works — from the English anti-fraud — fight against fraud) - a set of measures aimed at preventing fraudulent transactions.

Anti-fraud refers to automated programs that evaluate banking or online transactions according to certain criteria. If any of the transactions do not correspond to them, a more thorough check is carried out, after which a decision is made to allow or block the operation.

Anti-fraud systems are used to protect any money transactions, including online, and are used by banks, large stores, and payment systems (Visa, MasterCard, PayPal). Since 2003-2004, the use of such systems has become mandatory all over the world.

Anti-fraud is necessary to prevent attempts to use personal information for personal gain. Your data may be compromised as a result of several types of fraud:
  • hacker attacks or viruses that enter your computer via spam;
  • vishing, when attackers call a random person and introduce themselves as "bank N employees" with a request to provide bank card details;
  • phishing, if scammers copy the official websites of companies and "sell" services there;
  • skimming, when card data is copied through special devices installed on ATMs.

2. How antifraud verification works
Consider an example of a fairly common fraud. The fraudster wanted to buy products for the promotion in the online store and use the data of stolen bank cards for this purpose. It seems simple: they need to create multiple accounts and pay for purchases once with each bank card. As a result, both real cardholders and business owners may suffer damages.

Initial validation and filters
However, the rules of anti-fraud algorithms will prevent this, since they will be used for an initial check, where they will be taken into account:
  • number of transactions per time unit;
  • amount of a one-time payment or transfer;
  • number of users on a single bank card;
  • limit on the volume of purchases;
  • the number of cards that a single user can use to make purchases over a certain period of time.

Even if the user conducts transactions from several IP addresses at once or is actually located in a different country than the one where the card was issued, the system recognizes this and signals an anomaly. However, this is not a reason to block the payment: the transaction will go through several more stages of verification.

In addition to IP addresses, filters such as the digital fingerprint, the country of the issuer and the correspondence of data about where the card was issued and where the payment came from, as well as the transaction history and the presence of rejected transactions are also taken into account.

Applying machine Learning
Keep in mind that the anti-fraud system is a constantly configurable and updated algorithm that starts working better if you adjust it. For this purpose, machine learning is used: artificial intelligence (AI) forms templates (scenarios) based on historical data about user behavior in order to make future forecasts.

Training of the system can take place both under the supervision of a specialist (anti-fraud analyst) and independently, when the system independently detects fraud and signals unusual situations.

According to experts, for 2021, banks spent more than $217 billion on implementing AI for fraud prevention and risk assessment.

Final check: placemarks
After checking with filters, the system sets labels for each operation:

Green — "approved", fraud is unlikely. For example, when a user pays for utilities on a monthly basis, and transactions are made for approximately the same amount. In this case, no additional checks are required, and a tenfold increase in the transaction size could cause a different label.
Yellow — "verification required", there is a possibility of fraud. This label can occur when small amounts of the same amount are transferred from one account to several other accounts. Or there is a repeated withdrawal of such amounts from the account — just the online store decided to count each purchase separately. Then you may need the operator's help to determine the reasons for transactions, or the payment system will ask you to confirm your identity with a text message code or a fingerprint on the mobile phone screen.
Red — "risk of fraud" when the user's actions are atypical. For example, a client cashes out ₽1.5 million, while his usual limit was no more than ₽70 thousand per month. Or when a user from Italy uses a card issued in Russia to pay for purchases in a French online store. The final decision — whether to block the transaction or take other actions-is made by the anti — fraud analyst. The bank has the right to block the card: the client will receive an SMS notification with instructions on what information and when to send it to confirm the legality of their actions. Or, if the banking app contains such a service, you will have to go through additional identification, for example, look at the phone's camera to recognize your appearance, and only then complete the transaction.

3. Antifraud vulnerability
Since banks introduced new security measures — contactless payments and a multi-factor authentication system (SMS alerts, push notifications, special questions and fingerprints)-the number of opportunities for fraud should have significantly decreased.

However, in 2020, the number of IT offenses increased by 73.4%, among which phishing and scam were the most popular. In the second quarter of 2021, mainly as a result of the same phishing, more than ₽3 billion was stolen from Russian bank accounts, while banks returned only 7.4% of the stolen funds. Bank customers transferred half of them to fraudsters themselves.

Restrictions on anti-fraud systems and solutions
There are many restrictions that prevent banks from responding to fraud cases in a timely manner or recovering stolen amounts. These include the fact that banks do not have the right to block incoming payments and delay transactions, outdated card details of intruders (who have already managed to change them), the use of front persons, the speed of withdrawal of funds by fraudsters, long checking of accounts, and the lack of amendments to the legislation regarding blocking and returning stolen funds. In addition, customers themselves disclose their card details, succumbing to the provocation of scammers.

Despite this, banks continue to improve their security systems and, for example, began to take into account the differences in the behavior of young and older users.

Fraudsters often gain the trust of older people and deceive them into transferring their money to a "safe account". But it is not typical for older clients to withdraw money from a deposit before interest is paid, while among young people this behavior will not cause suspicion of security systems.

Therefore, if the anti-fraud system considers the behavior of an elderly person suspicious, this will be an excuse for the security officer to ask them clarifying questions and, possibly, prevent theft.

4. Basic safety rules
Antifraud cannot fully guarantee the protection of users, but without it, the probability of encountering the main types of fraudulent schemes is much higher. Responsibility lies not only with security personnel, anti-fraud analysts, and business owners, but also with cardholders.

It is necessary to improve your digital literacy and adhere to clear rules of digital security:
  • Store your PIN code and Internet Banking login details (login, password, verification words) in a safe place.
  • In any case, do not rush to trust the caller (scammers can introduce themselves as a bank employee and use number substitution) and do not tell anyone your card details, one-time SMS passwords to confirm operations, only if you did not call the bank yourself.
  • Enable SMS notifications from the bank.
  • Use only verified and official websites of companies where you plan to make a purchase.
  • Choose ATMs located in bank offices or large shopping centers with video surveillance.
 
Top