Enterprise fraud management is more important than ever. Let’s look at common challenges, solutions, and features that will protect your company
According to the PwC Global Economic Crime and Fraud Survey 2020, fraud cost businesses $42B worldwide. In a business world that’s rapidly changing and more competitive than ever, that’s a lot of profit companies cannot afford to see vanish into thin air.
And fraud sees no sign of slowing down. We are in a perfect storm of economic uncertainty, and wide availability of fraud technology. Unscrupulous individuals only need a computer, Internet connection and bad intentions to attack businesses.
We’ll dive into specific technological tools later, and most importantly, discuss the line of defense your company must put in place. But first, let’s start with the broad definition.
What is Enterprise Fraud Management (EFM)?
Enterprise Fraud Management (EFM) is the collection of processes designed to prevent internal and external fraud in an organisation. It is performed by collecting data relating to users, accounts, devices and connection types, amongst others. That data can be enriched with external sources. It is then analysed and used to identify anything that could point to fraud, corruption or criminal behaviour.
The Most Common Types of Enterprise Fraud
Still, according to PwC, 47% of companies experienced fraud in the past 24 months. That’s after querying more than 5,000 respondents across 99 territories. The reason so many have been hit is simple: any online business is a target.
Transaction Fraud and Chargebacks
The problem: this is a costly process, as the burden of admin fees is on the company, not the issuing or acquiring bank. In fact, every chargeback is estimated to cost $20 – 100 to the company.
Now, how do fraudsters acquire these credit card numbers in the first place? Darknet marketplaces. Anyone with an address and a TOR (anonymous) connection and cryptocurrency can purchase huge lists of CCs (credit card numbers) that have been stolen from data breaches or via phishing techniques.
To make matters worse, companies must also understand when chargebacks are the result of friendly fraud. This is the term used when the card wasn’t stolen, but used by a customer who changed their mind, wasn’t aware a family member used it, or simply wanted to protest a company’s policy by requesting a refund. This is why transaction monitoring is primordial, but you also need to understand the data points behind each payment.
For a more in-depth look at the technical terms, you can read our fraud dictionary, which focuses on common online fraud types.
Account Takeover (ATO) Attack
If your enterprise has customer or staff accounts, you are a target of fraudsters. Every account is valuable, simply because they are linked to personal information. Fraudsters can use that information to find passwords, IDs, and ideally, banking or payment information.
The place to obtain login information is the dark web, where entire lists of account usernames and passwords are sold. These come from data breaches, phishing attempts or targeted phishing (called spear phishing).
But fraudsters also target weak password protection, use advanced techniques such as SIM-jacking, and malicious software to hack accounts. The problem with ATO attacks are manifold:
- Hacks and security issues put a strain on your IT team
- Support is overwhelmed by customer requests who want to reclaim their accounts
- The finance department must fight chargebacks
- Users turn to competitors due to a loss of reputation and brand trust
- Stocks can plummet after a publicised breach (dropping down to 7.5% in some cases according to Bitglass research).
In recent years, we’ve seen all kinds of accounts hacked and resold on the darkweb, for a variety of services:
No service, retailer, or enterprise business is safe. If there’s anything valuable in an account, fraudsters will find it and do their best to make it theirs.
Fake Accounts From Stolen and Synthetic IDs
If your enterprise has KYC checks in place, whether it’s part of PSD2 or AML (Anti-Money Laundering) regulations, you’ll already know that one of the key challenges is in ensuring your users are legitimate.
Here is what you risk when you onboard users with illegitimate data:
- AML and KYC fines
- Customers defaulting on loan and insurance payments
- Fake reviews
- Compliance issues
- And much more…
This is all in the realm of customer risk assessment, which your business should have in place – using a flexible and scalable solution.
Multi Accounting for Bonus, Promo and Referral Abuse
Once the main challenge of iGaming companies, bonus, promo and referral abuse has become increasingly prominent as businesses implement modern marketing techniques.
The challenge for growing businesses, whether B2C or B2B is to attract visitors to their website. This is where the marketing team can use a number of techniques such as special offers, discounts and referral codes.
Fraudsters have been quick to find ways to exploit these avenues. They create multiple accounts to refer themselves and cash out any offer they can. This means that if you can’t spot the connections between similar users (or bots) your marketing dollars are wasted.
Enterprise Fraud Protection: What to Look For
Regardless of the size of your company, an effective EFM solution should meet a certain number of requirements, starting with how you deploy them:
How long will it take to deploy the enterprise fraud protection system? Two hours or two months? Will your IT team be overwhelmed with complex coding projects, or will you be able to do it all via simple API calls?
While traditional and legacy fraud prevention systems tended to lock you into yearly contracts with lengthy integrations (and high integration costs), these days modern fraud platforms can be deployed in as little as a few days.
And of course, as with any business decision for enterprises, you should consider the pros and cons of outsourced fraud prevention before jumping the gun.
Real-Time Analysis and Results
When it comes to enterprise fraud prevention, there are two crucial factors: how much data you can work with, and how fast you can get it. Which is to say, real-time analysis is a must. This is particularly important in the context of KYC checks, where you don’t want to keep your users waiting too long.When it comes to enterprise fraud prevention, there are two crucial factors: how much data you can work with, and how fast you can get it. Click To Tweet
Data enrichment should also be performed in real-time, even when it’s to build a digital credit score using your users’ digital footprint. The results shouldn’t take longer than 1 second to get back to your software. Any latency can cause a bottleneck for your operations, which will slow your users’ journey, and reduce the efficiency of your operations.
Bring Your Own Model / Rules
Chances are, you already have some kind of protection system at your company. Maybe your fraud managers and risk teams have spent years building a good model using specific rules to flag suspicious use. So when migrating to a multi layered fraud prevention strategy, the first question in mind should be: How easy is it to import your own model. Will you have to start from scratch, and more importantly, can you even use an infinite number of custom rules?
Fraud managers might also like to know that some solutions come with pre-built templates tailored to specific industries. It can be a boost in getting started, or useful to test the rules against your current models to increase their precision.
Compliance With Laws and Regulations
When it comes to enterprise tools, the logistics of compliance can quickly become a headache, especially when data processing is involved. So can your solution segregate data when needed? Will your fraud prevention data enrichment come from GDPR compliant sources?
And for enterprises in the financial sector, there are plenty more questions to answer, whether it’s about PSD2 regulations or SCA requirements.
Whitebox Vs Blackbox System
It’s also important to understand if your system can suggest risk rules. More and more enterprise fraud solutions leverage artificial intelligence (AI) and specifically machine learning (ML) for that purpose. Here again, you want to ensure a machine learning system can be whitebox, that is to say, able to demonstrate why the rules were suggested. It’s the only way to stay in control of risk management with the help of AI insights.
Here again, fraud management vendors have made huge innovations in recent years. Whereas legacy enterprise fraud management systems tied companies to lengthy contracts and absurd extra charges for support and integration, you can absolutely deploy a full end-to-end solution on a simple SaaS pricing model.
In fact, the most flexible solutions allow you to only pay for every API call, which would give you full control over costs and ROI. However, you decide to pay for your solution, just ensure that the pricing is clear, transparent, and doesn’t hide any extra fees.
For more information, please download our free ebook which answers key questions and dives into more detail about the technical differences between fraud systems.
Key Takeaways – Time to Deploy an End-to-end Fraud Platform?
If your company is suffering too many losses due to fraud, both in terms of resources and costs, it’s time to invest in a modern fraud prevention system.
The good news: modern solutions are agile, modular, and can be seamless to integrate. Transaction monitoring and chargeback prevention, amongst others, are easier than ever to deploy, so you can see fraud rates decrease in days, without slowing your business operations.
And if you need more information on getting started with your first end-to-end enterprise fraud protection tool, check out our 5 tips on how to train fraud managers or 5 fraud prevention tactics you could implement today.
Learn more about our products
Tamas is the founder and CEO of SEON and an expert in all the technological aspects of fraud prevention.