Enterprise Fraud Management: Detection & Prevention

Enterprise Fraud Management: Detection & Prevention

Author avatar

by Tamas Kadar

Enterprise fraud management is more important than ever. Let’s look at common challenges, solutions, and features that will protect your company

According to the PwC Global Economic Crime and Fraud Survey 2020, fraud cost businesses $42B worldwide. In a business world that’s rapidly changing and more competitive than ever, that’s a lot of profit companies cannot afford to see vanish into thin air.

And fraud sees no sign of slowing down. We are in a perfect storm of economic uncertainty, and wide availability of fraud technology. Unscrupulous individuals only need a computer, Internet connection and bad intentions to attack businesses.

We’ll dive into specific technological tools later, and most importantly, discuss the line of defense your company must put in place. But first, let’s start with the broad definition.

What is Enterprise Fraud Management (EFM)?

Enterprise Fraud Management (EFM) is the collection of processes designed to prevent internal and external fraud in an organisation. EFM collects user, account and device data in order to identify fraud, corruption or criminal behaviour. 

What Factors Determine Enterprise Fraud Management (EFM)?

EFM allows large-scale businesses to address all aspects of the fraud ecosystem, from data collection and analysis to monitoring and investigation capabilities.

Often, EFM systems are broken down into five key layers:

  1. Endpoint-centric layer looks to protect the users point of access through 3DS, geolcation or other authentication solutions.
  2. Navigation-centric layer compares data previously gathered with the current behavioral patterns to analyze the likelihood of, for example, an account takeover (ATO).
  3. Channel-centric layer which monitors an accounts activity within an individual channel, comparing their actions to previous acvitities and the ruleset in place.
  4. Cross-channel layer this analyses a users behaviour across multiple channels, including product and payment.
  5. Entity link analysis layer directly compares relationships between the user and transactions.

Four Common Types of Enterprise Fraud

Still, according to PwC, 47% of companies experienced fraud in the past 24 months. That’s after querying more than 5,000 respondents across 99 territories. The reason so many have been hit is simple: any online business is a target.

Transaction Fraud and Chargebacks

Chargebacks are a protection designed to help cardholders against fraud. If someone uses their card in a CNP (Card Not Present) content, they may request their money back. 

The problem: this is a costly process, as the burden of admin fees is on the company, not the issuing or acquiring bank. In fact, every chargeback is estimated to cost $20 – 100 to the company. 

Now, how do fraudsters acquire these credit card numbers in the first place? Darknet marketplaces. Anyone with an address and a TOR (anonymous) connection and cryptocurrency can purchase huge lists of CCs (credit card numbers) that have been stolen from data breaches or via phishing techniques. 

To make matters worse, companies must also understand when chargebacks are the result of friendly fraud. This is the term used when the card wasn’t stolen, but used by a customer who changed their mind, wasn’t aware a family member used it, or simply wanted to protest a company’s policy by requesting a refund. This is why transaction monitoring is primordial, but you also need to understand the data points behind each payment.

For a more in-depth look at the technical terms, you can read our fraud dictionary, which focuses on common online fraud types.

Account Takeover (ATO) Attack

If your enterprise has customer or staff accounts, you are a target of fraudsters. Every account is valuable, simply because they are linked to personal information. Fraudsters can use that information to find passwords, IDs, and ideally, banking or payment information. 

The place to obtain login information is the dark web, where entire lists of account usernames and passwords are sold. These come from data breaches, phishing attempts or targeted phishing (called spear phishing). 

But fraudsters also target weak password protection, use advanced techniques such as SIM-jacking, and malicious software to hack accounts. The problem with ATO attacks are manifold: 

  • Hacks and security issues put a strain on your IT team
  • Support is overwhelmed by customer requests who want to reclaim their accounts
  • The finance department must fight chargebacks
  • Users turn to competitors due to a loss of reputation and brand trust
  • Stocks can plummet after a publicised breach (dropping down to 7.5% in some cases according to Bitglass research).

In recent years, we’ve seen all kinds of accounts hacked and resold on the darkweb, for a variety of services:

value of stolen accounts on the darkweb
Value of accounts stolen by ATO attacks and resold on the darkweb

No service, retailer, or enterprise business is safe. If there’s anything valuable in an account, fraudsters will find it and do their best to make it theirs.

Fake Accounts From Stolen and Synthetic IDs

If your enterprise has KYC checks in place, whether it’s part of PSD2 or AML (Anti-Money Laundering) regulations, you’ll already know that one of the key challenges is in ensuring your users are legitimate.

Fraudsters can create accounts for a variety of reasons, but the methods tend to be the same: use stolen IDs from legitimate people, or create them using a combination of real and fake details (synthetic IDs)

Here is what you risk when you onboard users with illegitimate data: 

  • AML and KYC fines
  • Customers defaulting on loan and insurance payments
  • Fake reviews
  • Compliance issues
  • And much more…

This is all in the realm of customer risk assessment, which your business should have in place – using a flexible and scalable solution.

Multi Accounting for Bonus, Promo and Referral Abuse

Once the main challenge of iGaming companies, bonus, promo and referral abuse has become increasingly prominent as businesses implement modern marketing techniques.

The challenge for growing businesses, whether B2C or B2B is to attract visitors to their website. This is where the marketing team can use a number of techniques such as special offers, discounts and referral codes.

Fraudsters have been quick to find ways to exploit these avenues. They create multiple accounts to refer themselves and cash out any offer they can. This means that if you can’t spot the connections between similar users (or bots) your marketing dollars are wasted. 

Enterprise Fraud Protection: What to Look For

Regardless of the size of your company, an effective EFM solution should meet a certain number of requirements, starting with how you deploy them:

Seamless Integration

How long will it take to deploy the enterprise fraud protection system? Two hours or two months? Will your IT team be overwhelmed with complex coding projects, or will you be able to do it all via simple API calls?

While traditional and legacy fraud prevention systems tended to lock you into yearly contracts with lengthy integrations (and high integration costs), these days modern fraud platforms can be deployed in as little as a few days. 

And of course, as with any business decision for enterprises, you should consider the pros and cons of outsourced fraud solutions before jumping the gun.

Real-Time Analysis and Results

When it comes to enterprise fraud prevention, there are two crucial factors: how much data you can work with, and how fast you can get it. Which is to say, real-time analysis is a must. This is particularly important in the context of KYC checks, where you don’t want to keep your users waiting too long.

When it comes to enterprise fraud prevention, there are two crucial factors: how much data you can work with, and how fast you can get it. Click To Tweet

Data enrichment should also be performed in real-time, even when it’s to build a digital credit score using your users’ digital footprint. The results shouldn’t take longer than 1 second to get back to your software. Any latency can cause a bottleneck for your operations, which will slow your users’ journey, and reduce the efficiency of your operations.

Bring Your Own Model / Rules

Chances are, you already have some kind of protection system at your company. Maybe your fraud managers and risk teams have spent years building a good model using specific rules to flag suspicious use. So when migrating to a multi layered fraud prevention strategy, the first question in mind should be: How easy is it to import your own model. Will you have to start from scratch, and more importantly, can you even use an infinite number of custom rules? 

Fraud managers might also like to know that some solutions come with pre-built templates tailored to specific industries. It can be a boost in getting started, or useful to test the rules against your current models to increase their precision.

Compliance With Laws and Regulations

When it comes to enterprise tools, the logistics of compliance can quickly become a headache, especially when data processing is involved. So can your solution segregate data when needed? Will your fraud prevention data enrichment come from GDPR compliant sources?

And for enterprises in the financial sector, there are plenty more questions to answer, whether it’s about PSD2 regulations or SCA requirements.

Whitebox Vs Blackbox System

Once set up, your anti-risk software will deliver risk scores that help you make informed decisions. The way these scores are calculated can be hidden, or exposed to your risk team. When the system is opaque, it is called blackbox. If you get an explanation for the scores in human readable terms, it is called whitebox.

It’s also important to understand if your system can suggest risk rules. More and more enterprise fraud solutions leverage artificial intelligence (AI) and specifically machine learning (ML) for that purpose. Here again, you want to ensure a machine learning system can be whitebox, that is to say, able to demonstrate why the rules were suggested. It’s the only way to stay in control of risk management with the help of AI insights.

Pricing Model

Here again, fraud management vendors have made huge innovations in recent years. Whereas legacy enterprise fraud management systems tied companies to lengthy contracts and absurd extra charges for support and integration, you can absolutely deploy a full end-to-end solution on a simple SaaS pricing model.

In fact, the most flexible solutions allow you to only pay for every API call, which would give you full control over costs and ROI. However, you decide to pay for your solution, just ensure that the pricing is clear, transparent, and doesn’t hide any extra fees.

checklist for ensuring transparent enterprise fraud prevention pricing

For more information, please download our free ebook which answers key questions and dives into more detail about the technical differences between fraud systems.

Key Takeaways: Enterprise Fraud Management

If your company is suffering too many losses due to fraud, both in terms of resources and costs, it’s time to invest in a modern fraud prevention system.

The good news: modern solutions are agile, modular, and can be seamless to integrate. Transaction monitoring and chargeback prevention, amongst others, are easier than ever to deploy,  so you can see fraud rates decrease in days, without slowing your business operations.

And if you need more information on getting started with your first end-to-end enterprise fraud protection tool, check out our 5 tips on how to train fraud managers or fraud risk assessment checklist you could implement today.

Is enterprise fraud software expensive?

In short, likely yes. Layering your defenses with more modern fraud solutions can help cut costs but cost can vary depending on your requirements, as explained below.

How much does enterprise software cost?

It can cost anywhere from $2000 to $100,000+ depending on your demands, amount of transactions analysed and the level of risk involved.

Is enterprise fraud software hard to integrate?

This varies depending on the solutions you decide on. Some companies will offer simple API integrations with the availability of layering alongside other products, however, you could decide on one enterprise-grade product which might offer/require onsite integrations.

You might also be interested in reading about:

Learn more about:

Data Enrichment | Browser Fingerprinting | Device Fingerprinting | Fraud Detection API | Machine Learning Fraud

Try a Fraud Product Demo

Share article

See a live demo of our product

Click here

Author avatar
Tamas Kadar
CEO

Tamas is the founder and CEO of SEON and an expert in all the technological aspects of fraud prevention.


Sign up to our newsletter