In our prior series, we’ve demonstrated just how sophisticated online retailers and banks have had to become to fight fraud.
But fraudsters find ways to overcome new techniques, creating an ever escalating game of cat-and-mouse. For every new fraud measure that merchants implemented, fraudsters quickly found a work around. The market has realized this chain needs to stop and the solution receiving the most attention for its ability to keep fraudsters guessing combines two different technologies into one powerful, anti-fraud hammer: Behavioral Biometrics and Machine Learning.
Behavioral Biometrics – Only Half The Solution
We looked to biometrics first. Biometrics are related to human characteristics. Physiological biometrics are ones that are based on your physical body and something we’re increasingly familiar with, everything from fingerprint authentication on a smart phone to facial recognition software paired with surveillance systems. A physiological biometric is one you either have or don’t, but can be faked or obscured.
Behavioral biometrics are just as unique as physiological ones, but are based on unconscious behaviors that are just as measurable and collectable, things like your typing rhythm or walking gait.
Because behavioral biometrics are both unconscious and a collection of data instead of a single data point, they are incredibly difficult for fraudsters to mimic. Where a password can be stolen, cracked, or copied, a behavioral profile requires the authentic user at all times. Behavioral biometrics bypasses the password.
What’s more, behavioral biometrics makes it easy to determine what’s human and what’s not. Heavily repeated patterns, such as many users all acting in exactly the same way, is an unmistakable red flag.
But capturing a range of biometrics increases the amount of data to study exponentially – beyond what humans can analyze without help. That’s where machine learning comes in.
Machine Learning – the Answer to Big Data’s Problem
When it came to fraud prevention, we started with rules and the rules were simple, obvious: flag any purchase over $40,000, flag out-of-state shipping, etc. But for every rule made, fraudsters tested the system, found the weak points and exploited them. To plug those holes, more rules, until the fraudsters broke them, too. It’s an inherently reactive system — new rules get added, fraudsters find new ways to exploit the system, and suddenly you have hundreds of rules to manage requiring first a team, then a whole department. As businesses scale, rules-based fraud protection becomes fundamentally unsustainable.
Machine learning algorithms learn which data points from a collection of hundreds or thousands are significant when detecting fraud. Instead of humans telling the system what it should look for, the algorithm automates the investigation of more data than is possible for a human to screen, correlating hundreds of data points like typing speeds, scrolling speed, preferred times of day to visit, top cities, countries, devices, credit card numbers, credit card types.
The program learns the telltale signs of fraud that are unique to each website, creating a customized solution that is always adapting. Beyond just learning what fraud looks like, the program also learns the signifiers of good users, removing the risk of false-positive fraud results.
When behavioral biometrics and machine learning are combined and used alongside rules-based fraud prevention and passwords, merchants get the most sophisticated and precise fraud decision tool on the market today.
Forget merely detecting fraud after the fact — with Machine Learning and Behavioral Biometrics, we can predict fraud before it happens.