Tackling Modern Fraud Requires Protecting Payment Devices in Real Time

    Shim PYMNTS interview #2

    This article, featuring Vesta's CFO, Shim Steinmetz, is a reprint from PYMNTS.com. The original article by PYMNTS.com can be found here.

    In today’s fast-evolving and increasingly crowded business ecosystem, choosing the right partner is all-important.

    But as with all of life’s biggest questions, the answer is not always obvious and tends to vary based on the operating environment.

    That’s because one thing tends to lead to another.

    “It is the one thing we are always asked, more than anything else: why should we engage with you?” Shimon Steinmetz, chief financial officer at risk assessment and fraud prevention solution Vesta, told PYMNTS. “But the nuance behind that sentiment is going to change by region.”

    Steinmetz explained that specific clients in Latin America have low fraud rates, and it is crucial for his firm to strongly emphasize solving authorization problems.

    “In geographies like Latin America, they have maybe 5 or 2 basis points of fraud — so they don’t think they have a fraud problem. But at the same time, the region has a 70% authorization, 65% authorization rate. Everything is getting rejected. That’s where 40% of your volume is getting rejected, and that’s why they don’t have a fraud problem,” he said.

    On the other hand, in regions with high fraud rates, it is important to take a different approach by emphasizing the ability to help solve for and indemnify payments fraud by offering an added layer of authorization protection to streamline the payment process and ensure that legitimate transactions are approved without any hiccups.

    Fraudsters Move Fast, Firms Need to Move Faster 

    PYMNTS’ research finds that the average FinTech loses $51 million to fraud every year, representing around 1.7% of annual revenue, with many businesses losing even more than that to cyber scammers and other bad actors.

    That’s why more than eight out of 10 CFOs (85%) tell PYMNTS that they are keen on prioritizing fraud controls for incoming payments. 

    “In the authorization space, particularly in emerging markets, authorization is artificially low as a tool to manage fraud. In the North American and European space, in high fraud industries like travel, prepaid cards, and crypto, the fraud rate is actually fairly active as bad actors have proliferated and those industries have expanded and moved online,” he said.

    “You don’t deserve to be in business if you don’t serve a need for your customer…and our company purpose is to put more money in a merchant’s pocket and less money in a fraudster’s,” Steinmetz said.

    That’s because fraud is a near-universal problem, making solving for it a key competitive advantage.

    But solving for it boils down to the nuances being exploited.

    “With COVID, as we all know, buying behavior shifted online, which makes it extremely relevant to ensure that your customers are your customers and the dollars they’re spending go to your pocket, so the conversation is moving and authorization becomes the important KPI,” Steinmetz said. “Just in the digital world, we went from in stores, to digital on your desktop, to digital on your laptop, to anywhere on Wi-Fi, to digital purchases on your phone.”

    This shift to the increasing prevalence of online commerce and digital payments marks a fundamental change in the way companies operate.

     “The industry in fraud is shifting to real-time learnings because the fraudsters are now real-time,” Steinmetz added.

    A Changing of the Guard 

    Steinmetz explained that in cyberspace, “you have something called a zero-day attack, which basically means you’re going to get attacked on day zero, and you’re going to be attacked before you even know what the solution is. Because the bad actors are way ahead of you. It requires a more advanced and adaptable system, which rules-based models cannot provide.”

    This new reality has led to firms abandoning traditional rules-based authorization and fraud detection systems in favor of cutting-edge machine learning technologies.

    “That shift from rules-based to machine learning is an absolutely fundamental change in technology,” Steinmetz said.

    That reason is that fraudsters and bad actors tend to target connectivity points, and when new connectivity points come online, the sequential operations of rules-based protections generally break down or need to be retrained to understand this new vector.

    Comparatively, artificial intelligence (AI) and machine learning defenses can leverage contextual and behavioral clues to identify, flag and defang attacks from bad actors in a much more holistic way.

    And as new devices enter the marketplace and create increasingly new connection points and vector vulnerabilities, leveraging flexible and real-time fraud protection will only become more important.


    Other posts you might be interested in