Skip to content

Posts from the ‘fraud detection’ Category

Jun 27

How Barclays Is Preventing Fraud With AI

How Barclays Is Preventing Fraud With AI

Bottom Line: Barclays’ and Kount’s co-developed new product, Barclays Transact reflects the future of how companies will innovate together to apply AI-based fraud prevention to the many payment challenges merchants face today.

Merchant payment providers have seen the severity, scope, and speed of fraud attacks increase exponentially this year. Account takeovers, card-not-present fraud, SMS spoofing, and phishing are just a few of the many techniques cybercriminals are using to defraud merchants out of millions of dollars. One in three merchants, 32%, prioritize payment providers’ fraud and security strengths over customer support and trust according to a recent YouGov survey.  But it doesn’t have to be a choice between security and a frictionless transaction.

Frustrated by the limitations of existing fraud prevention systems, many payment providers are working as fast as they can to pilot AI- and machine-learning-based applications and platforms. Barclays Payment Solutions’ decision to work with AI-based solution Kount is what the future of AI-based fraud prevention for payment providers looks like.

How AI Helps Thwart Fraud And Increase Sales at Barclays   

Barclays Payment Services handles 40% of all merchant payments in the UK. They’ve been protecting merchants and their customers’ data for over 50 years, and their fraud and security teams have won industry awards. For Barclays, excelling at merchant and payment security is the only option.

In order to offer an AI-based suite of tools to help merchants make their online transactions both simpler and safer, Barclays chose to partner with Kount. Their model of innovating together enables Barclays to strengthen their merchant payment business with AI-based fraud prevention and gain access to Kount’s Identity Trust Global Network, the largest network of trust and fraud-related signals. Kount gains knowledge into how they can fine-tune their AI and machine learning technologies to excel at payment services. Best of all, Barclays’ merchant customers will be able to sell more by streamlining the payment experience for their customers. The following is an overview of the Barclays Transact suite for merchants.

Barclays and Kount defined objectives for Barclay Transact: protect against increasingly sophisticated eCommerce fraud attempts, improve their merchants’ customer experiences during purchases, prepare for UK-mandated Strong Customer Authentication (SCA) by allowing businesses to take advantage of Transaction Risk Analysis (TRA) exemptions, optimize payment acceptance workflows and capitalize on Kount’s Identity Trust Global Network.

Adding urgency to the co-creation of Barclays Transact are UK regulatory requirements. To help provide clarity and support to merchants and the market from the impact of Covid-19 the Financial Conduct Authority (FCA) have agreed to delay the enforcement of a Strong Customer Authentication (SCA) until 14 September 2021 in the UK. The European Economic Area (EEA) deadline remains 31 December, 2020. Kount’s AI- and machine learning algorithms designed into Barclay Transact, tested at beta sites and fine-tuned for the first release, are effective in meeting UK government mandates.

How AI Is Turning Trust Into A Sales Accelerator At Barclays

The Barclays Payment Solutions and Kount teams believe that the more ambitious the goals for Barclays Transact to deliver value to merchants, the stronger the suite will be. Here are examples of goals businesses can achieve with this partnership:

  1. Achieve as few false positives as possible by making real-time updates to machine learning algorithms and fine-tuning merchant responses.
  2. Reduce the number of manual reviews for fraud analysts consistently by applying AI and machine learning to provide early warning of anomalies.
  3. Minimize the number of chargebacks to merchant partners.
  4. Reduce the friction and challenges merchants experience with legacy fraud prevention systems by streamlining the purchasing experience.
  5. Enable compliance to UK-mandated regulatory requirements while streamlining merchants and their customers’ buying experiences.

Barclays Transact analyzes every transaction in real-time using Kount’s AI-based fraud analysis technology, scoring each on a spectrum of low to high risk. Each Barclays merchant’s gateway then uses this score to identify the transactions which qualify for TRA exemptions. This results in a more frictionless payment and checkout experience for customers, resulting in lower levels of shopping cart abandonment and increased sales. Higher-risk transactions requiring further inspection will still go through two-factor authentication, or be immediately declined, per the regulation and customer risk appetite. The following is an example of the workflow Barclays and Kount were able to accomplish by innovating together:

Conclusion 

Improving buying experiences and keeping them more secure on a trusted platform is an ambitious design goal for any suite of online tools. Barclays and Kount’s successful development and launch of a co-developed product is prescient and points the way forward for payment providers who need AI expertise to battle fraud now. A bonus is how the partnership is going to enrich the Kount Identity Trust Global Network, the largest network of trust and risk signals, which is comprised of 32 billion annual interactions from more than 6,500 customers across 75+ industries. “We are excited to be partnering with Kount, because they share our goal of collaborative innovation, and a drive to deliver best-in-class shopper experiences. Thanks to Kount’s award-winning fraud detection software, the new module will not only help customers to fight fraud and prevent unwanted chargebacks, but it will also help them to maximize sales, improve customer experience, and better prepare for the introduction of SCA,” David Jeffrey, Director of Product, Barclaycard Payments said.

Jan 30

10 Ways To Own Your Cybersecurity In 2020

10 Ways To Own Your Cybersecurity In 2020

Bottom Line: One of the best New Year’s resolutions anyone can make is to learn new ways to secure their personal and professional lives online, starting with ten proven ways they can take greater control over their own cybersecurity.

For many professionals, their personal and professional lives have blended together thanks to the growing number of connected, IoT-capable devices, including cars, home security systems, smartphones, virtual assistants including Amazon Echo, Google Home, WiFi routers, and more. It’s typical to find homes with two dozen or more connected devices that are relied for everything going on in a person’s life from personal interests, connecting with friends, and getting work done.

It’s Time to Secure Every Area of Your Smart, Connected World

Faced with chronic time shortages, many people rely on smart, connected devices supported by AI and machine learning to get more done in less time. They’re proliferating today because they’ve proven to be very effective at personalizing experiences while providing the added convenience of being always on and available to help. Smart, connected devices are an extension of a person’s identity today as they contain insights into buying behavior and, in some cases, actual conversations. The more these devices are protected, the more a person’s identity and most valuable resource of all – time – is protected too.

Strengthening your own cybersecurity starts by seeing every device and the apps you use as potential attack surfaces that need to be protected. Just as you wouldn’t likely leave any of the physical doors to your home unprotected and locked, you need to secure all the digital entrances to your home and person. Like the CEO and cybersecurity team of any organization who is focusing on how to reduce the risk of a breach, the same level of intensity and vigilance to personal cybersecurity needs to become the new normal.

10 Ways You Can Own Your Cybersecurity

The following are the top ten ways you can take control and own your own security. Several of the ways mentioned below are from the recent Centrify webinar, Cybersecurity Best Practices: The Basics and Beyond:

  • Replace weak passwords used on multiple accounts with a unique, longer password for each online account. Start by getting away from having the same password for multiple accounts. When a single account gets hacked, it can easily lead to all the others with the same password and comparable user ID. Passwords are proving to be the weakest attack vector there is for personal information today. World Password Day serves as a reminder every May to use stronger, different passwords on each account.
  • Start researching and choose a Password Manager that is flexible enough to match how you like to work. It’s time to get beyond Post-It notes and paper-based approaches to managing your own passwords now. Dashlane, LastPass, and OneLogin are all excellent password managers worth checking out. If you’re not sure password managers are worth it, I’ve seen them add an additional layer of security to personal and work accounts that would not have otherwise been available. Some will even notify you when an account you have might have been breached, and recommend a new password for you. A screen capture from the webinar illustrates the differences between personal, professional and Privileged Access Management (PAM) levels of password security:

10 Ways To Own Your Cybersecurity In 2020

  • Use single-sign-on (SSO) if available for systems at work, even if you’re logging in at the office. SSO systems use temporary tokens, which have proven to be more reliable than static credentials. One of the primary design goals of SSO is to authenticate your identity once, and give you access to the applications and system resources you need and are entitled to access to get work done.
  • Vault away passwords to critical systems and data. In the privileged access world of Cybersecurity operations in any organization, password vaults have become commonplace. Password vaults are similar to password managers many people use for their personal devices, web applications, and sites they regularly visit. In the case of a password vault, privileged credentials are checked in and out by admins, with each password automatically rotating to ensure greater randomization.
  • Enable security on all the devices you received over the holidays, starting with your WiFi router. If you’ve never set an admin password on your WiFi router and the two guest access points they typically have, now is a great time to do that. If you have an Amazon Echo or Google Home, manually disable the microphones. On the Echo, press the microphone button until the external ring turns red. On Google Home, use the small switch on the side to turn off the microphone..On an Amazon Alexa, it’s possible to review voice recordings associated with your account and delete the voice recordings one by one, by date range, by Alexa-enabled device, or all at once by visiting Settings > Alexa Privacy in the Alexa app or https://www.amazon.com/alexaprivacysettings. It’s a good idea to use PIN protection to disable voice purchases too. If you have Baby Monitors in your home, connect to them using a secured WiFi connection, not Bluetooth. Have everything behind your home firewall, so there’s a minimal number of threat surfaces in your home.
  • Take few of the many LinkedIn learning courses on practical cybersecurity to stay current on the latest techniques. LinkedIn Learning has 19 courses available today that are focused on practical cybersecurity steps you can take to protect your company’s systems and your own. You can find all the 19 courses here. LinkedIn Learning has 462 learning resources available today, available here. I’ve taken a few over a lunch break and have found them informative, interesting, and useful.
  •  Realize that you may be getting phishing and spear-phishing e-mails every week. Cybercriminals are becoming increasingly sophisticated in their use of browser plug-ins to pop up messages asking for your login and password information for sites. Combining the latest information from LinkedIn, Facebook, Twitter, and other sites, hackers often target new employees and with spearfishing campaigns where they impersonate a CEO and other senior-level executives. Spearfishing attempts can be easily thwarted by calling the supposed sender to ask if the request is legitimate. A second way to spot phishing and spear-fishing attempts is they will ask you for one or more of the pieces of information needed for completing a Multi-Factor Authentication (MFA) login to an account. Misspelled words, questionable e-mail addresses, and unsecured domains and websites are also a sure tip-off of a phishing attempt.
  • Bring Your Own Device (BYOD) greatly expands the enterprise attack surface. Define the success of a BYOD security strategy by how well it immediately shuts down access to confidential data and systems first. Being able to immediately block access to confidential systems and data is the most important aspect of securing any BYOD across a network. It’s common for BYOD enablement strategies to include integrations to Dropbox, Slack, Salesforce and Workday, Slack, Salesforce, and others.
  • Always use Multi-Factor Authentication (MFA) everywhere it’s offered. MFA is based on three or more factors that can authenticate who you are. Something you know (passwords, PINs, code works), something you have (a smartphone, tokens devices that produce pins or pre-defined pins) or something you are (biometrics, facial recognition, fingerprints, iris, and face scans). Google, for example, provides MFA as part of their account management to every account holder, in addition to a thorough security check-up, which is useful for seeing how many times a given password has been reused.

10 Ways To Own Your Cybersecurity In 2020

  • Determine where you and your company are from a privileged access maturity standpoint. Centrify shared the four stages of privileged access security on the webinar, and each phase is a useful benchmark for anyone or organization looking to improve their cybersecurity effectiveness. Centrify found in a recent survey that 42% of organizations are at the nonexistent phase of the model. As an organization progresses up the model, there’s greater accountability and visibility for each aspect of a cybersecurity strategy. For individuals, the progression is much the same, all leading to a lower risk of a breach and stolen privileged access credentials occurring.

10 Ways To Own Your Cybersecurity In 2020

Conclusion

While not every user in an organization is going to have privileged entitlements, it is up to every individual to take ownership of their cybersecurity hygiene to ensure they don’t become the most-easily-exploited employee in the company. That’s what the bad guys are looking for: the easiest way in. Why try to hack in against sophisticated technology when they can just guess your easy password, or get you to hand it over to them by phishing? Be cyber smart in 2020 – these ten tips might save you from being the weakest link that could cost your organization millions.

Aug 10

Your Mobile Phone Is Your Identity. How Do You Protect It?

The average cost of a data breach has risen 12% over the past 5 years and is now $3.92M. U.S.-based breaches average $8.19M in losses, leading all nations. Not integrating mobile phone platforms and protecting them with a Zero Trust Security framework can add up to $240K to the cost of a breach. Companies that fully deploy security automation technologies experience around half the cost of a breach ($2.65M on average) compared to those that do not deploy these technologies ($5.16M on average). These and many other fascinating insights are from the 14th annual IBM Security Cost of a Data Breach Report, 2019. IBM is making a copy of the report available here for download (76 pp., PDF, opt-in). IBM and Ponemon Institute collaborated on the report, recruiting 507 organizations that have experienced a breach in the last year and interviewing more than 3,211 individuals who are knowledgeable about the data breach incident in their organizations. A total of 16 countries and 17 industries were included in the scope of the study. For additional details regarding the methodology, please see pages 71 - 75 of the report. Key insights from the report include the following: Lost business costs are 36.2% of the total cost of an average breach, making it the single largest loss component of all. Detection and escalation costs are second at 31.1%, as it can take up to 206 days to first identify a breach after it occurs and an additional 73 days to contain the breach. IBM found the average breach lasts 279 days. Breaches take a heavy toll on the time resources of any organization as well, eating up 76% of an entire year before being discovered and contained. U.S.-based breaches average $8.19M in losses, leading all nations with the highest country average. The cost of U.S.-based breaches far outdistance all other countries and regions of the world due to the value and volume of data exfiltrated from enterprise IT systems based in North America. North American enterprises are also often the most likely to rely on mobile devices to enable greater communication and collaboration, further exposing that threat surface. The Middle East has the second-highest average breach loss of $5.97M. In contrast, Indian and Brazilian organizations had the lowest total average cost at $1.83M and $1.35M, respectively. Data breach costs increase quickly in integration-intensive corporate IT environments, especially where there is a proliferation of disconnected mobile platforms. The study found the highest contributing costs associated with a data breach are caused by third parties, compliance failures, extensive cloud migration, system complexity, and extensive IoT, mobile and OT environments. This reinforces that organizations need to adopt a Zero Trust Security (ZTS) framework to secure the multiple endpoints, apps, networks, clouds, and operating systems across perimeter-less enterprises. Mobile devices are enterprises’ fasting growing threat surfaces, making them one of the highest priorities for implementing ZTS frameworks. Companies to watch in this area include MobileIron, which has created a mobile-centric, zero-trust enterprise security framework. The framework is built on the foundation of unified endpoint management (UEM) and additional zero trust-enabling technologies, including zero sign-on (ZSO), multi-factor authentication (MFA), and mobile threat detection (MTD). This approach to securing access and protect data across the perimeter-less enterprise is helping to alleviate the high cost of data breaches, as shown in the graphic below. Accidental, inadvertent breaches from human error and system glitches are still the root cause for nearly half (49%) of the data breaches. And phishing attacks on mobile devices that are lost, stolen or comprised in workplaces are a leading cause of breaches due to human error. While less expensive than malicious attacks, which cost an average of $4.45M, system glitches and human error still result in costly breaches, with an average loss of $3.24M and $3.5M respectively. To establish complete control over data, wherever it lives, organizations need to adopt Zero Trust Security (ZTS) frameworks that are determined by “never trust, always verify.”. For example, MobileIron’s mobile-centric zero-trust approach validates the device, establishes user context, checks app authorization, verifies the network, and detects and remediates threats before granting secure access to a device or user. This zero-trust security framework is designed to stop accidental, inadvertent and maliciously-driven, intentional breaches. The following graphic compares the total cost for three data breach root causes: Conclusion Lost business is the single largest cost component of any breach, and it takes years to fully recover from one. IBM found that 67% of the costs of a breach accrue in the first year, 22% accrue in the second year and 11% in the third. The more regulated a company’s business, the longer a breach will accrue costs and impact operations. Compounding this is the need for a more Zero Trust-based approach to securing every endpoint across an organization. Not integrating mobile phone platforms and protecting them with a Zero Trust Security (ZTS) framework can add up to $240K to the cost of a breach. Companies working to bridge the gap between the need for securing mobile devices with ZTS frameworks include MobileIron, which has created a mobile-centric, zero-trust enterprise security framework. There’s a significant amount of innovation happening with Identity Access Management that thwarts privileged account abuse, which is the leading cause of breaches today. Centrify’s most recent survey, Privileged Access Management in the Modern Threatscape, found that 74% of all breaches involved access to a privileged account. Privileged access credentials are hackers’ most popular technique for initiating a breach to exfiltrate valuable data from enterprise systems and sell it on the Dark Web.

  • The average cost of a data breach has risen 12% over the past 5 years and is now $3.92M.
  • U.S.-based breaches average $8.19M in losses, leading all nations.
  • Not integrating mobile phone platforms and protecting them with a Zero Trust Security framework can add up to $240K to the cost of a breach.
  • Companies that fully deploy security automation technologies experience around half the cost of a breach ($2.65M on average) compared to those that do not deploy these technologies ($5.16M on average).

These and many other fascinating insights are from the 14th annual IBM Security Cost of a Data Breach Report, 2019. IBM is making a copy of the report available here for download (76 pp., PDF, opt-in). IBM and Ponemon Institute collaborated on the report, recruiting 507 organizations that have experienced a breach in the last year and interviewing more than 3,211 individuals who are knowledgeable about the data breach incident in their organizations. A total of 16 countries and 17 industries were included in the scope of the study. For additional details regarding the methodology, please see pages 71 – 75 of the report.

Key insights from the report include the following:

  • Lost business costs are 36.2% of the total cost of an average breach, making it the single largest loss component of all. Detection and escalation costs are second at 31.1%, as it can take up to 206 days to first identify a breach after it occurs and an additional 73 days to contain the breach. IBM found the average breach lasts 279 days. Breaches take a heavy toll on the time resources of any organization as well, eating up 76% of an entire year before being discovered and contained.

  • U.S.-based breaches average $8.19M in losses, leading all nations with the highest country average. The cost of U.S.-based breaches far outdistance all other countries and regions of the world due to the value and volume of data exfiltrated from enterprise IT systems based in North America. North American enterprises are also often the most likely to rely on mobile devices to enable greater communication and collaboration, further exposing that threat surface. The Middle East has the second-highest average breach loss of $5.97M. In contrast, Indian and Brazilian organizations had the lowest total average cost at $1.83M and $1.35M, respectively.

  • Data breach costs increase quickly in integration-intensive corporate IT environments, especially where there is a proliferation of disconnected mobile platforms. The study found the highest contributing costs associated with a data breach are caused by third parties, compliance failures, extensive cloud migration, system complexity, and extensive IoT, mobile and OT environments. This reinforces that organizations need to adopt a Zero Trust Security (ZTS) framework to secure the multiple endpoints, apps, networks, clouds, and operating systems across perimeter-less enterprises. Mobile devices are enterprises’ fasting growing threat surfaces, making them one of the highest priorities for implementing ZTS frameworks. Companies to watch in this area include MobileIron, which has created a mobile-centric, zero-trust enterprise security framework. The framework is built on the foundation of unified endpoint management (UEM) and additional zero trust-enabling technologies, including zero sign-on (ZSO), multi-factor authentication (MFA), and mobile threat detection (MTD). This approach to securing access and protect data across the perimeter-less enterprise is helping to alleviate the high cost of data breaches, as shown in the graphic below.

  • Accidental, inadvertent breaches from human error and system glitches are still the root cause for nearly half (49%) of the data breaches. And phishing attacks on mobile devices that are lost, stolen or comprised in workplaces are a leading cause of breaches due to human error. While less expensive than malicious attacks, which cost an average of $4.45M, system glitches and the human error still result in costly breaches, with an average loss of $3.24M and $3.5M respectively. To establish complete control over data, wherever it lives, organizations need to adopt Zero Trust Security (ZTS) frameworks that are determined by “never trust, always verify.”. For example, MobileIron’s mobile-centric zero-trust approach validates the device, establishes user context, checks app authorization, verifies the network, and detects and remediates threats before granting secure access to a device or user. This zero-trust security framework is designed to stop accidental, inadvertent and maliciously-driven, intentional breaches. The following graphic compares the total cost for three data breach root causes:

Conclusion

Lost business is the single largest cost component of any breach, and it takes years to fully recover from one. IBM found that 67% of the costs of a breach accrue in the first year, 22% accrue in the second year and 11% in the third.  The more regulated a company’s business, the longer a breach will accrue costs and impact operations. Compounding this is the need for a more Zero Trust-based approach to securing every endpoint across an organization.

Not integrating mobile phone platforms and protecting them with a Zero Trust Security (ZTS) framework can add up to $240K to the cost of a breach. Companies working to bridge the gap between the need for securing mobile devices with ZTS frameworks include MobileIron, which has created a mobile-centric, zero-trust enterprise security framework. There’s a significant amount of innovation happening with Identity Access Management that thwarts privileged account abuse, which is the leading cause of breaches today. Centrify’s most recent survey, Privileged Access Management in the Modern Threatscape, found that 74% of all breaches involved access to a privileged account. Privileged access credentials are hackers’ most popular technique for initiating a breach to exfiltrate valuable data from enterprise systems and sell it on the Dark Web.

Aug 8

AI Is Predicting The Future Of Online Fraud Detection

Bottom Line: Combining supervised and unsupervised machine learning as part of a broader Artificial Intelligence (AI) fraud detection strategy enables digital businesses to quickly and accurately detect automated and increasingly complex fraud attempts.

Recent research from the Association of Certified Fraud Examiners (ACFE)KPMGPwC, and others reflects how organized crime and state-sponsored fraudsters are increasing the sophistication, scale, and speed of their fraud attacks. One of the most common types of emerging attacks is based on using machine learning and other automation techniques to commit fraud that legacy approaches to fraud prevention can’t catch. The most common legacy approaches to fighting online fraud include relying on rules and predictive models that are no longer effective at confronting more advanced, nuanced levels of current fraud attempts. Online fraud detection needs AI to stay at parity with the quickly escalating complexity and sophistication of today’s fraud attempts.

Why AI is Ideal for Online Fraud Detection

It’s been my experience that digitally-based businesses that have the best track record of thwarting online fraud rely on AI and machine learning to do the following:

  • Actively use supervised machine learning to train models so they can spot fraud attempts quicker than manually-based approaches. Digitally-based businesses I’ve talked with say having supervised machine learning categorize and then predict fraudulent attempts is invaluable from a time-saving standpoint alone. Adopting supervised machine learning first is easier for many businesses as they have analytics teams on staff who are familiar with the foundational concepts and techniques. Digital businesses with high-risk exposure given their business models are adopting AI-based online fraud detection platforms to equip their fraud analysts with the insights they need to identify and stop threats early.
  • Combine supervised and unsupervised machine learning into a single fraud prevention payment score to excel at finding anomalies in emerging data. Integrating the results of fraud analysis based on supervised and unsupervised machine learning into one risk score is one way AI enables online fraud prevention to scale today. Leaders in this area of online fraud prevention can deliver payment scores in 250 milliseconds, using AI to interpret the data and provide a response. A more integrated approach to online fraud prevention that combines supervised and unsupervised machine learning can deliver scores that are twice as predictive as previous approaches.
  • Capitalizes on large-scale, universal data networks of transactions to fine-tune and scale supervised machine learning algorithms, improving fraud prevention scores in the process. The most advanced digital businesses are looking for ways to fine-tune their machine learning models using large-scale universal data sets. Many businesses have years of transaction data they rely on initially for this purpose. Online fraud prevention platforms also have large-scale universal data networks that often include billions of transactions captured over decades, from thousands of customers globally.

The integration of these three factors forms the foundation of online fraud detection and defines its future growth trajectory. One of the most rapid areas of innovation in these three areas is the fine-tuning of fraud prevention scores. Kount’s unique approach to creating and scaling its Omniscore indicates how AI is immediately redefining the future of online fraud detection.

Kount is distinct from other online fraud detection platforms due to the company’s ability to factor in all available historical data in their universal data network that includes billions of transactions accumulated over 12 years, 6,500 customers, across over 180 countries and territories, and multiple payment networks.

Insights into Why AI is the Future of Online Fraud Detection

Recent research studies provide insights into why AI is the future of online fraud detection. According to the Association of Certified Fraud Examiners (ACFE) inaugural Anti-Fraud Technology Benchmarking Report, the amount organizations are expected to spend on AI and machine learning to thwart online fraud is expected to triple by 2021. The ACFE study also found that only 13% of organizations currently use AI and machine learning to detect and deter fraud today. The report predicts another 25% plan to adopt these technologies in the next year or two – an increase of nearly 200%. The ACFE study found that AI and machine learning technology will most likely be adopted in the next two years to fight fraud, followed by predictive analytics and modeling.

PwC’s 2018 Global Economic Crime and Fraud Survey is based on interviews with 7,200 C-level and senior management respondents across 123 different nations and territories and was conducted to determine the true state of digital fraud prevention across the world. The study found that 42% of companies said they had increased funds used to combat fraud or economic crime. In addition, 34% of the C-level and senior management executives also said that existing approaches to combatting online fraud was generating too many false positives. The solution is to rely more on machine learning and AI in combination with predictive analytics as the graphic below illustrates. Kount’s unique approach to combining these technologies to define their Omniscore reflects the future of online fraud detection.

AI is a necessary foundation of online fraud detection, and for platforms built on these technologies to succeed, they must do three things extremely well. First, supervised machine learning algorithms need to be fine-tuned with decades worth of transaction data to minimize false positives and provide extremely fast responses to inquiries. Second, unsupervised machine learning is needed to find emerging anomalies that may signal entirely new, more sophisticated forms of online fraud. Finally, for an online fraud platform to scale, it needs to have a large-scale, universal data network of transactions to fine-tune and scale supervised machine learning algorithms that improve the accuracy of fraud prevention scores in the process.