Read the AITE Report! Maximizing the Potential of CNP: Collaboration via 3-D Secure is the Key

What Is Risk-Based Transaction Monitoring?

Transaction monitoring refers to the monitoring of all customer transactions. A risk-based approach requires more intensive monitoring for clients or scenarios that have a higher risk.

By analyzing the risk of each transaction, businesses can protect themselves from fraud while preserving the customer experience. For example, in eCommerce businesses, owners not only fight fraud but continuously work to improve their conversion rates and reduce cart abandonment.

Risk-based transaction monitoring provides more transparency about purchases by monitoring customer behaviors and assigns appropriate responses based on the level of risk. Suspicious transactions may be sent through a challenge flow, while legitimate customers continue their checkout unimpeded. This is called a frictionless flow, and it’s one of many reasons why risk-based monitoring is so effective at preventing fraud.

How Does Risk-based Monitoring Work?

Overview

At a high level, risk-based monitoring relies on statistical analysis and data models to identify fraud. These models are continuously fed data on legitimate and fraudulent transactions so that the algorithm can learn the difference between the two.

Risk-based monitoring compares each transaction to statistical models and assigns the transaction a risk score based on the behavior of the user. Important metrics such as device ID, IP address, transaction volume, and account age are considered when assigning a risk score. Organizations can configure different flows for transactions that reach certain risk scores and customize their fraud prevention system to suit their risk tolerance and company policies.

Building Risk Models

Developing effective risk-based monitoring requires large amounts of data and finely tuned machine learning techniques to score each transaction accurately. Analyzing a diversity of data points is key to understanding user behavior.

Many risk-based systems gather data, including the following:

  • Transaction amount, history, and frequency
  • Device IP address, screen resolution, browser fingerprinting, and device ID
  • Geolocation, MAC address, and indicators of device emulation
  • Signs of automation, bot activity, and malware
  • Authentication results, channel, and internal intelligence

This data helps determine an accurate risk score, and it’s key to developing identity science tools that prevent account takeover fraud and new account fraud. To stay effective in the wake of new threats, risk-based monitoring leverages global intelligence networks to continuously monitor the threat landscape.

Systems like the Outseer Global Network have thousands of contributing organizations across 150 countries, including law enforcement agencies and Internet Service Providers (ISPs). As members confirm genuine and fraudulent transactions, the data from those transactions are shared across the network. This adjusts the risk score automatically for all Outseer customers and helps prevent new and unrecognized methods of fraud.

Risk Scoring Methods

Once data is collected, statistical analysis is applied to calculate the risk score. This involves calculating the conditional probability of an action being fraudulent and analyzing the known factors and predictors using machine learning. Machine learning algorithms provide a flexible and transparent way to assess risk and accurately develop risk scores. Using the correct technology to score risk is a common challenge when tackling fraud.

Rule-based methods are static, meaning they don’t learn over time as data changes or threats adapt. Artificial Neural Networks (ANNs) work in a similar manner to machine learning but fail to work accurately with small data sets. A fundamental flaw with ANNs is their lack of transparency, which is vital when understanding how a risk assessment was generated.

You can think of ANNs as black boxes, where data is fed into one end and comes out the other. This is a problem because there’s no way to visualize the contributing factors or understand what factors weighed most to create the risk score. Inaccurate risk scoring can negatively impact the customer experience and leave the door open for fraud.

Proprietary machine learning algorithms like the Outseer Risk Engine take all factors into consideration and use the most predictive factors to provide transparent and accurate scoring. By processing over 100 different fraud indicators, the risk engine determines the relative risk based on device and behavioral profiling. This data is further enriched through the Outseer Global Data Network to provide the most accurate assessment possible.

Risk-based Actions

Once risk is identified, actions can be applied to block blatant fraud and filter highly suspicious transactions. This is known as a challenge flow, which requires the user to authenticate themselves in some way. Organizations using the Outseer Fraud Manager can pick from out-of-the-box step-up authentication methods or use their own.

Step-up verification often uses phone calls, text messages, or emails to confirm a user’s identity. Biometric authentication such as fingerprint and speech recognition can also be used to identify users. The benefit of step-up authentication is that it only applies to suspicious transactions, leaving real customers uninterrupted. This frictionless approach improves the user experience and is a core component of combating eCommerce fraud.

Outseer Solution

Understanding the nuances of risk-based monitoring can be overwhelming. That’s why major credit card companies, financial services firms, and payment processors count on Outseer to protect themselves and the businesses they serve.

Unlike traditional fraud monitoring methods, Outseer reads between the lines to understand how real customers behave compared to fraudsters—stopping 95% of all fraud loss with only 5% of transactions ever requiring intervention.

Last year alone, we saved our customers $1.6 billion in potential transaction fraud losses. To learn how you can protect your customers through the power of frictionless fraud prevention, request a free demo today.

Reed Taussig

Chief Executive Officer

Reed is a 35 year technology industry veteran, responsible for the overall strategy and execution of the Outseer business. He was most recently an operating executive at Marlin Equity Partners. Prior to that Reed was CEO of ThreatMetrix, a SaaS company and a leader in fraud prevention solutions based on digital identity intelligence where he drove innovation and led growth.