The Payers settled down with Ran Wasserman, former technical director of SecuredTouch and now principal architect at Ping Identity, to discuss data enrichment and its role in the fight against fraud

Can you explain to our readers the basics of what data enrichment means?

Data enrichment is the process of merging multiple data sources (internal and external) to improve the conclusions that can be drawn from the analysis of these combined datasets – a basic example will be obtaining geolocation / city ​​from an IP address.

How does this relate to fraud prevention?

The data is used by merchants to approve / deny transaction payments. However, it often happens that merchants have access to a limited amount of data and therefore any conclusions drawn from the analysis of this particular data set are unreliable and will lead to friction for their customers.

Thus, having more relevant data points at the time of the transaction can lead to better decision making in real time. This is quite similar to the example mentioned earlier: resolving geolocation from IP addresses is commonly used for fraud detection heuristics. In addition, the data may also be used for fraud analysis purposes, more specifically, to analyze user / fraudster activity for the purpose of manually reviewing specific transactions or obtaining a high level analytical view. user / fraudster behavior models to better understand threats. .

How does SecuredTouch help help your customers use data enrichment effectively?

SecuredTouch collects and processes single data points to detect different types of fraudulent activity.

Many of our customers already have built-in risk engines for making real-time decisions, as well as data lakes for analysis and analysis. In addition to using SecuredTouch risk modules to detect fraudulent activity, customers often want to enrich their existing systems with SecuredTouch single data points to improve the visibility and efficiency of their existing risk drivers.

SecuredTouch exposes the processed data layer (called “metrics” on the SecuredTouch platform) to our customers over standard API calls, which means they can enrich their existing risk engines and data lake with metrics from SecuredTouch in order to obtain better detection and better visibility on their fraud.

The indicators presented include the following categories:

  • Behavioral – e.g. mouse movements, typing dynamics, sensors, etc.

  • Usage – e.g. user journey, device usage history, usage history, etc.

  • Device – for example, operating system attributes, browser attributes, hardware attributes, etc.

  • Network – for example, IP reputation, ASN, user agent based attributes, etc.

Going back to your “single data point” reference, please stress a little more what exactly you mean by this and how it can be used to enrich data and improve fraud detection.

Suppose a merchant tries to assess the risk of an online payment transaction. The basic data they have is something like: buyer’s email, credit card information, and product. There is a finite amount of heuristics that we can think of based on these data points alone.

But we can make smarter decisions if we add more relevant data such as:

  • Behavioral data: how were the credit card details populated? Using copy / paste? ; How quickly did he complete the form? Does the behavior match human behavior or does it look like automation (a bot)?

  • Usage data: the user journey that led to this transaction; Have we seen this user / device in the past? When? From where?

  • Device data: device type (desktop / mobile computer, operating system version, etc.), time zone, languages; Anomalies in the attributes of the device? Is it even a reading device? (or is it an emulator?)

  • Network data: geolocation of the IP, owner of the IP (Is it private? Data center? Mobile operator? Etc.); Does this IP already have a bad reputation?

These additional data points provide a new perspective on the transaction that allows anti-fraud and its risk drivers to better identify fraudulent activity in real time and also gain better visibility into user activity, at the same time. both legitimate and fraudulent, allowing them to deepen and improve detection over time.

Under what circumstances did SecuredTouch put this method into practice and what were the results (Advantages / disadvantages)? Why should other companies use it?

SecuredTouch applies this method to our own internal detection modules as well as to our customers who use SecuredTouch data indicators to enrich their internal risk drivers.

Based on our internal models, we can say that combining behavioral data with device attributes creates a dramatic increase in the accuracy and coverage of our models – take bot detection for example: usage behavioral data allows SecuredTouch to detect new attack tools in the wild even if we have never seen / researched them before.

Many of our e-commerce clients are already using SecuredTouch metrics to enrich their risk drivers for several use cases, including account takeover, new account fraud, and payment fraud, and have showed a great improvement in their accuracy.

The additional visibility allows merchants to better understand the nature of the fraudulent activity with which they are confronted and thus to better protect themselves from it (eg traffic of identified emulators, automations, etc.). Visibility into the user journey has also exposed vulnerabilities built into certain user journeys and sometimes even exposes an entire business model to being too fraud-friendly (e.g. referral abuse).

One downside is that adding additional data points adds complexity and makes understanding the logic of risk detection very complex. For this exact reason, having good visibility and built-in analytics capabilities is really important.

About Ran Wasserman

Ran brings over 15 years of experience in software development and cybersecurity, from the elite IAF IT unit as a developer and team leader, to IMPERVA where he held several development positions. and management, focusing on web security and the WAF product. As CTO of SecuredTouch, he leads the research and delivery of SecuredTouch’s leading anti-fraud solutions. With the acquisition of SecuredTouch, Ran is now lead architect for Ping’s product architecture group. Based in Tel Aviv, Israel, Ran holds a B.Sc. in Computer Science from Tel Aviv University College and an MBA from Tel Aviv University.

About SecuredTouch

SecuredTouch, a Ping Identity company, provides adaptive real-time fraud detection throughout the customer journey to detect fraud early, with a proven ROI from day one. credit card fraud and transactionless fraud such as loyalty program and referral fraud. SecuredTouch customers benefit from reduced overall fraud losses while maintaining a smooth customer experience.

About The Author

Related Posts

Leave a Reply

Your email address will not be published.