Expert opinion: NCSC targets payment card fraud

Today, the National Cyber Security Centre revealed that it has thwarted over a million cases of suspected payment card fraud this year.

In response to this, Caroline Hermon, Head of Artificial Intelligence at SAS UK & Ireland, said: “The rapid expansion of payment services over the last few years has led to consumer demands for convenience and flexibility with new payment methods. Banks and other financial institutions are aware that they must meet these demands, but they are also aware that these new payment systems leave them open to new forms of fraud.

“The challenge therefore centres around how banks can adapt to these new types of fraud without damaging the customer experience through large numbers of false positives.

“Where payment fraud was historically driven by card cloning, it has since migrated to transactions where the card does not need to be present, such as online purchases. While it is true that this provides the customer with a more seamless experience, it also aids fraudsters by helping them access funds through illicit transactions and gives banks less time to detect fraudulent activity.

“To detect instances of payment fraud, organisations need to take an agile approach as there is little time for drawn-out checks. However, with up to 10% of rejected orders believed to be valid, they also need to ensure that their prevention systems avoid too many false positives.

“There are many actions that businesses can take to protect themselves from these security threats. For a start, moving from a rules-based to a machine learning analytics system will help to overcome the problem of false positives. These approaches are particularly useful to detect rare payment fraud events hidden in big data sets. Moreover, they reduce the false positive rate by learning customer behaviour over time so that normal behaviour for an individual does not raise alerts.

“Ultimately, payment fraud detection systems must be able to look at payment processes from end-to-end and also across channels. While it is important that banks keep up with consumer expectations to ensure a positive customer experience, they cannot lose track of the privacy and fraud implications that come with seamless payments.”