These additional data points provide a new point of view into the transaction that allows fraud fighters and their risk engines to better identify fraudulent activity in real time and also to get better visibility into the users activity, both legit and fraudsters, which allows them to further improve the detection over time. Network data: geo-location of the IP, owner of the IP (Is it private? Data centre? Mobile carrier? etc.) Does this IP have former bad reputation? Usage data: the user journey that lead to this transaction Did we see this user/device in the past? When? Where from?ĭevice data: the type of device (desktop/mobile, OS version etc.), timezone, languages Any anomalies in device attributes? Is that a read device even? (or is it an emulator?) There's a limited amount of heuristics we can think of based on these data points alone.īut we can make smarter decisions, if we’ll add some more relevant data such as:īehavioural data: How did the credit card detail been filled – Autofill? Using copy/paste? How fast did he fill the form? Does the behaviour match human behaviour or does it look like automation (a bot)?
The basic data that they have is something like: buyers email, credit card information, and the product. Let’s say a merchant is trying to assess the risk of a payment transaction online. Going back to your ‘unique data points’ reference, please emphasise a bit more on what exactly you mean by this and how it can be used for data enrichment and improve fraud detection. IP reputation, ASN, user agent based attributes etc. OS attributes, browser attributes, hardware attributes etc. the user journey, device usage history, usage history etc.ĭevice – e.g. mouse movements, typing dynamics, sensors etc. The exposed indicators include the following categories:īehavioural – e.g. SecuredTouch exposes the processed data layer (called ‘indicators’ on the SecuredTouch platform) to our customers on the standard API calls, which means that they can enrich their existing risk engines and data lake with SecuredTouch’s indicators in order to achieve better detection and visibility into their fraud. Besides using SecuredTouch risk modules to detect fraudulent activity, customers often want to enrich their existing systems with SecuredTouch unique data points in order to improve the visibility and effectiveness of their existing risk engines. Many of our customers already have built-in risk engines for making decisions in real time, as well as data lakes for analysis and analytics. SecuredTouch collects and processes unique data points to detect different types of fraudulent activities. How does SecuredTouch contribute to help your clients use data enrichment efficiently?
In addition, data can also serve for fraud analysis reasons, more specifically, analysing users/fraudsters activity for the purpose of manual review of specific transactions or getting high-level analytical view of the users/fraudsters behavioural patterns in order to better understand the threats. This is quite similar to the previously mentioned example: resolving geo-location from IP addresses is commonly used for fraud detection heuristics. Thus, having more relevant data points at the time of transaction can lead to better decision making in real time. It’s often the case, however, that merchants have access to a limited amount of data and therefore any conclusion drawn from analysing this particular data set is unreliable and will result in friction for their customers. What is the connection between this and fraud prevention?ĭata is used by merchants to approve/decline transaction payments. The Paypers set down with Ran Wasserman, Former CTO at SecuredTouch and now Principal Architect at Ping Identity, to discuss about data enrichment and its role into fighting fraudĬan you explain to our readers the basic tenets of what data enrichment means?ĭata enrichment is the process of merging multiple sources of data (internal with external) to improve conclusions that can be drawn from the analysis of these combined data sets – a basic example will be getting geo-location/-city from an IP address.