August 19, 2011
Long before the Internet existed as the e-commerce behemoth it has become, Retail Decisions (ReD) and its forebears were screening card-not-present transactions for fraud. The international fraud prevention group, which has grown to include payment processing in addition to providing custom CNP anti-fraud software for clients around the globe, grew out of two separate firms on either side of the Atlantic Ocean.
Nearly a quarter century ago, a U.S. company called Transaction Billing Services was one of the first to focus on screening CNP transactions for fraud when it began serving telecommunications companies that had introduced calling card services for travelers.
“If you were going to make a phone call from a hotel you probably didn’t want to use the hotel phone directly because the rack rate was so expensive, so you used an international calling card service such as 1-800-CALL-ATT, which gave you lower rates,” said Carl Clump, CEO of Retail Decisions.
Users of these services called the 800-number and were prompted to give credit card details, which Transaction Billing Services grabbed and screened against the data available at the time. “That was, of course, a CNP transaction all those years ago before people were ever thinking about online,” Clump remembers.
Evolution of CNP Fraud Screening
The American and British companies merged and, by the turn of the century, ReD saw that the CNP skill set established by Transaction Billing Services was applicable to the burgeoning marketplace being established for fraud prevention services on the Web. And, Clump says, 22 years of experience sniffing out CNP fraud has enabled ReD to establish an unrivalled database of information to enhance that ability. The company has also evolved its service to employ artificial intelligence as part of the decisioning process. But its beginnings were humble.
“Initially you could do relatively simple things like use databases of lost and stolen cards, combined with some simple rules you would write in order to stop fraud,” Clump explains. “Then it started getting more complex as fraudsters started getting more sophisticated in plying their trade over the Internet.”
Clump says ReD found that, while the “hot” card files and lost and stolen card files were still important, the complexity of the rules they were required to write for their software increased. And, it saw, in order for the rules to be most effective, they had to be customized for each individual client.
“We realized at a very early stage and still believe fundamentally in this principle, that there are no two retailers that are the same,” he says. “They have different products, different pricing policies, different target customers and a different propensity for fraud. All of those factors, and many others, need to be taken into account when you put together a fraud prevention strategy for a merchant.”
As fraud, and the rules written to combat it gained complexity, ReD found another technology to apply to the process to make more accurate decisions on CNP transactions. The company purchased an artificial intelligence system developed by a Nobel Prize-winning professor and his team at Brown University in Providence, R.I. The company employs what it calls “neural networks” to monitor and evaluate large amounts of data in a very short amount of time.
Also, with each transaction it screens, ReD adds each suspicious piece of information to its “warm” database – data like a mobile phone number that comes up too frequently or a delivery address that appears too often, which on their own are not enough to pinpoint fraud, but taken together may enable ReD to identify a fraudulent transaction in the future.
“We have a whole series of activities that take place in parallel,” Clump explains. “The transaction is screened against these warm databases, it’s screened against the rules and the strategies we’ve written for customers, it’s screened against our neural technology, it’s screened against geolocation activity, it’s screened against PC fingerprinting, etc. Some of these pass and some fail then we take each of the individual views from each of the functional areas and assimilate it to come up with one decision to accept, reject or, in a small number of cases, review the transaction with more data.”
Clump proudly points out that all this screening takes place in 400 milliseconds and that it takes 300 milliseconds to blink. “So it is essentially in the blink of an eye we have said that’s a good transaction or a bad transaction.”
Fraudsters ‘Follow the Sun’
ReD’s clients, which include Target, Walmart, Shell Oil, Shoprite, Tesco, Louis Vuitton and Virgin Mobile, span a wide variety of retail verticals and generated transactions in 2010 that originated in 172 different countries. The diversity of industry and geography results in a pool of data that only enhances ReD’s ability to spot fraud, according to Clump.
“A fraudster won’t just attack a series of airlines,” he says. “He’ll attack airlines, gaming sites, apparel merchants, etc. Fraudsters work 24/7/365 and they have a “follow the sun” strategy. It starts in the east. They perpetrate their trade there and then move on to Europe and the U.S. Then they repeat the cycle. We learn from the pooling of the verticals and also from the pooling of geographic data.”
And, while they learn every day, Clump understands that fraud is a constantly shifting target that demands constant vigilance.
“They’re unpredictable,” he says of fraudsters. “It’s very difficult to be ahead of the curve with them. Sometimes the best you can do is be half-step behind and react very quickly to what they’re doing.”
In ReD’s case, that’s in the blink of an eye.