Here’s how four firms are outsmarting the hackers, particularly during the holiday season.
4 Fraud-Fighting Technologies Make Online Shopping And Banking Safer
Banking and shopping online have never been more popular as a result of the worldwide pandemic and the convenience of accomplishing these tasks 24/7 from home.
Unfortunately, the rise in transactions has come with an unwelcome companion: a rise in fraud.
Online fraud includes false or illegal transactions using stolen payment or identity information. There’s also “friendly fraud,” where a customer instructs the payment provider to cancel payment on a received item or service, resulting in costly chargebacks to the merchant.
Experts estimate that online retailers spend 7 percent of their annual revenue dealing with the average 10 percent of transactions that are fraudulent. The hardest-hit industries are airlines, computer/electronics retailers and money-transfer services.
Fraud also hurts consumers because anti-fraud measures can slow or even stop honest transactions. Residents of countries with a high percentage of fraudulent transactions may find themselves blacklisted from online retailers and financial institutions that got burned too often.
Several Israeli companies have developed sophisticated anti-fraud technologies to protect both sides and simplify weeding out bad actors. Here we review four of them.
As mentioned above, friendly fraud occurs when consumers dispute charges for something they received, rather than returning the item. Maybe their kid bought it without their knowledge, or maybe it’s an impulse buy that they later regretted.
Either way, the merchant gets hit with a chargeback fee unless it can prove the purchase was legitimate. Last year, friendly fraud cost merchants some $125 billion.
Eido Gal and Assaf Feldman founded Riskified in 2013, offering a unique chargeback guarantee. Today it works with three of the 10 largest ecommerce companies and has processed more than a billion orders.
“When order information comes to Riskified in real time, we decide in a second or two whether to accept or reject the order, using sophisticated machine-learning models,” said Elad Cohen, Riskified’s vice president of data science.
“We only get paid for the orders we accept. If we get it wrong, we pay the entire chargeback fee.”
Riskified’s service reduces fraud-related costs by as much as half, says Cohen. “Our fee is substantially lower than their chargeback fees, and they don’t have to pay someone to do it in-house.”
But the main benefit is that Riskified’s automated process increases order approval rates up to 20 percent. That’s because human risk assessors tend to err on the safe side, rejecting suspicious transactions or even blacklisting entire countries.
“For customers, we make e-commerce much more accessible,” says Cohen.
For merchants, additional services include using data to build a case for banks to dispute friendly fraud, determining if a customer is abusing free return or special-offer privileges, and more.
With more than 650 employees — two-thirds in Israel, the rest in New York and smaller branches across the globe — Riskified went public last July and works with clients including Acer, Trip.com and Ticketmaster.
Justt is another Israeli startup helping global merchants fight false chargebacks with smart technology.
Founded in 2019 as AcroCharge, Justt uses machine learning and domain-specific technology to flag incorrect chargebacks and builds tailored solutions to gather and submit evidence on merchants’ behalf.
The company says its customized, fully automated approach defeats 85 percent of friendly fraud while eliminating the need for in-house chargeback mitigation programs.
Founded by Israeli tech industry veterans Roenen Ben-Ami and Ofir Tahor, Justt recently raised $70 million in funding as it expands, now encompassing about 110 employees.
One of Justt’s customers, digital payments giant Melio, reports that its mitigation team was able to reclaim about 30 percent of false chargebacks before implementing the automated solution. The success rate then increased threefold.
“Justt’s hands-off solution integrates with our card processor, allowing us to shift our focus from the never-ending task of fighting chargebacks to conquering our core business goals,” said Matana Soreff, Melio’s vice president of risk and compliance. Justt’s customers pay a fee only after funds are recovered.
“The chargeback system is fundamentally unjust, but many merchants view their losses as simply the cost of doing business. At Justt, we believe there’s a better way, and that ecommerce sellers need someone in their corner as they navigate this archaic system,” said Tahor, Justt’s CEO.
Cybercriminals increasingly try to bilk the elderly out of their life savings, taking advantage of seniors’ lower level of digital savvy.
Using phone calls or text messages (to hide unfamiliar voices) pretending to be a grandchild in need of emergency cash, they may steal identity info to open a new account or persuade the victim to log into their bank account and then take it over.
After determining that 40 percent of confirmed fraudulent credit-card applications involved a person with a declared age of 60 or older, BioCatch recently launched its Age Analysis fraud-prevention solution for the 50 big financial institutions among its 100 clients in 20 countries.
BioCatch was founded in 2011 based on military machine-learning technology to authenticate identities using behavioral biometrics — how you type, move the mouse or handle your smartphone. Even small differences in behavior suggest that a hacker, not the account holder, is at the keyboard.
“When you apply to open a bank account online you type in a lot of information. The rhythm of typing is different if you’re doing it from memory or looking at a piece of paper,” says BioCatch vice president of cyber, Oren Kedem.
Knowing that typical cybercriminals are much younger than their victims, BioCatch taught its Age Analysis software to flag behavioral biometrics that don’t match the purported age of the applicant.
“We know how a person born in 1949 behaves online and how a person born in 1989 behaves online. If there’s a mismatch, we alert the client. We see that age detection is quite accurate,” says Kedem, especially when someone tries to open a new account.
“We don’t actively stop anything. We don’t tip off the bad guys. We collect the data invisibly and provide insights that allow the client to make a decision whether to approve, decline, or ask the applicant to contact customer support.”
BioCatch has more than 200 employees, with research and development in Israel and offices in North and South America, Europe, Asia and Australia.
Identiq was established in 2018 with the idea of creating a peer-to-peer network that allows merchants to validate the identities of new users.
“Let’s say you sign up for a ride-sharing service. They’re putting you in a car with a stranger and need to know that you are who you say you are,” said chief marketing officer Shmuli Goldberg.
“Aside from the risks of credit card fraud, account takeover and identity theft, it’s also an issue of trust and safety. If you can be assured it’s a real person, a huge amount of the problems of fraud and bad actors go away,” says Goldberg.
“We do that by enabling our clients to verify your identity with companies that already know and trust you and have your IP address and credit card number, such as your video streaming service or grocery delivery company.”
Identiq’s algorithm-powered solution keeps user details anonymous and is both GDPR (European Union privacy law) and CCPA (California Consumer Privacy Act) compliant.
“We use multiparty computation, a well-known branch of cryptography that makes sure we can run a computation on data we both have without either of us exposing that data to each other,” Goldberg said.
Working under the covers during the signup process, Identiq’s scalable solution can handle hundreds of millions of inquiries simultaneously and instantaneously.
“Trusted users get a perfectly seamless experience. They’re not treated as fraudsters, there’s no more validating numbers or one-time verification charges. In the 1 percent where something doesn’t match up, we alert the client that we never saw this person with a credit card before.”
Identiq is working primarily in large business-to-consumers sectors, such as ridesharing, financial services, retail, travel, gaming, dating sites and social media.
“We can be used not only at account creation, but also before a customer places a huge order, or reactivates an existing account. A good user would be expected to have a range of companies across industries that know this user’s name, email address and phone number,” Goldberg says.
Produced in association with Israel21c.
CORRECTION: Dec. 16, 2021, 7:31 a.m.
An earlier version of this story misattributed a quote by Oren Kedem to Cohen. Zenger regrets the error.