Friday, 27 February 2009

What to look for in a web-based fraud detection system

For online retailers the growth of online shopping is a double-edged sword. While the recession is driving more shoppers online to search for bargains, the more people that shop online the greater the risk of fraud, which makes the cost of acquiring online customers a bit of a tricky biscuit.

As an online retailer you may spend considerable sums not only on customer acquisition but also on automated anti-fraud monitoring technologies, but do the benefits outweigh the costs?

Some online retailers would probably say no, yet as the recession continues to bite, anti-fraud software vendors are eager to tout their automated fraud monitoring solutions, however with so much choice out there and with vendors prescribing different solutions for different operational silos and levels of fraud, how can retailers be sure that they are choosing the right solution?

Gartner recently published its Magic Quadrant for Web Fraud Detection, which describes the market as "still maturing" and consisting of vendors that have "a lot of work to do to round out their product lines". In other words this is a rapidly evolving market and vendors are having to keep up with the rapidly changing =nature of online fraud, which means that solutions with built in flexibility and the ability to quickly introduce new functionality as and when needed without a major overhaul of the existing installation, is key.

Gartner says most web fraud detection systems can be broken down into two types: rules-based software and predictive software that uses artificial intelligence to detect potentially fraudulent behaviours. According to Gartner, predictive software is more effective at catching fraud as rules-based systems tend to be based on past known events that have already occurred, therefore it is not good at detecting new or unknown types of fraud. The more rules you have, the more difficult it is to manage, so Gartner suggests that rules-based systems are only suitable for those companies with minimum levels of fraud.

When selecting a fraud detection system Gartner advises firms to opt for those solutions with a 70% fraud detection rate and a "false-positive" rate of one in five in order to minimise the time spent unnecessarily investigating legitimate transactions. Some anti-fraud solutions such as "geolocation" and "client device identification" have a short shelf life and can be spoofed or fail to keep up with increasingly sophisticated attacks.

Gartner also advises firms to buy solutions that provide value-added services such as authentication in conjunction with fraud detection as well as solutions that work across multiple channels and accounts. Those vendors whose web detection solutions can easily "plub and play" with different authentication technologies score highly.

Prioritising alerts is also key. "Enterprises want and need to be able to prioritise alerts based on their severity and urgency," writes Gartner. "Unless the system returns a score that ranks the severity, it is difficult to know which alerts demand priority attention."

Ease of use may sound like a no-brainer but Gartner says most web fraud detection vendors fall short in terms of providing consoles that enable alerts to be investigated easily. Sufficient levels of reporting also tends to be a downfall. More advanced fraud detection solutions, says Gartner, not only look at log on details or web site access, but also transaction information and user navigation.

No comments: