The Holy Grail of fraud-fighting would be the ability to stop 100% of the fraudsters 100% of the time from ever making it onto your platform — without affecting legitimate customers or users who want to open an account. While that’s a noble goal, and one that businesses continue to strive for, it is unfortunately not yet a reality.
The truth is that skilled fraudsters will sometimes get past even the best-laid of defenses. That’s why it’s so important for your anti-fraud strategy to go beyond simply denying access. You must also have a plan for detecting potentially fraudulent accounts and profiles that have made it through your first line of defense that are often concentrated at the point of onboarding. It’s also why it’s so important to have multiple layers of defense across the entire user journey.
Below, we take a look at what fraud detection is, how it works, and why it’s so important for businesses. We also walk through a number of fraud detection methods you may want to consider adding to your arsenal.
What is fraud detection?
Fraud detection refers to the processes and systems a business implements to identify potentially fraudulent accounts or behaviors on its platform. Once identified, activity can be further analyzed to determine whether or not it is truly fraudulent, and accounts can be monitored or immediately purged.
That said, what counts as fraudulent activity will vary depending on your company and the industry you operate within. Financial institutions and fintechs, for example, predominantly implement fraud detection policies to prevent financial loss and to identify cases of financial crime such as money laundering, tax evasion, and theft. Social media platforms, on the other hand, may be less concerned with crime and more concerned with breaches in their terms of service agreement — cases of impersonation, the spread of misinformation, harassment, etc.
Fraud detection and the 3 D’s of fraud prevention
The 3 D’s of fraud prevention are a framework you can use to design a comprehensive anti-fraud strategy for your business. This framework consists of:
- Deter: Increasing the requirements for bad actors to commit fraud so they’ll give up and move on to an easier target.
- Detect: Maximizing your ability to capture signals and denote risk so you can identify fraudulent accounts or activity and take action against them.
- Deny: Making it harder for known bad actors to get through a second time so they can’t become repeat offenders.
As the second link in the chain, fraud detection plays an important role in the framework. Not only is it there as a second line of defense, but it also empowers the ongoing denial of repeat offenders.
Fraud detection methods
As you begin thinking about implementing fraud detection for your business, it’s important to have a sense of the different methods at your disposal, as well as their strengths and weaknesses. Bear in mind: In most cases, effective fraud detection will require multiple techniques, not an overreliance on just one.
Allow and block lists
Allowlists and blocklists are amongst the simplest forms of fraud detection, and yet they’re very commonly used for a simple reason: They work.
An allowlist is a list that contains the names, contact information, and other relevant signals (IP address, device fingerprint, browser fingerprint, etc.) of individuals who are allowed to access your platform or services. It can be thought of as something like a VIP list at an exclusive club and often includes a company’s executives, key stakeholders, and partners.
A blocklist, on the other hand, contains this same information but for individuals who are not allowed access to your platform or services. This typically includes information about known fraudsters — for example, email addresses associated with phishing attacks or known malicious IP addresses.
If blocklists sound like they’re more of a deterrence method than a detection method, you’re not wrong. But by regularly updating your blocklists — supplementing them with both internal and external data as it becomes available — they can become a powerful means of detection that empowers you to purge bad actors from your platform who may have slipped by in the past. When you identify and purge bad actors from your platform, for example, adding those individuals to your blocklist will prevent them from regaining access in the future when they inevitably try again.
A point solution is a program or tool built to solve a single problem for a business. In the fraud space, the term is frequently used to refer to companies with authoritative databases that provide dedicated intelligence designed to make it easier to identify fraud.
Examples of point solutions you may consider pulling into your fraud detection arsenal include:
- Banking intelligence: Financial information, such as a user’s bank account number or login information
- Device intelligence: Information about the device a user is using to open or log into an account; i.e., their device fingerprint
- IP intelligence: Information about a user’s internet traffic — where the activity is being generated from
- Email intelligence: Information about a user’s email address, including whether it is tied to spam or phishing activity.
- Phone intelligence: Information about a user’s phone, typically to prove ownership during account creation and subsequent logins.
With point solutions, you have more data at your disposal with which to make a determination about whether a specific user or account may be fraudulent. As with block/allow lists, these solutions can be used both for fraud deterrence and detection.
Probabilistic modeling is a statistical modeling technique that can be used to make predictions about an outcome when uncertainty or randomness is present. It does this by considering a wide variety of data points, and how those data points are related to one another, in order to understand how likely any given outcome is, typically along a spectrum of “most likely” to “least likely.” Probabilistic techniques rely on machine learning to work. Some of the more common types of probabilistic models include regression analysis (linear, logistic), the Naive Bayes algorithm, and random forests.
Probabilistic models used to predict or identify fraud are called risk scoring models. They can be an effective means of analyzing user activity and determining whether it is “fully legitimate,” “fully fraudulent,” or somewhere in between.
Risk scoring models are sometimes built internally if a business has enough internal resources — including the necessary training data — to do so. But they are very often purchased from a solutions provider who has already gone through the effort of designing and training a model for use in a given industry.
Link analysis is a data science technique that is used to understand how different entities in a network are connected to one another through shared signals. It can be deployed in a variety of industries and for a variety of purposes, including as a means of fraud detection.
A social media platform, for example, might use link analysis to uncover fake profiles that were all created by a single person to spread misinformation or to harass other users. An online marketplace might use link analysis to identify fake product reviews or root out instances of auction fraud. And a bank might use link analysis to uncover linked accounts being used for money laundering or other financial crimes.
Which signals are used to spot fraud will depend on the business, industry, and type of fraud being detected. That said, link analysis will often look for accounts or user profiles linked by details that are suspicious to be shared, such as:
- IP address
- Device fingerprint
- Browser fingerprint
- Physical address
- Email address
- Contact information
- Bank account or payment details
Because of how it works, link analysis can be an effective means of scaling fraud detection and finding widespread fraud attacks (or attempts) by fraud rings that have established themselves on a platform.
While automation can be a powerful tool in identifying cases of potential fraud, there are sometimes instances where manual review by a human being will be necessary to make a determination. This is often true for edge cases and outliers — anything that a model may not have been trained on and which it therefore may not be able to make a confident decision as to whether or not a given account or activity is fraudulent.
It’s important to note that while manual review is often a necessary component to any anti-fraud strategy, it’s very resource-intensive and therefore difficult to scale. Ideally, manual review will be reserved for a minority of cases when automation fails.
How Persona can help
Fraud detection is an important part of any company's anti-fraud strategy, an essential second layer of technology and processes capable of identifying fraudsters who may have made it through your first layer of defense.
Here at Persona, we understand the role that detection plays in protecting your platform and users from fraud. That's why we've designed a number of the tools in our identity suite so they can be leveraged for fraud detection.
With Reports, our answer to individual point solutions, you can choose from a wide variety of reports — including watchlists screenings, adverse media reports, phone and email risk reports, address lookups, and more — to gain a full understanding of who your users are and whether they may potentially be fraudsters.
With Graph, our link analysis tool, you can quickly surface accounts that share suspicious details (such as IP address, payment details, etc.) and activity. Uncover large-scale fraud — whether in the form of duplicate accounts, promo abuse, money laundering, or other financial crimes — and quickly take action to monitor, block, or purge them.
With Cases, our manual review tool, you can consolidate data from multiple sources in order to provide your team with an all-in-one hub for efficient investigation. Create templates for case types and audience segments, surface relevant details while omitting the noise, and take action all from one central place. And with the Persona Marketplace, you have the power to integrate your own data into the Persona ecosystem so that your investigators can make more informed decisions without having to toggle between different tools.