Payments’ Invisible Touch

Today payments are all about being invisible. The age-long adage of balancing security and convenience has taken a radical twist. While fraud prevention is an obvious requirement, the need for a frictionless transaction has become a main-stay requirement. Today’s customer expects that his transaction occurs smoothly, in real-time, and without any friction: Consumers want the payments back-end processes to be “invisible”.

Present day fraud prevention vendors are constantly developing solutions to make transaction authentication, a truly invisible experience. True transaction “Invisibility” has become a main competitive advantage and a key differentiator in the payment industry.

So, what are vendors offering?

Biometric Security

In recent years ‘active’ biometric authentication methods such as fingerprint scanning and facial recognition have increased in prominence mainly because they bypass arduous username/password authentication. The “convenience” factor they offer has changed the transaction world, but they are not “invisible”. And although the perception that biometrics provide increased security, the truth is that they are far from being safe. Almost all biometric based solutions offer username/password fall back which means that their focus is convenience and not security.

Behavioral Biometrics

Behavioral Biometrics takes authentication to another level by capturing data points that provide insights into how the user naturally interacts with their device. It then generates a score assessing how well the data matches the user’s historical behaviour, or the behaviour of a representative peer group. Instead of only relying on information from the moment of authentication, it continuously works in the background and analyses behavioral data – including metrics such as the angle at which the user holds their phone, swipe patterns and keystroke dynamics – to continuously verify the user’s identity.

Contextual Multi-dimensional Authentication (CMA)

Although behavioural biometrics offers several security benefits, there are still some key considerations for organizations to keep in mind when incorporating the technology into their authentication mix. Rather than functioning in isolation, Behavioral Biometric used together with additional layers of protection makes the “invisible” transaction process a reality.

Paygilant takes behavioral biometrics and layered mobile fraud prevention, to the next level. Its unique Contextual Multi-dimensional Authentication (CMA) methodology combines behavioral biometrics with device fingerprinting (data that can be derived from the device itself) and Transaction Analysis (data that can be derived from the transaction process) to provide an accurate risk score that ensures the utmost fraud prevention and frictionless transactions.

Without impacting and imposing on the user, Paygilant runs invisibly in the background to seamlessly stop fraud before any damage is done. Using machine learning algorithms, Paygilant provides ongoing and continuous data analysis ensuring that transactions are approved only for legitimate users.

Device Attributes

Various attributes observed on the device can contribute to the detection of fraudulent behavior and to the derivation of a device ID. Device model, screen, memory, UUID, OS, IP, geolocation, app permissions, and more are observed. Geolocation is probably the best example for a device attribute used for detecting fraud - if a transaction is attempted from Moscow a short while after the preceding transaction was carried out in New York, then that is a strong indicator of fraud. Restricted app permissions is another indicator that the user might be hiding something. Another example is app permissions that are restricted by the user – that, in combination with other things, night suggest that the user might be hiding something.

Transaction Data

Paygilant employs propriety transaction behavioral maps. The Behavioral Maps represent the purchasing patterns/behavior of a specific customer and her nearest neighbors and are created using Paygilant's proprietary machine learning algorithms. The behavioral maps typically comprise a large amount of information but must be compact 9 enough since they are securely transmitted to the mobile device. To achieve this Paygilant utilizes its depth of field (DOF) approach from digital photography to compress the information so that complex calculations that do not require work intensive CPU and memory. A Behavioral Map shows a clear, high resolution picture of the different risk zones and is a key factor in determining the risk of a specific transaction and has the following key characteristics: - User specific: each map is unique, calculated and maintained on a per user basis, therefore representing a transaction risk level for each customer’s transaction. - Lightweight: Resolution variations enable maintaining only the necessary data, reducing the map's weight to a bare minimum. - Dynamic: As the purchase behavior changes, the map will be modified.

Device DNA

Bio Markers

Paygilant observes bio markers to passively identify the user behind the transaction. Common bio markers Paygilant observes include touch time, time between touches, size of touch inputs, finger velocity, scrolling pace and drag length, typing biometrics, and more. Paygilant’s robust bio markers are just one of the several intelligence sets that make up the broader solution and is designed to augment the fraud/no-fraud decision that precedes any step-up authentication request.

App Interactions

Paygilant looks at how the user interacts with the mobile application to determine if the interactions are consistent with a legitimate user. For example, if a user navigates directly to a high-ticket item and immediately proceeds to check-out, then that suggests something fraudulent might be happening. If a user inputs his name and address on the payment form in a manner that is not consistent with how normal users would do it (i.e. slower than expected because typing-in unfamiliar strings), then that provides another clue that something fraudulent might be happening.

User Data

Intelligent, privacy preserving analysis of user data on the mobile device provides valuable insights into fraudulent activities. User data analysis is especially helpful in hard-to-analyze scenarios like new account origination, where there is no established history for the user/account. Some examples for how device data can be used include comparing user accounts on the device with the payment cardholder identity, or the identity disclosed on a new account registration form – a mismatch provides a strong indicator for fraud. No media on the device, empty contacts list, and sparse call logs are also examples of fraud indicators that can be collected from user data on the device.

[contact-form-7 id="1746" title="Contact+PDF_new"]

[contact-form-7 id="1390" title="Contact+PDF_copy"]

[contact-form-7 id="1397" title="Contact_copy"]

Payments’ Invisible Touch

Recent Posts

2022 and Digital Banking

6 Ways COVID19 Has Impacted Payments

Reducing Friction Without Compromising Security, is This Possible?

Can Mobile Banking Finally Serve the Underbanked?

Sign-Up Bonus Abuse