Industry Use Cases

With Fintech disrupting the financial landscape and driving it towards a cashless world, challenger/neo banks and eWallets are building their apps with a mobile-first strategy in mind.

Their main goal is to deliver a continuously increasing value to banked and unbanked consumers, giving them financial and commercial flexibility. However, as fraud is on the rise, they are challenged with various sophisticated fraud attacks, which are not effectively addressed by the existing fraud prevention layers.

New Account Fraud (NAF)

is the use of fake or stolen identity to open new mule accounts. NAF is particularly risky in digital banking as eKYC is easily compromised by fraudsters, while transaction monitoring fraud detection solutions fail to detect the fraud as the attack occurs in the pre-transaction phase. Both the device and user are seen for the 1st time where there’s no prior profile or history to determine the risk level of the person opening the account.

Account Takeover (ATO)

occurs when a fraudster takes possession of an already existing account by stealing a victim’s credentials. This can happen through data breach, malware, social engineering, or phishing. The account is then used to perform unauthorized transactions to cash-out / liquidate the funds. Fraudsters turn to the mobile channel as it’s the least secured one, where it’s easier to conceal their operation and use a single mobile device/emulator to target multiple victims.

Transaction Fraud

happens when cards and other payment methods are stolen and used to commit fraudulent transactions. Instant payments and money transfers have elevated the probability of fraud going undetected, causing significant security challenges for banks and merchants alike. As cashless transactions become the norm and the non-authenticated amount increases, transaction fraud is an ideal habitat for fraudsters to thrive

Cross-Bank Fraud

is a blended attack whereby fraudsters use multiple tactics to steal money. Fraudsters takeover high net worth bank accounts transferring those funds to fake accounts created in another neo bank/eWallet (Multiple New Account Fraud). The fraudsters then transfer the money to their own mule account, liquidating those funds.

Sign-up/Coupon Fraud

happens when organizations offer a benefit, reward, or gift to incentivize new users signing up to their app. Fraudsters simply create new fake accounts, abusing these perks and compromising the benefit.

SIM-Swap Fraud

is when a fraudster persuades a mobile carrier to switch your phone number over to a SIM card they own. By diverting your incoming messages fraudsters can easily override text-based authentication that protects your most sensitive accounts.

Schedule a meeting with our experts today!

Book a Meeting

Device Attributes

Various attributes observed on the device can contribute to the detection of fraudulent behavior and to the derivation of a device ID. Device model, screen, memory, UUID, OS, IP, geolocation, app permissions, and more are observed. Geolocation is probably the best example for a device attribute used for detecting fraud - if a transaction is attempted from Moscow a short while after the preceding transaction was carried out in New York, then that is a strong indicator of fraud. Restricted app permissions is another indicator that the user might be hiding something. Another example is app permissions that are restricted by the user – that, in combination with other things, night suggest that the user might be hiding something.

Transaction Data

Paygilant employs propriety transaction behavioral maps. The Behavioral Maps represent the purchasing patterns/behavior of a specific customer and her nearest neighbors and are created using Paygilant's proprietary machine learning algorithms. The behavioral maps typically comprise a large amount of information but must be compact 9 enough since they are securely transmitted to the mobile device. To achieve this Paygilant utilizes its depth of field (DOF) approach from digital photography to compress the information so that complex calculations that do not require work intensive CPU and memory. A Behavioral Map shows a clear, high resolution picture of the different risk zones and is a key factor in determining the risk of a specific transaction and has the following key characteristics: - User specific: each map is unique, calculated and maintained on a per user basis, therefore representing a transaction risk level for each customer’s transaction. - Lightweight: Resolution variations enable maintaining only the necessary data, reducing the map's weight to a bare minimum. - Dynamic: As the purchase behavior changes, the map will be modified.

Device DNA

Bio Markers

Paygilant observes bio markers to passively identify the user behind the transaction. Common bio markers Paygilant observes include touch time, time between touches, size of touch inputs, finger velocity, scrolling pace and drag length, typing biometrics, and more. Paygilant’s robust bio markers are just one of the several intelligence sets that make up the broader solution and is designed to augment the fraud/no-fraud decision that precedes any step-up authentication request.

App Interactions

Paygilant looks at how the user interacts with the mobile application to determine if the interactions are consistent with a legitimate user. For example, if a user navigates directly to a high-ticket item and immediately proceeds to check-out, then that suggests something fraudulent might be happening. If a user inputs his name and address on the payment form in a manner that is not consistent with how normal users would do it (i.e. slower than expected because typing-in unfamiliar strings), then that provides another clue that something fraudulent might be happening.

User Data

Intelligent, privacy preserving analysis of user data on the mobile device provides valuable insights into fraudulent activities. User data analysis is especially helpful in hard-to-analyze scenarios like new account origination, where there is no established history for the user/account. Some examples for how device data can be used include comparing user accounts on the device with the payment cardholder identity, or the identity disclosed on a new account registration form – a mismatch provides a strong indicator for fraud. No media on the device, empty contacts list, and sparse call logs are also examples of fraud indicators that can be collected from user data on the device.

[contact-form-7 id="1746" title="Contact+PDF_new"]

[contact-form-7 id="1390" title="Contact+PDF_copy"]

[contact-form-7 id="1397" title="Contact_copy"]