CA: Using Machine Learning to Combat Card Fraud

When it comes to retail payments, point-of-sale data breaches have been grabbing all the headlines. But good old-fashioned credit card fraud is still alive and well, and are increasingly requiring new approaches to authentication. To that end, CA Technologies has released a set of self-learning authentication technologies to help reduce friction for consumers during online checkout and boost security for card issuers.

Whenever credit card information is exchanged over the internet, phone or by mail, it is considered a card-not-present (CNP) transaction. Unsurprisingly, CNP situations tend to be where the majority of fraudulent activity occurs. That’s why things like the card verification code, billing address and other data points are required in many transactions. The problem of course is that these are indeed data points—and vulnerable to thieves just like the card number itself.

The latest version of CA Risk Analytics incorporates patent-pending behavioral neural network authentication models for assessing risk of online CNP transactions. These are powered by machine-learning techniques that capture data about individual user actions, to better understand and distinguish legitimate behavior from fraudulent activity.

Card issuers can instantly change score thresholds and policies at their discretion, to adapt to market conditions, better handle staff fluctuations or deal with current events that may demand examining a higher or lower volume of transactions while still ranking the most risky first.

“There is an increase in market demand for a more advanced CNP fraud detection strategy that goes beyond just comparing the current transaction to established fraud indicators,” said Revathi Subramanian, senior vice president of data science, CA Technologies, in a statement. “CA Risk Analytics considers both fraud patterns and legitimate transaction behavior and tracks the pivotal players in a transaction: card or device, for example. It estimates the risk of fraud using advanced machine learning techniques to understand normal behavior for these pivotal players as well as the fraud risk related to deviation from past behaviors. This results in a more accurate assessment of which transaction to authenticate and helps stop fraud in CNP transactions.”

In card-present scenarios, chip-and-PIN technology is standard in much of the world, and is rolling out in the United States more rapidly in the wake of breaches like those at Home Depot and eBay. They have an embedded microprocessor chip that contains the information needed to use the card for payment, and is protected by various security features, so they’re more difficult to counterfeit and are a more secure alternative to traditional magnetic stripe payment cards. But perversely, that greater in-store security means that criminals will look for easier routes for fraud, like e-commerce.

“History shows that the continued global rollout of the EMV standard and the increasing distribution of chip and PIN cards will result in an increase of CNP fraud attempts,” said Doc Vaidhyanathan, vice president of product management at CA Technologies.

At the same time, retailers don’t want to add friction to the checkout process and challenge the consumer with additional authentication to prove their identity—it’s a proven deterrent to legitimate sales.

CA thinks it may have the answer in neural networking. “Card issuers and merchants want a solution that improves fraud detection without increasing cardholder friction,” Vaidhyanathan said. “CA Risk Analytics and its behavioral neural network models will result in ‘zero touch’ authentication that will instill a level of confidence and streamline the online checkout process.”

The technology potentially has implications for in-store buying as well, by enabling secure, easy-to-use cardless transactions, such as those made via mobile wallets.

What’s Hot on Infosecurity Magazine?