Credit card with chain and lock showing the use of AI to fight online payment fraud while making improvements to avoid false positives
What AI Can (and Can't) Do Right Now to Fight CNP Fraud by Rafael Lourenco, Executive Vice President at ClearSale

What AI Can (and Can’t) Do Right Now to Fight CNP Fraud

AI is a powerful tool in the fight against online payment fraud. However, AI alone can’t provide all the functions merchants need to prevent fraud and avoid expensive, reputation-damaging false positives. It’s important for merchants to know where anti-fraud AI stands now, where human expertise fits into the current fraud-prevention ecosystem, and what’s on the horizon as AI improves.

How AI helps prevent fraud now

AI fraud-prevention tools use real-time identity, device, location, and behavioral markers to score transactions for fraud risk and automatically approve those within the acceptable score range – all far faster than a human fraud analyst can. This capability makes it possible for merchants to offer online, mobile, voice, and omnichannel shopping without forcing customers to jump through multiple hoops to prove their identity before every transaction.

This type of multifactor AI transaction evaluation also helps to combat account takeover fraud. ATO has tripled since 2016, powered in part by credentials stolen during data breaches. Typically, transactional fraud caused by ATO is harder to detect than simple card fraud, because thieves are hijacking legitimate accounts and their associated payment data. Behavioral and device data, analyzed by AI, can quickly flag unusual types of purchases, unusual behavior on the site, and other out-of-the-ordinary actions.

Merchants who want to grow by selling into new markets can use AI-powered fraud prevention tools to reduce the risk of cross-border payment fraud. While it’s true that cross-border orders involve device and identity spoofing at higher rates than domestic orders, merchants reject a disproportionate number of international orders for fear of fraud and lose out on growth opportunities. Instead of blocking orders from entire countries or regions, merchants can use AI-based tools to reduce the risk of accepting cross-border orders using a combination of real-time identity, behavior, location, payment information, and other data.

AI also makes it possible to evaluate continuously updated consumer data to score orders more accurately than humans can using static internal negative and positive files. That’s an important advantage in an era when consumer data breaches are a regular event. Without always-updated data and a way to analyze it quickly, virtually every consumer’s data would eventually end up on at least one merchant’s static internal negative list because of breaches. That would drive up the number of costly false positives, which are a major challenge for online merchants.

What AI can’t do yet

False positives may be the biggest fraud-prevention hurdle AI hasn’t cleared yet. AI systems flag some orders that appear to be fraudulent but are from good customers. Why does this happen? Machine learning is good at spotting data and behaviors that often accompany fraud, such as a high-ticket-value purchase made at a new store, an order placed from outside the customer’s home country, or an expensive item ordered with rush shipping to a third-party address.

These are also things that well-to-do customers often do, so it’s important to make the distinction before accepting or rejecting these orders. Whether it’s a bank board member embarrassed by a decline, a social media influencer who complains about a bad shopping experience, or a regular shopper who simply never comes back after a rejection, false declines cost merchants more than completed fraud does, both in revenue and customer lifetime value.

Human expertise is still needed to manually review orders that AI systems flag. This usually involves calling the customer to validate the transaction in a way that’s polite and respectful but still on guard for possible fraud—a combination of hard and soft skills that AI can’t replicate. What’s more, if AI-generated false positives aren’t checked by humans, the system loses out on data that can help improve the algorithm to reduce false declines going forward.

Human input is also needed to provide information on brand-new types of fraud so the system can update and refine its rules. This matters because organized fraud rings are always experimenting with new ways to get around merchants’ fraud controls. Fraudsters can swarm surprisingly fast to exploit vulnerabilities before they’re detected and fixed, sometimes using botnets to commit as much fraud as possible in the shortest amount of time.

How AI may fight fraud in the future

One of the hallmarks of machine learning is the ability to “get smarter” as more data accumulates and as scientists develop new and more powerful applications for AI. Already, researchers at MIT are working on automated feature engineering for AI, which reduced false positives by 54% in a recent test. This new method examines more than 200 features of a transaction to deliver a more nuanced picture of customer behavior.

Another emerging AI security application is biometric “voiceprints,” which are algorithms based on each customer’s voice and speech patterns to authenticate their identity. Citi has been working on voice authentication for the past few years, and in December it announced that voice authentication will replace passwords on some of its institutional client accounts. If voiceprints prove to be easy to use and hard to hack, it’s likely that technology will expand to e-commerce fraud prevention.

As researchers and fraud experts find new applications for AI, merchants will have a growing array of options to protect their revenue and their customer relationships. As the AI transformation continues, it’s important to understand the benefits and limits of each new development. Turning an entire fraud-prevention program over to AI isn’t a workable solution yet, but AI can and should be a part of every merchant’s anti-fraud arsenal.