The Latin American Payments Blog
Brazil has a number of options for paying for goods and services. These are debit and credit cards (more commonly local and rarely also internationally enabled ones). Bank slips (boleto bancário), gift cards, and bank transfers (DOC, TED). Which are now gradually being replaced by PIX. Payment options are exciting and convenient for users, but fraudsters love them too. In fact, online fraud has become a well-funded, well-equipped business in 2021. Fraudsters are trying to capitalize on the trends of payment options and the move toward online shopping has only accelerated this issue with the COVID-19 pandemic.
If you are wondering what types of fraud are used against Brazil’s businesses, and what the options for fraud prevention are, then please read on.
What is Card-Not-Present fraud?
Card not present fraud is when somebody uses a stolen credit card number to purchase goods or services online. This ends up hurting merchants in the form of chargebacks and chargeback fees. It is the chargebacks and their fees which have triggered the obsession with fraud rates in fraud prevention communities. Stolen credit card numbers and their owners’ Personally Identifiable Information are widely available on both the Darknet and the Clearnet. Both publicly available internet. These can be acquired via individual phishing attacks or Data breach, which is stealing info on a large scale. Fraudsters love to steal accounts en masse. Selling the same info to lots of fraudsters and wannabes for incredibly low prices. Considering how valuable online customer accounts are to merchants.
Another common technique is the Man in the middle attack — stealing information as it is sent online. Man in the middle (MITM) attacks come in two forms. One that involves physical proximity to the intended target, and another that involves malicious software or malware. Within these categories, there’s a whole selection of MITM attacks. Including DNS spoofing, SSL hijacking, wi-fi eavesdropping, and stealing browser cookies.
After fraudsters use stolen credit cards to purchase goods, services, and/or gift cards. Eventually, the legitimate owners discover the theft and file a chargeback with their credit card company. Adding financial losses on top of the damage to the merchant’s brand.
Gift card fraud
Gift cards are great for Account Takeover (ATO), which as we described above, is one of the latest, hottest types of fraud. The gift card environment is far less secure than the credit card environment. Lacking many of the security features that credit cards have. The credit card environment has “PCI DSS” (Payment Card Industry Data Security Standard) which has been around for quite a while. And has increased in security over time. Merchants today never store credit card information. Credit card information is kept with PSPs and the banks. But the gift card environments are maintained by smaller entities. So ofcourse fraudsters target the less secure environment to take over users’ accounts for quick wins. Or to do what they please with them for extended periods of time.
Why do I need a fraud prevention strategy?
Fraudsters are better equipped than ever, allowing even beginner fraudsters to have quick success. But another way to look at fraud prevention is to think of it as an obstacle to a company’s growth. There are four phrases that come in handy while discussing fraud.
The four phases that come in handy while discussing fraud
- Denial rates – the entirety of transactions that were dismissed due to their seemingly suspicious nature. (Which doesn’t really mean they were fraudulent)
- False positives – a transaction that was labelled as bogus despite being initiated by a legitimate customer
- Fraud rates – the quantity of transactions that turned out to be fraudulent. An indicator of how many fraudsters got past the safeguards
- Manual review – human verification of the legitimacy of a transaction after it was blocked by a fraud prevention system. Which obviously involves additional costs
Given the focus on cost cutting, it’s fraud rates that get the most attention since they directly translate into financial losses. In order to preserve their companies’ bottom lines and prevent theft attempts. The decision-makers of the biggest industrial players decide to preemptively block a large chunk of transactions. Their reasoning may seem logical. It’s all aimed at preserving the company’s financial health, but in reality, as a result of increased security measures. They lock out their loyal customers. And while the totality of fraud may seem like a hefty price to pay and needs to be prevented at all costs, the actual cost of false positives amounts to so much more!
Are such great numbers capable of jeopardizing the company’s financial stability? Ecommerce has been growing incredibly fast for the last 10 years. To be more precise – by 109% since 2010 in the US alone). This has allowed fraud prevention teams to keep the denial rates high. And still have the overall business continue to grow aggressively. Fortunately, losing money over fraud is no longer an essential part of doing business these days! Actually, it is something that modern fraud prevention systems are particularly good at.
OK, I see the need for a fraud prevention solution. Why do I need Machine Learning to do it?
Many anti-fraud systems rely on pre-defined rules. To put it briefly, there are sets of rules that dictate what should be done in case of a certain event or under specific circumstances. Like blocking a transaction automatically when its value exceeds a certain amount. Nonetheless, there are no ready-made solutions that will always be effective when it comes to a fraud fight. As a result, being overly reliant on rules-based systems does not work in the long term. The only necessary toolset consists of an improvement-oriented attitude and the research-driven ability to adapt.
Just as a reminder, Machine Learning is a subfield of computer science that allows the machine to learn how to tell fraudsters from legitimate users.
Whenever a customer initiates a transaction, the Machine Learning model thoroughly x-rays their profile, analyzing thousands of pieces of information that wouldn’t necessarily seem related to a human manual reviewer in search of suspicious patterns. Everything is completed in milliseconds without compromising the effectiveness of the solution.
Why did we partner with Nethone?
Nethone constantly studies fraudster techniques and then builds the intelligence into their solutions. Nethone gathers over 5,000 attributes about every single end-user session throughout the client’s direct channels. It exhausts “here and now” information potential by exposing the lowest level details regarding each user’s device, network characteristics, and raw behaviour. Consequently, merchants are protected from emulation, virtualization, anonymization and spoofing attempts.
They also integrate multiple data sources and teach their machine learning models how to use them, including:
- What Nethone has learned about online fraud over the years and what is being observed in real-time
- Fraud attempts that your company has already encountered;
- External data sources from 3rd party partners who specialize in online fraud.
Finally, Nethone’s machine learning models provide human readable, XAI style recommendations. This becomes important when companies have to not only understand what fraud is being committed and when, but why the ML model thinks the incident qualifies.
How can epag help?
Here at epag, we help businesses who are looking to take advantage of the nearly 200 million citizens living in Brazil and Latin America.
Estimates suggest that 93.5% of people living in the region have no form of international payment, meaning you are missing out on nearly 186 million potential customers. By using our integrated payment gateways, you will be able to accept all forms of payment in a seamless and swift transaction.
In order to accept local currencies in Brazil, you need to have a local entity in Brazil. This means either going through a complex and lengthy process trying to establish your own branch, which requires an in-depth understanding of the very intricate tax laws. Or using a local payment processing partner, such as epag.
Our one-stop-shop lets you trade in the region without worrying about any hidden transaction costs – not only that we can settle the transactions in your local currency. Get in touch with us today to find out how we can help you expand your business.