In today’s online world, one factor of security is not enough. Businesses need a layered approach to defend themselves with solutions that are easily deployed against evolving threats. This is one of the main reasons behind dynamic friction and why one approach will not work. Fraudsters are learning fast what it takes to bypass your traditional defenses. However, adding in a few types of verification requires extensive development, with no guarantee that it works in the long term. Trust Swiftly develops solutions that stop fraud with an ever-growing list of verification methods. Combining the best features of each verification method, we have created the optimal approach to fighting fraud. In the below analysis, we will discuss some common use cases of verifications and the strengths and weaknesses of each.
A client saw a recent trend where transactions used USA phone numbers with all normal matching information. Except for one detail was a new email with an exact match on the customer’s name. This had already raised the risk score. At this point, Trust Swiftly decided to require SMS verification. Free numbers like Google Voice VOIP were also blocked from verification as they provide little insight to the person and are a cheap method for fraudsters to bypass SMS. The fraudster then was unable to confirm their original number instead, they succeeded using UK and Russian numbers. A clear indicator for further investigation that needed even more verification and resulted in knowledge that it was true fraud.
Strength
Weakness
A client saw a PayPal payment come from a high-risk person who signed up with a mismatch email compared to data provided by PayPal. To confirm the payment was not from a compromised PayPal account, Trust Swiftly was used to confirm the customer’s new email. It was then discovered the fraudster was unable to verify access to the email by entering the confirmation code. The fraudster was able to compromise the account probably due to reused passwords, but the email was secured, preventing further damage. At this point, escalated verifications were triggered to confirm if it was an actual buyer which the user ignored and never followed up.
Strength
Weakness
A client wanted to implement 2FA without the hassle of integrating it into their existing technology and also create dynamic rules to require 2FA with their fraud tool. By connecting with Trust Swiftly, they created a method for people with huge balances in their accounts to require Google or Authy mobile authenticators in order to send funds. They were able to dynamically require a 2FA registration and code prior to sending any funds for their high net worth customers. It also allowed for a seamless experience for their customers as 2FA was only prompted when needed.
Strength
Weakness
A client experienced a credential stuffing attack and also automated card testing. They wanted a simple way to stop the bots without adding work for their good users. reCaptcha Enterprise was added to their verification process, which ran seamlessly for their risky users. They did not want the added monitoring or costs of reCaptcha for all users and needed a quick way to gain extra insight into bad users. Google’s reCaptcha data was fed back to their fraud tool to provide even more information about a user’s action, which could be used for better rules and learning.
Strength
Weakness
A client wanted to provide their customers with another verification method that didn’t require sharing sensitive information like a selfie. They chose social verifications to allow people to share their profile URL and email of the account. For example, a user refused to verify their phone but was comfortable sharing their Facebook profile information. Once the profile was verified, the client was confident about the person’s identity and allowed them.
Strength
Weakness
A client experienced repeat fraud and stolen cards from an advanced attacker. All information from the buyer was high quality, but their risk scoring still required elevated verifications. The individual was able to pass the phone verifications by buying from services on the dark web. Furthermore, they had other good signals, all showing the user was probably legitimate. Since the transaction was from a new person and a very high amount, they wanted to be sure before processing. They required ID verification by Trust Swiftly. Upon receiving the ID from the person the name and age mismatched from the typical customer and likely an unauthorized use of a parents card. After a follow-up, it was confirmed the individual was using their parents’ card without permission, and the order was refunded.
Strength
Weakness
A client experienced elusive fraudsters who had been able to complete ID verifications with very compelling pictures. To confirm that the ID and person were real, the client decided an actual video selfie would defeat the fraudster. After waiting for another similar template of the ID, it was decided to use the selfie verification. The fraudster already shared their ID and even a fake picture selfie. However, when asked to repeat with the video version, they gave up their attempts. Live selfies can be a strong deterrence to any fake ID.
Strength
Weakness
A client wanted another way to verify customer’s identities without collecting sensitive IDs or other private information. They decided to allow other documents such as bills from internet providers and utilities would suffice as a verification method. They were able to speed up their verification process by being confident that the customer had a legitimate name and address from a trusted service such as Verizon.
Strength
Weakness
A client was experiencing a high dispute rate from PayPal transactions. Due to the limited data that PayPal provided automatically on transactions such as BIN and the last 4 digits, their fraud tool wasn’t able to catch all issues. There were also problems of repeated fraudsters creating multiple accounts as PayPal’s verification process is minimal to start. Also, most customers using PayPal refused to do most verifications due to privacy concerns. To combat it, they deployed the PayPal ownership check, which required the user to log in to their PayPal account to share additional information. This new insight was critical as they discovered a trend of newly created accounts that tended to all have fraud issues. They were then able to implement further checks for these orders and completed the verification process much faster over the previous methods.
Strength
Weakness
A client wanted another option to confirm a user that didn’t have a PayPal account. They also wanted a more secure verification method as PayPal account security doesn’t always match that of a bank. They also needed a way to verify users who didn’t want to share any pictures or personal data. The bank ownership option was chosen as another fast method to verify the customer’s name, phone, and address. These signals were strong trust factors, as banks already employ extensive KYC checks.
Strength
Weakness
A client experienced an advanced fraudster who was able to verify phones by employing mules in Western countries like the USA. However, the mules were only doing the SMS verification to forward the code and also did not know they were part of a fraud scheme. To combat this, they leveraged the voice verification option on Trust Swiftly. They had a strong hunch the fraudsters were Eastern European or from Asia. Once triggered for the fraudsters, they were able to listen to recordings of the person’s voice, which had trouble with the English prompts. This then triggered more verifications, which confirmed the fraudster was not the cardholder.
Strength
Weakness
A client was experiencing card fraud from some large transactions on a marketplace but wanted a more guaranteed way to confirm ownership. The fraudsters had SIM swapped the owner and had access to their phone number. SMS verification wasn’t enough, so they decided to use Trust Swiftly’s card verification. This method enabled them to implement 3DS2 charges immediately for high-risk individuals. The verification required the user to be authorized by the bank via 3d secure and confirm access to the recent account activity. Once logged in the account they needed to confirm the random charge amount. This verification was extremely effective against the fraudsters. When one person tried to commit friendly fraud, the evidence helped win the chargeback as there was a history of 3D secure charges.
Strength
Weakness
A client needed a way to confirm a user lived in the address signed up with. Since their customers typically were moving locations, a lot of third party databases were not up to date. To verify the address, the client used Trust Swiftly’s address confirmation. The user received a letter in the mail with a unique code for verification. This gave the confidence the client needed to deliver their high-value subscription for risky people.
Strength
Weakness
A client had been leveraging Trust Swiftly for verifications but wanted to outsource the edge case verifications. Sometimes people didn’t want to complete anything or needed a chat session for a final review. While this number was minimal, usually a few people a day they didn’t want the hassle to decide what to do with the orders. The client used Trust Swiftly’s team to aide in these verification cases that need some extra care. In the end, the client was able to automate and outsource their verification process completely.
Strength
Weakness
As seen, each method has its time and place for users to fight fraud. Customers and fraudsters can not be predicted on what they will complete, so it becomes necessary to have a strategy for your verification approach. The next evolution for your dynamic friction approach will be using dynamic triggers to apply your dynamic friction. This strategy is the most advanced use case for businesses that want to automate all aspects of their fraud prevention. For example, after a person completes their phone verification, we can also trigger a voice call if their phone country code differs from their IP. Or if they provide bank ownership with a matching name, we can skip any further onboarding KYC checks. Threats evolve, and so should your strategy for defeating fraud. By implementing dynamic friction, the overall objectives of obtaining increased revenue and security will become aligned.