If you’re coming to this blog post in the hope that this is about trends in the latest online fraud attack vectors, then I’m sorry but you’re going to be disappointed. Some of my clients ask me about that, too, and I’m sorry to disappoint them as well. I am not the guy who has the latest insights on what fraudsters are doing with stolen credit cards in Europe or which range of IP addresses you should be looking out for in Asia.
I focus on the capabilities used to detect online fraud, and on the vendors that make up the online fraud detection market. What are some of the latest trends in this dynamic market? If you’re responsible for fraud detection at, say, a digital commerce business or a financial institution, what should you be aware of as you look for a new vendor(s) or try to get the best from your current vendor(s)? Here are some key themes in the market today……..this is a very light summary, there will almost certainly be more detailed blog posts on each one in the coming months.
Convergence with identity proofing and authentication
The lines between online fraud detection, identity proofing and user authentication use cases are increasingly blurring with regard to the techniques that can be applied to increase trust in an identity assertion and identify malicious or anomalous activity. Take identity proofing at account opening for example…..checking a submitted identity against public records, or remotely checking an identity document, is the foundation of this process. However, adding in fraud detection checks such as assessing whether the user’s device has been associated with other account opening requests can help to detect fraudulent activity. Similarly, consider authentication, where capabilities such as device identification or behavioural biometric modes act at the intersection of passive authentication and fraud detection. There are no hard boundaries here, it’s a continuum between capabilities – and it makes my job as a Gartner analyst tougher when it comes to categorising vendors.
One of the biggest themes in my client inquiries, is just how to manage the disparate number of vendors that many organizations, particularly banks, end up using…..identity proofing, malware detection, bot detection, device identification, behavioural biometric modes, transaction monitoring, authentication solutions……and the list can go on. Having an effective fraud detection strategy requires orchestrating these vendors across the various events in the customer journey – login, password reset, changing account details, changing a shipping address, adding a payee, moving funds, requesting a refund etc. The strategic buying decision in the future will be the orchestration layer – the capabilities that can be invoked will be considered point solutions that can be swapped out relatively easily. Vendors need to decide whether they are going to be the orchestrators, or simply the orchestrated. This is a big topic and one I’ll return to in future blog posts.
Expanding use cases beyond login and payment
In the digital commerce space, the majority of vendors focus on two specific aspects of the customer journey – login and payment. Some vendors are starting to expand the scope beyond this, looking at other use cases such as returns abuse, coupon fraud and chargeback representment. This is long overdue – the focus on the point of payment has clouded the market for some time now. Yes, it’s critical, but the opportunities for revenue loss at broader points in the customer journey are cumulatively non-trivial. The evolution of fraud detection to think beyond just direct fraud loss and into the realms of trust and safety (another future blog post topic!) show that profit optimization (not the same as fraud reduction) across all customer touch points is an imperative.
Microsoft and Amazon enter the market
Finally, it’s common to see new vendors enter a market, and I’m constantly speaking to small VC-funded start-ups. It’s not so common for two of the biggest companies in the world to enter a market at around the same time. Both Microsoft and Amazon have brought their own fraud detection solutions out for digital commerce merchants to use. I’m not in the business of vendor promotion, of course, so I make no comments about efficacy. However, I watch with interest, as both of these digital dragons have a track record of disrupting markets that they enter.
If this blog post has whet your appetite a little, check out the latest Market Guide for Online Fraud Detection which goes into more detail on these trends and more.
Five Board Questions That Security and Risk Leaders Must Be Prepared to Answer
As board members realize how critical security and risk management is, they are asking leaders more complex and nuanced questions. This research helps security and risk management leaders decipher five categories of questions they must be prepared to answer at any board or executive meeting.Read Free Gartner Research
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.