Andreas Baumhof is an internationally renowned cybersecurity thought leader and expert with deep experience in the encryption, PKI, malware and phishing markets. Prior to ThreatMetrix, Mr. Baumhof was an executive director, CEO and co-founder of Australian-based TrustDefender, a leading provider of security and fraud detection technologies.
Online fraud prevention technology has done much to eliminate fraud in the last few years. What are the biggest payment security challenges for retailers now?Andreas Baumhof: Online fraud prevention measures have helped online businesses to reduce fraud substantially, however it is a cat and mouse game and the fraudsters have been adapting to this challenge and are now using more and more sophisticated tools.
For a while, you were “safe” by implementing basically ANY fraud prevention technique as the bad guys would just target someone else who hasn’t. Now that many online businesses have some level of fraud protection, the fraudsters come back. And they come back with much better tools. Now the big question is to make sure that online businesses have the right tools to be effective. The other side of the coin is the user experience as there are a lot of fraud prevention tools that are inconvenient or hard to use. So the trick is to find an effective solution that addresses the problem without inconveniencing the “good” customers you have. This is one of the biggest challenges today.
Is it fair to think that in fighting online fraud there is a one size fits-all strategy and what is your company approach in this respects? Have you developed specific products for specific industries or regions? And what is your main target market?Andreas Baumhof: Fighting online fraud is absolutely not a one size fits-all strategy. Online fraud differs greatly in the various use cases. What we need is to have solutions that are flexible and adaptable.
In our case, we have an incredibly flexible rules engine. Customers will get an initial set of rules based on some workshops. However we allow our customers to modify and enhance the rules at any point in time. This way we can deal with the huge amount of diversity among our customer base from small retailers to the biggest financial institutions that have very stringent policies for their specific use cases.
ThreatMetrix is delivering the most complete online fraud management solution available in the market today. What does this solution integrate and what are its essential features?Andreas Baumhof: The trick with fraud management solutions is that they need to be very versatile. We have been innovating in various areas and have led the space in many different areas, such as proxy piercing, our ability to identify devices without tags/identifiers (with our SmartID), our ability to run global rules across all of our 750 customers, our backend infrastructure that allows us to do this in real-time.
Lastly, we are very open about the dataset. We believe that in order to make fraud solutions work, we need to enable our customers to use the information to their benefit. Our customers can use ALL of our data and send it to other real-time risk engines (e.g. for cross channel fraud). We have integrations with ActivIdentity, Accertify, CyberSource, Imperva and many others.
In an internet economy, cross-border commerce has become commonplace. What are the implications for online fraud, at an international level?Andreas Baumhof: Law enforcement has a much bigger problem with this than we do. From a fraud prevention point of view, we pick up certain anomalies and flag transactions, worldwide.
Alternative payments and the rapid increase of nonbank players in the retail payments environment have revolutionized the payments system. Have such changes brought about new challenges from a fraud-and-security perspective? Or, on the contrary, could new players provide new tools to make the payments environment safer?Andreas Baumhof: Oh absolutely. Most new payment systems have fast processing as a unique selling feature – which provides a particular problem from a fraud point of view.The reason people were very hesitant to sign up to the Faster Payment scheme in the UK was that banks couldn’t claw back the money in case of fraud, which is today still very effective. In the “new” payment scheme, things have to be real-time. Our solution is real-time, but many other fraud solutions (including behavioral and predictive tools) are still not real-time.
How would you describe the overall awareness of fraud in the US and Europe vs. other regions?Andreas Baumhof: Well, from an online business point of view, the awareness of fraud is directly related to the exposure of fraud and/or fraud losses…and that varies by company. From an end-user point of view, the issue is more about security awareness, which is improving worldwide.
Does the advent of new, simple and affordable technologies increase the threat of fraudulent activities? Will anti-fraud measures be able to keep up with improvements in technology?Andreas Baumhof: As outlined above, a few years ago, it was enough to implement ANY fraud measure. Now that fraudsters are smarter and more sophisticated, people need to look at what they have implemented. Will we be able to keep up? For sure, but we need to work on it as threats change.
What is your perspective on mobile phone fraud? Is this a major problem or will it become so as mobile phones increase in popularity and functionality?Andreas Baumhof: Mobile fraud can vary quite heavily. We see the mobile channel used quite heavily for fraudulent purposes. Fraudsters know that a lot of backend tools aren’t as effective on the mobile channel as they are on the web channel and they are using this to their advantage. For mobile phones in particular, more and more transactions are done, which obviously attracts fraudsters as well.
Within a position paper, the E-Payments Merchant Initiative uniting European merchant interests stresses the fact that there are many online identity and authentication options, but none of them are currently interoperable. Merchants call upon the industry to come up with harmonizing solutions, but in your opinion, how realistic is such an approach for all payment types?Andreas Baumhof: I think we need to enable online businesses to leverage all the data they have to their benefit. There is this notion of who controls the data is in control. That is true, but at the same time we need to enable interoperable systems to work efficiently. Unfortunately I’ve seen many initiatives (such as a common authentication scheme in the banking world) fail due to the unwillingness of different systems working together.
Where do you think the future challenges come from in terms of fraud?Andreas Baumhof: The converging of channels will be a major challenge. Mobile platforms are pretty challenging too. And ultimately the need to process more transactions in less time puts more stress on the real-time systems.
What would be some top directions of development for online and mobile payments fraud prevention for your company?Andreas Baumhof: We are investing a lot of time and money on making sure that our system stays as effective as possible and that our backend systems are prepared to deal with huge amounts of data in a very short time. We are working on the mobile channel and continue doing innovations such as the integration of security and fraud under one umbrella and providing more analytics in real-time.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now