Martin Pearce, Head of Loss Prevention, thetrainline:"The mobile channel is undergoing significant growth and expansion"

Martin has worked in the Fraud Prevention industry for the last 25 years, across multiple industry sectors. Initially the Motor Industry and Asset Finance before moving over to Mobile Telephony and now Rail. He has a proven track history of setting up fraud investigation / review areas to achieve significant loss savings in high volume transaction environments, whilst maintaining minimum impact on the genuine customer. He has close links with Law Enforcement and has

What were the contributing factors to the commercial and operational success of your company? How do creativity in approaching payments, risk innovation and improved systems come into the picture?
Martin Pearce: Having developed our own way of identifying a mobile device as well as the sharing of apps across devices – all this has enabled us to reach a good level of fraud prevention as far as our mobile phone app is concerned. Without it our losses would have been more significant, which would have meant a stricter review of transactions from the mobile app, resulting in a poor customer experience for the genuine users of the service.

The retailing and provision of rail tickets on mobile devices is a key way forward for the UK Rail Industry. Without having adequate fraud prevention capabilities on this channel the expected growth would be restricted.

thetrainline.com team has a proven track record of fraud prevention and in achieving best in class figures. How did you manage to accomplish that?
Martin Pearce: thetrainline.com had encountered a fraud issue in 2006/2007 with the introduction of chip & PIN technology in the UK. Card-present fraudsters migrated to the card-not-present environment and thetrainline.com was not ready. We deployed CyberSource Decision Manager and Payer Authentication which significantly reduced the losses. We found that most of the fraud was being pushed to the banks and wanted to be best in class for not only fraud losses but also bank accept rate.

In order to achieve these goals, we tailored our fraud solution to match not only the UK rail industry but also thetrainline.com customer profiles. We conducted lots of analysis on both good and bad customer behaviour and also split the rules into two distinct categories. On the one hand, there are the fixed rules, which apply to all customers and, on the other hand, there are flexible ones that match specific fraud patterns and have a limited life as the fraud pattern moves on. Additional predictive data fields were identified and incorporated into the fraud system. Therefore, instead of blocking cards or IPs from one specific country, the fraud system now has the ability to employ a reject rule targeted at not only a BIN country, but also linked to IP, product, time of day, email domain etc.

What is your opinion on the growth of mobile commerce and its impact on how consumers shop nowadays?
Martin Pearce: Having worked in the mobile phone industry, I have heard time and again that this year or the next are likely to the breakthrough years when mobile takes over payments. The mobile channel has grown as user experiences migrate and converge across all types of devices and channels. Customers now want apps for all sorts of activities, with the added ability to buy the product. Mobile commerce is growing, with the growth being more significant in some industries as opposed to others. Growth will continue to happen and merchants need to be ready to handle this growth and have a fraud and payment strategy for handling the same.

What would be some of the opportunities and what would be some of the threats for merchants from the mobile channel?
Martin Pearce: One opportunity would be that the mobile channel is undergoing significant growth and expansion; take a look at your competitors and see if they are already in that market place and what they have. Be bold and be first to get out there, but make sure you go in with your eyes open and prepared to make changes to combat fraud. There are plenty of publications out there predicting that a significant growth of internet transactions is set to take place across mobile channels.

The threats are associated with fraud prevention. App sharing, no 3d secure, no IP addresses, no device fingerprints. Some of these are there now, but in early stages. As with most products you need to be out there first to get a foothold and that’s before the fraud prevention measures have been built and put in place.

From your perspective, the most significant emergent trends in online fraud are…
Martin Pearce: We are seeing fraudsters move to single one off transactions that don’t link to anything else. 4 years ago, 40% of cards used fraudulently on us were used just once, this has increased to 80%, therefore velocity rules are becoming less and less in value based on just the card.

The availability of card numbers has increased dramatically. Historically, you were looking at card skimmers in retail outlets handling a couple of hundred cards at a time that were then used online. With the industrialisation of hacking, the volume of cards that can be obtained in one go are now into the millions.

Online, by its very nature, means the customer or fraudster can be anywhere. Boundaries for trading overseas have dropped, making things such as geo location and IP addresses reduce in value when looking at your customer base.

In your position, you have monitored key developments in the transaction space for a long time. What has been the most revolutionary development in the past years that has an impact in the payments / transaction/online fraud mitigation space even today?
Martin Pearce: For me it has to be the emergence of device fingerprinting. As with the above, fraudsters have access to a significant volume of card numbers from around the world and can afford to use them just once on a merchant before trying the next. Having the ability to identify the device enables morphing rules that can spot this pattern.

Example below. First just looks like a pattern of fraudsters, probably a group of 5-10.

 However, add in the device and you can see its coming from potentially one person.

It’s also very useful in the positive context. For example, we quite often see a PA booking multiple journeys for a group of Managers / Directors. Once this has been identified we can create a positive rule on that device allowing transactions not to be impacted by the fraud system.

thetrainline.com is the leading UK rail ticket retailer and rail ticket information provider, offering fast and easy access to timetables, fares, reservations and tickets through its Internet site and contact centre operations in the UK train travel sector. In addition to its own website, www.thetrainline.com, it operates retail websites for many of the Train Operating Companies who sell rail tickets online, as well as providing a rail business travel service direct to a number of blue chip corporations and travel agents.