This past week, over 1400 payments professionals convened in Las Vegas for the annual Merchant Risk Council (MRC) conference, an event that I’ve had the pleasure of attending for over a decade. While merchant fraud detection and risk management continue to be the core theme of the conference, traditional payment service providers had a strong showing at the event, helping cultivate an environment including nearly every payments and fraud-related area that could ever interest a merchant.
Change is most definitely in the air as many new companies continue to enter the fraud prevention marketplace, existing providers expand their strategy, and traditional payment service providers work to offer more value beyond standard payment processing. While there were tons of topics discussed throughout the week, we saw several prevailing themes:
Machine Learning Continues to be Red Hot
Back in November, my colleague, Russ Jones, wrote about Artificial Intelligence in Payments, stating that “it has never been a hotter topic than it is right now” and from the showing at this year’s MRC, it would be difficult to disagree. Whether you call it “machine learning”, call it “A.I.”, or go back to specific techniques that have been used for years, such as neural networks, machine learning was front and center at this year’s event.
The story, however, is one of old vs. new, as well as apples vs. oranges. Newer fraud prevention providers, including the likes of Signifyd, Forter, Riskified, Feedzai, Sift Science, NuData Security and Datavisor bring machine learning to the forefront of their solution. At the same time, established risk management platform players, such as ACI ReD, Kount and Cybersource tout machine learning capabilities that supplement their multi-dimensional systems.
One thing is for sure: not all machine learning is the same. For some providers, machine learning is part of their DNA, while others simply use it to augment the performance of other risk technologies. And, to be frank, many flog it because it’s a topical marketing buzzword, regardless of whether it’s integral to their solution or not.
This complex and fragmented market makes one other thing clear: many merchants are confused about the different machine learning solutions that are out there. Merchants will need to dig deep to understand the value that machine learning brings and how every provider’s implementation differs.
Guaranteed Providers Try to Find their Sweet Spot
In January, I wrote about the current wave of fraud prevention providers who offer a simple guarantee: they will take all risk and liability for chargebacks, fine and fees when they don’t identify a fraudulent transaction. Forter, Signifyd, Clearsale, Riskified, Vesta, Radial and Appruvd are among the providers who offer this promise. But as this market continues to mature, providers in this space have also realized that they need to tweak their strategy, value proposition, and pricing models.
I spoke with a number of providers who are supplementing their guaranteed service offering with non-guaranteed services, in order to appeal to a broader group of merchants. Reaching merchants who may not be sold on the guaranteed value proposition could help expand these providers’ addressable markets, but also puts them squarely in competition with established non-guaranteed players in a market that is already flooded with fraud prevention solutions.
Several providers also spoke to me about implementing new pricing models, where their pricing would be structured such that it would never exceed a merchant’s current total cost of fraud operations, while still offering a fraud guarantee. This type of pricing structure could be attractive to merchants who cannot take the hit on the 1%-plus fees that guaranteed providers often charge, but also challenges providers and merchants to determine accurate costs of fraud operations, which can be difficult to determine or agree upon.
Lastly, there was a clear sense among guaranteed providers that they are taking a “guaranteed works for everyone” approach – even very low risk merchants. There is a case to be made that low-risk merchants can greatly benefit from guaranteed fraud solutions since they could quickly do away with significant operational costs or the management of multiple fraud technologies. Handing over all fraud operations to a vendor who offers a guarantee could potentially reduce overall costs while providing CFOs with an absolute, predictable cost of fraud management.
Payment Service Providers Fight to Get a Greater Share of the Market
One of the great things about MRC is that its scope isn’t just limited to fraud. Major players in the payment processing and acquiring space are typically well-represented. This year was no different and payment service providers did their best to show a fraud-minded crowd that they were more than just about switching card transactions.
Cybersource, for example, strongly pushed its enterprise tokenization service, while firmly reminding merchants that sensitive data is stored in rock-solid Visa-run data centers. Sister company Cardinal Commerce had a strong presence in what was essentially its coming out party since its acquisition by Visa, in an important year where we will most likely see the advent of 3DSecure 2.0 and stronger authentication requirements dictated by the European Union’s PSD2.
One of the most interesting announcements of the show was First Data’s acquisition of Acculynk, the online PIN and PINless debit processor. While Acculynk has been around for quite some time now, it’s PIN-based online debit system hasn’t exactly hit mainstream. Perhaps First Data feel that they have the sales power and greater platform to make it successful, but I’m sure that they also saw value in Acculynk’s debit gateway product, which can neatly bolt on to First Data’s existing set of platforms.
Fraud Just Doesn’t Occur at the Payment Transaction
For decades now, e-commerce fraud solutions have had an intense focus on payments transaction fraud. However, merchants have seen massive growth in account-related fraud, including login fraud, account takeover, false account creation, account abuse, and collusion. Many are thirsty for solutions that help them address these complex problems. It’s easy to see how account fraud can lead to payments fraud, with illegitimate purchases coming from a legitimate account or by using a good account to make purchases with stolen card data. Nothing good comes out of letting bad actors into a system.
At this year’s conference, there was a renewed focus on account-related fraud, both in topics presented by attendees and in solutions offered by service providers. We saw Western Union speak about out-of-band authentication methods used to mitigate social engineering attacks, as well as trends related to account takeover fraud. TSYS and Featurespace also joined up to talk about the challenges associated with social engineering risk, while Ria Financial spoke about the importance of reducing risk during customer onboarding to mitigate transactional fraud. Etsy spoke about machine learning-based approaches used to mitigate account abuse in its global marketplace.
On the provider front, Sift Science teamed up with Patreon to speak about account takeover fraud, conveniently on the heels of Sift introducing a new account takeover product to complement their existing suite of fraud and abuse tools. And long-time purveyors of device identification technologies, iovation, heavily pitched identity management and device-based authentication solutions alongside their newly-acquired LaunchKey multifactor authentication product.
MRC Goes Global
If you missed MRC Las Vegas this year or want a more international taste of what’s going on in the world of risk and fraud, MRC hosts its annual European conference in London on April 24, followed by a European Platinum meeting in September. Its US roadshow will pick up again with its fall Platinum Meeting in San Diego this October.
And if you need help understanding the ever-evolving fraud prevention market, Glenbrook has assisted many merchants and service providers navigate this complex landscape. Please reach out to explore how we may be able to help you.