Generic vs. Targeted Fraud – The Diminishing Value of Global Data Networks

The concept of global data networks and their uses in fraud mitigation isn’t new or foreign. Any business leader in charge of a risk team is familiar with adopting crowdsourced data ecosystems that can enhance fraud detection or prevent loss induced by illegal activity.

And while global data networks bring certain advantages in counteracting the efforts of external malicious actors, many of those same leaders who adopt global networks find themselves dissatisfied with fraud loss amounts they are forced to write off as “the cost of doing business”.

In this post, we’ll cover circumstances under which the efficacy of global fraud data networks diminishes, and a secondary (though equally impactful) strategy risk leaders can adopt to cover the detection gaps introduced by those same circumstances: enriching their first-party data ecosystem for specialized fraud modeling.

Global Fraud Data Networks: Uses and Shortfalls

Before we outline how crowdsourced fraud data modeling can grow ineffective, it’s worth addressing cases in which they do provide utility to risk teams.

In scenarios where calculating organizational fraud risk requires consideration of a product-agnostic set of variables, or when risk calculations can be done with broad assumptions about user behavior, global data networks can be effective prevention tools.

An example of this might be an e-commerce company concerned about one-off stolen card purchases, where that business sells similarly priced products to a narrow market segment. This company might safely assume that nearly all users buy from one device type, from similar geographical regions, and make transactions within safe to assume dollar thresholds.

Here, if one of the few variables in the risk calculus is whether a transaction was made with a card number tied to historical instances of dispute, plugging into a global data network that crowdsources dispute frequency on card numbers across applications might suit the business.

But the efficacy of these global fraud data networks diminishes on a longer timeline, simply because the risk calculus of businesses that are successful enough to survive that timeline grows in complexity, while at the same time platforms that offer global data networks have incentives to cater to the lowest common denominator when addressing fraud typologies across all companies they serve.

In short, these networks specialize in being general.

In certain industries like financial institutions, or companies with global users across multiple device types, the variables to accurately assess risk grow exponentially, where users can withdraw, deposit, or make purchases across more incalculable dollar ranges.

These are the companies where the margins for error are thinner, and if miscalculated, have consequences more drastic than dollar loss (compliance or regulatory penalties, impacts on public share price, large scale user exodus). These are also the types of organizations that tend to attract sophisticated, coordinated attackers with experience bypassing more generic fraud models, and who execute more specialized fraud schemes that attack specific weak points of the user verification funnel.

And while specialized fraud typologies like gaming rewards programs, personalized account opening fraud, or establishing money laundering networks are less frequent than stolen credit card purchases, the incentives for attackers to execute these large-scale attacks vastly outweigh any efforts spent circumventing more standardized fraud modeling.

Closing the efficacy gap with first-party, fine-grained user behavioral data

As organizations evolve (product additions, market expansion, user growth) so does the mixture of fraud typologies they will experience. A complex set of fraud typologies and behaviors requires a complex solution for mitigation.

At Moonsense, we’ve assessed how our customers have experienced this need for nuanced modeling and plotted an estimated (and anonymized) distribution of typologies businesses might face through their lifecycle.

untitled image

While generic fraud like stolen card purchases initially occurs as the most frequent typology early on (~60%), the fat long tail of incidents and losses tend to come from more targeted attacks and specialized fraud typologies, or synthetic fraud (~40%).

This fat long tail of specialized fraud typology loss can be prevented and even predicted if target companies minimize as many assumptions about their users’ behaviors as early as possible, as frequently as possible.

Where generalized models of global fraud data networks fail, customized modeling on fine-grained, first-party data can prove effective in collecting behavioral data which makes it impossible for coordinated attackers to mimic, thus breaking the economic incentives of their attacks. Models built on fine-grained behavioral data allow in-house risk teams to build more reliable baselines on their users alone, as opposed to making assumptions on how their users’ behaviors align with those of other companies plugged into a global fraud data networked model.

This approach is uncommon, as it is difficult for many large organizations to capture rich enough behavioral feature sets and align those to fraud outcomes when behavioral data gathering was never a core part of the company’s product offering from the outset.

A combined approach to fraud modeling

Global fraud data networks provide modeling scale for those fraud typologies most frequent across the broadest set of companies plugged into the network. By using crowdsourced data to address common fraud, and enriching defense with in-house fraud models collecting behavioral data to address the last 40% of synthetic fraud typologies and loss, companies with the most to lose can completely upend their standard of what fraud loss volume constitutes “the cost of doing business.”