11 2018 | SECURITY

 11 paysafecard has invested in a highly complex programme from the leading supplier of anti-fraud software. © Shutterstock

Cheaters never win

Fraudsters have had a hard time since Hany Razi took over paysafecard's Fraud Detection and Prevention Department in December. A recent case is the perfect example, showing why paysafecard has become best in class for its fraud-to-sales ratio.

Hany Razi is a kind of clairvoyant. Long before one of the largest distributors of paysafecard in Austria or even the police had noticed anything, the Head of Fraud Protection was nourishing a suspicion. Razi analyses the data from paysafecard's powerful fraud prevention tool every day with his 10-strong team. "Right at the start of the year, there were a few anomalies, which we reported. But we only take actionwhen a complaint is made, since we can show irregularities, but are not in a position to decide whether these are really fraud. For that, either we need a complaint or the management needs to get involved," he says, explaining the legal position.

This was also the main reason why the fraudster in this case was able to carry on with his nefarious deeds for a few more months. His mode of operation was extremely simple. He had the voucher for a paysafecard PIN printed out at the Point of Sale and then asked for another minor item - chewing gum or cigarettes, for example. When the salesperson turned away, the fraudster took the opportunity to photograph the PIN with his mobile phone. He then pretended to have forgotten his money and left the shop. He paid the credit at once anonymously into his account with a bookmaker. In this way, he was able to swindle his way to over EUR 6,000 from May to July 2018. "If the anti-fraud tool had not automatically prevented many of the transactions, the loss would even have been much greater," says Razi: "This is often one of the main problems in successful fraud prevention. It takes too long before individual ­cases are followed up." Those affected by cases of fraud are almost exclusively distributors and end-customers. This is because using paysafecard as a means of payment makes charge-back fraud, for instance, generally impossible.
In the specific case, the paysafecard Fraud Team were able to intervene when the police published a "Wanted" photograph in August: "With our technical tools, we quickly identified a suspect, who has since confessed and has now been in detention for several weeks awaiting his trial." How is that possible, if the user makes payments anonymously? "Each user and each device, such as a smartphone, is assigned a unique reference number. We can enter this number into our fraud tool and it then shows us the transactions and interactions with a device. In this way, we were in this case able to identify the suspect relat­ively quickly."

» All of this year, paysafecard was con­stantly one basis-point below the ECB’s average fraud-to-sales ratio. «

- Hany Razi,
Head of Fraud Detection and Prevention

This is also possible because paysafecard has invested in a highly complex programme from the leading supplier of anti-fraud software, ThreatMetrix. 2,900 rules are applied to all interactions with paysafecard products. Between 50 and 300 rules is otherwise the norm. "In addition, we not only monitor the roughly 160 million payment processes per year, but also every touchpoint of the customer journey. This is unique, at least in the customer portfolio of ThreatMetrix. And that includes giants like Visa, eBay and Netflix." This work is unfortunately necessary, be­cause not all fraudsters are lone criminals with gener­ally poor strategies. "We have weakened organised crime, but there are of course still many professional fraudsters," says Razi. He and his team have now identified three groups of criminals relevant for paysafecard. A Russian group who use ransomware, a Turkish group who use phishing and an organization working out of the Ivory Coast. "These criminals all follow quite specific patterns, which we can now ­recognize at once. Consequently, we are able to adjust the rules of our fraud tool to this behaviour on a continuous basis. In this way, we have greatly reduced the number of fraud cases."

» We’ve improved automatisation and efficiency. Now our distributors and customers are even safer. «

This is also shown by the figures. Since paysafecard decided around five years ago to invest significantly more in fraud prevention and investigation, the volume of fraud has fallen to only a tenth of its original value. The ECB benchmark for the use of credit cards at the Point of Sale, the so-called "fraud-to-sales ratio" of 4.1 basis points, is now continually being ­beaten. If a credit card is used on the internet ("card not present"), in the EU, the level is nearly twice as high, at 7 to 8 basis points, and in the USA it reaches an alarming 11 to 12. "We have broken through a sound barrier with this since June, and ever since have been consistently under 3 basis points." Razi makes no attempt to hide his pride in this development. In September, his team even broke their own record, with just 2.4 basis points. Another reason for this is that the Risk Manager has been bringing in new ideas since taking over the team in ­December: "We are now trying quite deliberately to break down data silos and see more cross-connections. In addition, we are increasing both automation processes and efficiency." Has this intensive daily grappling with fraud strategies had an effect on your own behaviour? "One becomes super-paranoid," says Razi, emphasising the potential risk on the Internet: "Whenever possible, I no longer use credit cards online. And I can confirm one thing with certainty: paysafecard is definitely more secure."

 11 In a recent case a fraudster used his smartphone to steal paysafecard PINs directly at POS. © Shutterstock