Device Intelligence and Behavioral data are a superpower for Fraud Detection
Device intelligence and behavioral data is the gift that keeps on giving to the fraud squad. For CROs, device intelligence and behavioral data go beyond fraud fighting. They establish a foundation for regulatory compliance, cost efficiency, and operational resilience across the organization.
The data can be used as compelling evidence to fight chargebacks or for Geofencing in sanctions use cases.
The mistake is to assume these tried-and-tested data sources are static. The inverse is true. Whatever new risk appears, device and behavior consistently rank highly both to the human eye and when evaluating ML and AI in fraud prevention for feature importance.
I guess what I’m saying is that devices and behavior are like eating vegetables and getting regular exercise. They’re not nice to have; they’re the foundation.
That’s what the data keeps showing.
Every time.
Don’t believe me?
Look at the pretty charts below 👇
It can be applied to more use cases if it’s built correctly.
Take two examples
- Compelling Evidence to Dispute a chargeback.
- Device data for Geofencing high risk jurisdictions.
Compelling Evidence 3.0 (CE 3.0) allows device and behavioral data.
Chargebacks are painful and costly to fight (average is around $400). The dispute process with the card networks requires “compelling evidence” to be compiled and submitted through the payments services providers (PSPs).
The problem is that a bad actor, who’s abusing chargebacks is likely to use a guest checkout experience. A guest checkout is great for a first time user, and increases sales, but many merchants are considering switching them off entirely due to the high volume of chargebacks.
Whereas a returning user with an account, you might have some historic data about, a new user with just an email address, home address and card details could be a repeat offender and you’d have very little way to prevent that.
Under compelling evidence 3.0, merchants are encourage to collect device and IP information to dispute a chargeback. Chargeback dispute processes require comprehensive, compelling evidence, which is especially important in high-risk environments where regulatory audits are frequent. By strategically incorporating device and behavior data, your compliance efforts become seamless and cost-effective, with win rates to match.
🎣 If you can see this same device is using lots of cards at your guest check out that makes your case more compelling.
Meaning merchants win more disputes.
⚡ (And for the cherry on top, Sardine’s Chargeback AI Agent can gather that evidence for you and format it to be ready to submit to your PSP).
Device data can help AML Geofence high risk jurisdictions.
Fighting sanctions with just transaction or onboarding data is incredibly challenging. A user with a stolen identity, using a VPN or proxy could be operating in sanctioned regime’s like North Korea.
Bad actors go to great lengths to hide their location or IP address information with VPNs, proxies to mask their physical location. Often KYC, KYB and transaction monitoring services would miss this added detail.
The failure to fire an alert and file a SAR results in a less effective BS/AML program and exposes financial institutions to a risk of fines.
🎣 If you can pierce to proxy or VPN you can see the True Location of the device and ensure you’re complying with the law.
Meaning institutions file more SARs and demonstrate their compliance effectiveness.
⚡ (And for the cherry on top, Sardine’s SAR Narrative AI Agent can gather that evidence for you and format it as a SAR narrative).
Device and Behavior consistently wins for the pro’s.
Whatever new risk appears, device and behavior consistently rank highly both to the human eye and when evaluating ML and AI for feature importance.
We see the same in our platform and our lived experience.
As Matt Vega at Novo said in a recent interview:
Device and behavior data is also especially important for managing emerging threats. Whether it’s scams, deep fakes or something else that doesn’t exist yet, the most likely data to be compromised is historic data.
Most identities have been stolen, card numbers are available on the dark web and transaction information is often limited in how clear or useful it is when used in isolation.
A couple of recent examples:
- KYC Onboarding with deep-fakes (masking attacks with AI), rely on tricking the liveness detection or human agent into the true identity of the person onboarding. The device has usually been altered to enable that video to be displayed, and the right device data can detect that.
- Authorized Push Payment fraud (APP fraud), relies on social engineering to scam a user in sending money to a bad account. If you’re watching the users device & behavior subtle clues to identify communication with the scammer
Not all Device and& Behavior data is created equal.
Device intelligence and behavior “biometric” vendors have been around for two decades or so. Most banks, large merchants and even payments companies have some level of this capability.
There are two problems
- Often user behavior is seen as the “nice to have” and left off the table
- Most of these platforms are static and inflexible
It’s great to have this data, but when you combine the device and how the user is using the device together, that’s when you spot far more hidden tells of nefarious activity. If you have to buy this data from two different vendors, now you have two costs and an integration problem.
Integration problems are compounded by inflexible platforms, or vendors that insist on a “project” every time you want to make a rule change or pull in some other 3rd party data.
You ideally want device & behavior data that is available from one place, and plays well with any existing systems you have internally.
In managing fraud or compliance risks, more data is better.
Device & Behavior work well as a foundation for risk signals.
We’re used to treating the payment transaction, identity, or third-party data as our primary risk signal and data source.
That’s not wrong; it’s just not the cutting edge anymore.
Onboarding or a transaction happens at a point in time. However, the most abundant data source is their device and behavior on your platform. This creates an anchor for a user, or “the same user,” as we call it. This same user can then have attributes associated with it, like transactional data, email, telco, bank consortia, open finance, watchlists, and other sources.
Combined, this shows how a user's risk profile changes over time.
Today the fraud squad emphasizes gathering as much data about good users as possible and building a baseline.
The strategy to get the most out of your users device & behavior data.
- Have it constantly evolve. The signals available from a user's device and the way attackers exploit them change over time. Whether it’s a new privacy setting, operating system update, or regulation, the same old signals won’t work. We need to constantly test, iterate, and push the R&D limits on the device and how it's used to capture threats.
What was once cutting edge won’t be soon. If your device and behavior signals are static, you’re degrading performance month over month. - Have device and behavior apply to all use cases. We’ve tended to use a new tool to solve a new problem. The most common use cases, like account opening or transaction screening, are still effective, but we’ve found significant uplifts in BSA/AML and Sanctions use cases for our clients.
Device and Behavior data are becoming a reliable anchor for your fraud and compliance data engineering approach. - Combine it with as many data sources as possible. All risk problems are data problems. Once you have a confident view of a unique user or entity, the more data attributes you can assign to that entity, the better. Sardine’s AI, and your in house data engineering teams get much more bang for buck if the data is coherent, well labelled and highly available.
All risk problems are data problems. Solving them requires better data (device and behavior) and more data (third party + your own) to train the best AI (Sardine + you). - Bake it into your wider fraud & compliance platforms or around them. Having amazing device and behavior data you can’t access is pointless. Large organizations pull complimentary data into in-house tooling or legacy systems. Increasingly we’re also seeing enterprise clients use Sardine as its fraud & compliance operating system. Whatever helps you manage your risk is good with us.
Integration is always difficult; your strategy should be to move towards tools and data providers that default to being open and available. - When you bake it in, you get better results. Behavior data was once seen as a luxury for fraud pro’s; great, but an additional expense. The opposite is now true. Behavior is becoming a reliable anchor data signal to build others around. If you bake that in to every rule, case and AI model you’ll get the most tangible uplift in performance and KPIs.
Whether you’re trying to optimize onboarding, account funding, sanctions risk, or just remove the number of alerts that drive manual work, The first principles apply. Get the best data (device and behavior), more data (yours + 3rd party), and train the best AI.
Move faster than the threat.
We save risk teams time, effort and frustration. We help payments teams convert more good customers. We help more commerce happen by obsessing over the details.
Based on our lived experience we’re obsessed with speed.
Whether that’s the ability to create new fraud rules, making new high-quality data available to our ML models or unlocking analytics for compliance teams – we do it faster.
We’re in constant R&D mode, from every client account call or sales call we’re changing our product and adding new capabilities daily.
We enable instant rule creation, backtests and push to production in a no/low code environment.
We offer full analytics into our AI and ML models so you and your data teams can rank the importance of features and data signals when dealing with new fraud or compliance threats.
Oh, and we’ve also got a handful of AI agents that can handle disputes for you, or build SAR narratives, but we’ll save those for another blog 😊.
If you want a platform that moves faster than the threat, call a fishy friend.