By Abigail Klein Leichman (Israel 21C) Banking and shopping online have never been more popular, thanks to the worldwide pandemic and the convenience of accomplishing these tasks 24/7 from home.
Unfortunately, the rise in transactions has come with an unwelcome companion: a rise in fraud.
Online fraud includes false or illegal transactions using stolen payment or identity information. There’s also “friendly fraud,” where a customer instructs the payment provider to cancel payment on a received item or service, resulting in costly chargebacks to the merchant.
Experts estimate that online retailers spend 7% of their annual revenue dealing with the average 10% of transactions that are fraudulent. The hardest-hit industries are airlines, computer/electronics retailers and money-transfer services.
Fraud also hurts consumers because antifraud measures can slow or even stop honest transactions. Residents of countries with a high percentage of fraudulent transactions may find themselves blacklisted from online retailers and financial institutions that got burned too often.
Several Israeli companies have developed sophisticated antifraud technologies to protect both sides and simplify weeding out bad actors. Here we review four of them.
As mentioned above, friendly fraud occurs when consumers dispute charges for something they received, rather than returning the item. Maybe their kid bought it without their knowledge or maybe it’s an impulse buy that they later regretted.
Either way, the merchant gets hit with a chargeback fee unless it can prove the purchase was legitimate. Last year, friendly fraud cost merchants some $125 billion.
Eido Gal and Assaf Feldman founded Riskified in 2013, offering a unique chargeback guarantee. Today it works with three of the 10 largest ecommerce companies and has processed more than a billion orders.
“When order information comes to Riskified in real time, we decide in a second or two whether to accept or reject the order, using sophisticated machine-learning models,” says Elad Cohen, Riskified’s VP of data science.
“We only get paid for the orders we accept. If we get it wrong, we pay the entire chargeback fee.”
Riskified’s service reduces fraud-related costs by as much as half, says Cohen. “Our fee is substantially lower than their chargeback fees and they don’t have to pay someone to do it inhouse.”
But the main benefit is that Riskified’s automated process increases order approval rates up to 20%. That’s because human risk assessors tend to err on the safe side, rejecting suspicious transactions or even blacklisting entire countries.
“For customers, we make ecommerce much more accessible,” says Cohen.
For merchants, additional services include using data to build a case for banks to dispute friendly fraud, determining if a customer is abusing free return or special-offer privileges, and more.
With over 650 employees – two-thirds in Israel, the rest in New York and smaller branches across the globe — Riskified went public last July and works with clients including Acer, Trip.com and Ticketmaster.
Justt is another Israeli startup helping global merchants fight false chargebacks with smart technology.
Founded in 2019 as AcroCharge, Justt uses machine learning and domain-specific technology to flag incorrect chargebacks and builds tailored solutions to gather and submit evidence on merchants’ behalf.
The company says its customized, fully automated approach defeats 85% of friendly fraud while eliminating the need for in-house chargeback mitigation programs.
Founded by Israeli tech industry veterans Roenen Ben-Ami and Ofir Tahor, Justt recently raised $70 million in funding as it expands, now encompassing about 110 employees.
One of Justt’s customers, digital payments giant Melio, reports that its mitigation team was able to reclaim about 30% of false chargebacks before implementing the automated solution. The success rate then increased threefold.
“Justt’s hands-off solution integrates with our card processor, allowing us to shift our focus from the never-ending task of fighting chargebacks to conquering our core business goals,” said Matana Soreff, Melio’s VP of risk and compliance. Justt’s customers pay a fee only after funds are recovered.
“The chargeback system is fundamentally unjust, but many merchants view their losses as simply the cost of doing business. At Justt, we believe there’s a better way, and that ecommerce sellers need someone in their corner as they navigate this archaic system,” said Tahor, Justt’s CEO.
Cybercriminals increasingly try to bilk the elderly out of their life savings, taking advantage of seniors’ lower level of digital savvy.
Using phone calls or text messages (to hide unfamiliar voices) pretending to be a grandchild in need of emergency cash, they may steal identity info to open a new account or persuade the victim to log into their bank account and then take it over.
After determining that 40% of confirmed fraudulent credit-card applications involved a person with a declared age of 60 or older, BioCatch recently launched its Age Analysis fraud-prevention solution for over 50 big financial institutions.
BioCatch was founded in 2011 based on military machine-learning technology to authenticate identities using behavioral biometrics — how you type, move the mouse or handle your smartphone. Even small differences in behavior suggest that a hacker, not the account holder, is at the keyboard.
“When you apply to open a bank account online you type in a lot of information. The rhythm of typing is different if you’re doing it from memory or looking at a piece of paper,” says BioCatch VP Cyber Oren Kedem.
Knowing that typical cybercriminals are much younger than their victims, BioCatch taught its Age Analysis software to flag behavioral biometrics that don’t match the purported age of the applicant.
“We know how a person born in 1949 behaves online and how a person born in 1989 behaves online. If there’s a mismatch, we alert the client. We see that age detection is quite accurate,” says Kedem, especially when someone tries to open a new account.
“We don’t actively stop anything. We don’t tip off the bad guys. We collect the data invisibly and provide insights that allow the client to make a decision whether to approve, decline, or ask the applicant to contact customer support.”
BioCatch has more than 200 employees, with R&D in Israel and offices in North and South America, Europe, Asia and Australia.
Identiq was established in 2018 with the idea of creating a peer-to-peer network that allows merchants to validate the identities of new users.
“Let’s say you sign up for a ride-sharing service. They’re putting you in a car with a stranger and need to know that you are who you say you are,” explains CMO Shmuli Goldberg.
“Aside from the risks of credit card fraud, account takeover and identity theft, it’s also an issue of trust and safety. If you can be assured it’s a real person, a huge amount of the problems of fraud and bad actors go away,” says Goldberg.
“We do that by enabling our clients to verify your identity with companies that already know and trust you and have your IP address and credit card number, such as your video streaming service or grocery delivery company.”
Identiq’s algorithm-powered solution keeps user details anonymous and is both GDPR and CCPA (California Consumer Privacy Act) compliant.
“We use multiparty computation, a well-known branch of cryptography that makes sure we can run a computation on data we both have without either of us exposing that data to each other,” Goldberg tells ISRAEL21c.
Working under the covers during the signup process, Identiq’s scalable solution can handle hundreds of millions of inquiries simultaneously and instantaneously.
“Trusted users get a perfectly seamless experience. They’re not treated as fraudsters, there’s no more validating numbers or one-time verification charges. In the 1% where something doesn’t match up, we alert the client that we never saw this person with a credit card before.”
Identiq is working primarily in large B2C sectors such as ridesharing, financial services, retail, travel, gaming, dating sites and social media.
“We can be used not only at account creation, but also before a customer places a huge order, or reactivates an existing account. A good user would be expected to have a range of companies across industries that know this user’s name, email address and phone number,” Goldberg says.