Payment fraud prevention at a national payment switch
France has a long history as a pioneer in payment fraud prevention. It was the only nation that introduced Chip and PIN countrywide in 1992 . This action made France the first all-smartcard country. And it reduced fraud in France to almost zero overnight. For decades.
But criminals became more sophisticated and fraud losses returned. And they returned big time. The European Central Bank identified 2013 as the year where France reported the highest fraud losses in the entire Eurozone for payment cards . Fraud losses in France were at 7 BP compared to a European average of 3.9 BP.
France again acted decisively. The country deployed IBM Safer Payments with the national payment switch to score the fraud risk for every authorization request in real-time. This score is passed to banks, issuers, and acquirers that combine the risk score with customer information to form a final decision on declining fraudulent transactions.
Safer Payments went live in 2014 and has reversed the fraud trend again for all transaction types . In 2018, we saved $115 million in net fraud losses, something of which we are very proud.
“In an EMV environment such as France, payment transactions at ATMs and POS devices require the physical presence of the card and the entry of the correct PIN code, while e-commerce transactions do not require this. One might thus assume that this increase in fraud must come from such card-not-present transactions. Interestingly, this is not the case. As the statistics of the ECB for 2013 shows , fraud with ATMs and POS devices was above European average in France, while e-commerce fraud was below the European average.”
Fraud prevention on a national scale
In France, most card payment authorization requests are routed by a national switch operated by STET, a company mandated by the Cartes Bancaires consortium. Cartes Bancaires is owned by eight major banks of France, serving 128 members in total. The switch routes authorization requests from credit and debit cards, cross border, domestic, and on-us, and protects both the issuing and the acquiring side of a payment transaction.
The STET operated national switch is in a unique situation to prevent fraud because it sees transactions on a national level—unlike an individual issuer or acquirer that only sees their own transactions. A national switch thus can detect many types of fraud attacks faster and better than any individual fraud prevention system. The national switch only gets authorization requests (and the issuer’s or acquirer’s final response). The national switch does not have any customer data, or any data from other payment channels—it does not even know if a debit and a credit card in its portfolio belong to the same cardholder.
Accordingly, Safer Payments in this central installation has to work with just the available data. Safer Payments compensates for this by creating deep behavioral profiles for a total of 255 million cards and 2.1 million merchants that allows it to securely detect the more sophisticated types of fraud patterns often committed by organized crime. The annual volume processed is 6.7 billion card transactions. We operate Safer Payments so it can process up to 1,200 transactions per second. Safer Payments computes the risk score for each request in less than 10 milliseconds.
Being a central part of the nation’s payment infrastructure implies that we operate 24/7 and design for 99.999% uptime. Our switching infrastructure is thus distributed in various data centers around the country. Safer Payment’s “cluster” architecture perfectly complements this. We can have individual Safer Payments instances in each data center that automatically replicate each other. Thus full operation commences even when we have to take single instances of Safer Payments down for maintenance.
Data science, machine learning and artificial intelligence
In the past, we mostly combined data science models for customer behavior profiling with expert created fraud scoring rules. Rule creation requires human intelligence. Our team of experts analyzes the data flow from the billions of transactions we process to learn the fraudsters’ methods and how fraud enters the system. They use this knowledge to create rules within Safer Payments that can pinpoint fraud as it happens. We believe that this combination is the key to our very low false positive rates.
Presently, STET and IBM are exploring the application of machine learning models to the actual scoring part of our card fraud detection operations. We believe that this technology will further increase effectiveness by augmenting the capabilities of our human experts.
Using the machine learning and artificial intelligence capabilities in Safer Payments and externally- added modules, we expect to glean insights from transaction data that will help our team devise fraud-detection rules even more quickly and accurately. Time saved in identifying emerging threats can greatly reduce the banks’ losses, and more accurate rules should lessen false positives.
Protecting real-time payments
As an added benefit, AI’s additional power can increase our ability to enter new markets and offer services for newer transaction types, including instant payments and Single Euro Payments Area (SEPA) payments. Perhaps most important, AI can empower STET to achieve our ultimate goal of reducing payment fraud in France, Belgium, and across the European Union.
Watch Rodolphe Meyer of STET discuss fraud prevention in payment transactions:
 Fourth Report on Card Fraud, European Central Bank, Official Publication, Chart 10, page 20.
 Fourth Report on Card Fraud, European Central Bank, Official Publication, Chart 12, page 22.
 OSCP (Observatoire de la Security des Moyens de Paiement), Statistical Institute of the French National Bank, Press Release of 7/5/2016.