My IBM Log in Subscribe

Payment fraud prevention at a national payment switch

Tags

Security

19 February 2019

4 min read

France has a long history as a pioneer in payment fraud prevention. It was the only nation that introduced Chip and PIN countrywide in 1992 [1]. This action made France the first all-smartcard country. And it reduced fraud in France to almost zero overnight. For decades.

But criminals became more sophisticated and fraud losses returned. And they returned big time. The European Central Bank identified 2013 as the year where France reported the highest fraud losses in the entire Eurozone for payment cards [2]. Fraud losses in France were at 7 BP compared to a European average of 3.9 BP.

France again acted decisively. The country deployed IBM Safer Payments with the national payment switch to score the fraud risk for every authorization request in real-time. This score is passed to banks, issuers, and acquirers that combine the risk score with customer information to form a final decision on declining fraudulent transactions.

Safer Payments went live in 2014 and has reversed the fraud trend again for all transaction types [4]. In 2018, we saved USD 115 million in net fraud losses, something of which we are very proud.

Fraud prevention on a national scale

In France, most card payment authorization requests are routed by a national switch operated by STET, a company mandated by the Cartes Bancaires consortium. Cartes Bancaires is owned by eight major banks of France, serving 128 members in total. The switch routes authorization requests from credit and debit cards, cross border, domestic, and on-us, and protects both the issuing and the acquiring side of a payment transaction.

The STET operated national switch is in a unique situation to prevent fraud because it sees transactions on a national level—unlike an individual issuer or acquirer that only sees their own transactions. A national switch thus can detect many types of fraud attacks faster and better than any individual fraud prevention system. The national switch only gets authorization requests (and the issuer’s or acquirer’s final response). The national switch does not have any customer data, or any data from other payment channels—it does not even know if a debit and a credit card in its portfolio belong to the same cardholder.

Accordingly, Safer Payments in this central installation has to work with just the available data. Safer Payments compensates for this by creating deep behavioral profiles for a total of 255 million cards and 2.1 million merchants that allows it to securely detect the more sophisticated types of fraud patterns often committed by organized crime. The annual volume processed is 6.7 billion card transactions. We operate Safer Payments so it can process up to 1,200 transactions per second. Safer Payments computes the risk score for each request in less than 10 milliseconds.

Being a central part of the nation’s payment infrastructure implies that we operate 24/7 and design for 99.999% uptime. Our switching infrastructure is thus distributed in various data centers around the country. Safer Payment’s “cluster” architecture perfectly complements this. We can have individual Safer Payments instances in each data center that automatically replicate each other. Thus full operation commences even when we have to take single instances of Safer Payments down for maintenance.

Data science, machine learning and artificial intelligence

In the past, we mostly combined data science models for customer behavior profiling with expert created fraud scoring rules. Rule creation requires human intelligence. Our team of experts analyzes the data flow from the billions of transactions we process to learn the fraudsters’ methods and how fraud enters the system. They use this knowledge to create rules within Safer Payments that can pinpoint fraud as it happens. We believe that this combination is the key to our very low false positive rates.

Presently, STET and IBM are exploring the application of machine learning models to the actual scoring part of our card fraud detection operations. We believe that this technology will further increase effectiveness by augmenting the capabilities of our human experts.

Using the machine learning and artificial intelligence capabilities in Safer Payments and externally- added modules, we expect to glean insights from transaction data that will help our team devise fraud-detection rules even more quickly and accurately. Time saved in identifying emerging threats can greatly reduce the banks’ losses, and more accurate rules should lessen false positives.

Protecting real-time payments

As an added benefit, AI’s additional power can increase our ability to enter new markets and offer services for newer transaction types, including instant payments and Single Euro Payments Area (SEPA) payments. Perhaps most important, AI can empower STET to achieve our ultimate goal of reducing payment fraud in France, Belgium, and across the European Union.

Watch Rodolphe Meyer of STET discuss fraud prevention in payment transactions:

 

Author

Rodolphe Meyer

Rodolphe Meyer

STET

Footnotes

[1] https://en.wikipedia.org/wiki/Carte_Bleue

[2] Fourth Report on Card Fraud, European Central Bank, Official Publication, Chart 10, page 20.

[3] Fourth Report on Card Fraud, European Central Bank, Official Publication, Chart 12, page 22.

[4] OSCP (Observatoire de la Security des Moyens de Paiement), Statistical Institute of the French National Bank, Press Release of 7/5/2016.

Cost of a Data Breach Report 2024

Data breach costs have hit a new high. Get essential insights to help your security and IT teams better manage risk and limit potential losses.

Resources

Cybersecurity in the era of generative AI

Learn how to navigate the challenges and tap into the resilience of generative AI in cybersecurity.
IBM® X-Force® Cloud Threat Landscape Report 2024

Understand the latest threats and strengthen your cloud defenses with the IBM X-Force Cloud Threat Landscape Report.
What is data security?

Find out how data security helps protect digital information from unauthorized access, corruption or theft throughout its entire lifecycle.
What is a cyberattack?

A cyberattack is an intentional effort to steal, expose, alter, disable or destroy data, applications or other assets through unauthorized access.
Related solutions

Related solutions

Enterprise security solutions

Transform your security program with solutions from the largest enterprise security provider.

 Explore cybersecurity solutions
Cybersecurity services

Transform your business and manage risk with cybersecurity consulting, cloud and managed security services.

     Explore cybersecurity services
    Artificial intelligence (AI) cybersecurity

    Improve the speed, accuracy and productivity of security teams with AI-powered cybersecurity solutions.

     Explore AI cybersecurity
    Take the next step

    Whether you need data security, endpoint management or identity and access management (IAM) solutions, our experts are ready to work with you to achieve a strong security posture. Transform your business and manage risk with a global industry leader in cybersecurity consulting, cloud and managed security services.

     Explore cybersecurity solutions Discover cybersecurity services
    Overview Annual report Corporate social responsibility Inclusion@IBM Financing Investor Newsroom Security, privacy & trust Senior leadership Careers with IBM Website Blog Publications Automotive Banking Consumer Good Energy Government Healthcare Insurance Life Sciences Manufacturing Retail Telecommunications Travel Our strategic partners Find a partner Become a partner - Partner Plus Partner Plus log in IBM TechXChange Community LinkedIn X Instagram YouTube Subscription Center Participate in user experience research Podcasts United States — English Contact IBM Privacy Terms of use Accessibility