Throughout the payments industry, the recent rise in fraud attacks consistently shows a leading culprit: bad bots and attacks at the Bank Identification Number (BIN) level.
Bad bot traffic accounts for an estimated 30% of all internet traffic, according to Imperva's 2023 Bad Bot Report. Malicious programs are also the underlying cause of most cyberattacks and other cyber-fraud events.
These automated attacks ramp up losses quickly, as fraudsters use bots to ping e-commerce virtual terminals repeatedly in a swift burst of activity. According to Russell Brown, Senior Manager, Fraud Operations and Strategy at PULSE, “A typical bot attack often can make 4,000-6,000 transaction attempts in a period of just 20 minutes.”
To protect against these automated attacks and mitigate risk, many issuers are using innovative methods in today’s constantly evolving landscape. The latest cutting-edge technologies can swiftly analyze data and discover new trends and developments in the scope of these threats. The goal of the new methods: early detection of potentially fraudulent incidents.
At PULSE®, the fight against these automated attacks has been front and center. “PULSE’s fraud team is constantly analyzing data to identify shifts in old patterns, or the emergence of new patterns,” said Brown. “This kind of approach is essential for mitigating the most significant emerging fraud threats and vulnerabilities.”
Anomaly detection technology adapts to new threats
Traditional card fraud detection systems, such as those that rely on CVV2 validation or address verification data, work at the card level to identify a large amount of activity on a single card in a short period of time. But activity on a single card may not reveal an entire fraud pattern associated with bot or BIN attacks.
Advanced detection systems can identify the fraud patterns and trends associated with these attacks. Forward-thinking financial institutions are turning to new technologies that incorporate these advanced approaches to combat and mitigate evolving and emerging threats.
PULSE network participants have access to DebitProtect®, a service that detects possible fraudulent transactions in real time or near-real time.
“PULSE’s fraud team is constantly analyzing data to identify shifts in old patterns, or the emergence of new patterns.”
Russell Brown, Senior Manager, Fraud Operations and Strategy at PULSE
The DebitProtect® platform provides three levels of service, depending on the needs of an issuer.
- The basic service is a case creation and alerting service. When an anomaly is detected, DebitProtect® automatically creates a case and sends an email alert to the issuer. The issuer can log into the system and review the risk activity.
- A second tier, known as DebitProtect® PINless Fraud Blocking, includes a process that searches every 15 minutes for BIN or bot attack activity on the network. When an attack is suspected, the system automatically detects the anomalous pattern and identifies the BIN or BINs affected. In the case of a merchant bot attack, the system can automatically block the merchant ID for the next 24 hours, which typically ends further attempts.
- The premium-level service, DebitProtect® Authorization Blocking, comes with a set of unlimited custom strategies designed to block fraud at the point of sale. There is no charge for enrollment or consultation, but participants incur per-transaction fees. Participating issuers have a one-to-one relationship with a PULSE fraud analyst. The analyst gains a detailed understanding of the issuer's data, learns what their card portfolio’s patterns look like and works directly with the issuer to design detection and authorization rules tailored for their institution.
Detection and blocking are the ultimate goals
With more than 43% of bad bot attacks globally occurring in the U.S., by far the highest of any country, according to the Imperva 2023 Bad Bot Report, having the safeguards in place is key to reducing risk.
Early detection and blocking can be effective at preventing and mitigating bot and BIN attacks, even at a large scale. A BIN attack can involve thousands of accounts, but if the event can be detected and shut down quickly, the fraud losses are minimal.
“From a fraud-prevention standpoint, it's always our preference to protect our issuers by declining the fraud before it turns into a settled transaction,” Brown said.
PULSE’s fraud operations team is responsive to emerging threats by staying apprised of new tactics and developments, which inform future enhancements to the system. “We are constantly analyzing historical data to identify new and changing fraud patterns and then proactively implementing strategies to protect our customers,” Brown explained.