Merchants

Boost your sales – make instant payment processing decisions

Online and Omni-channel merchants can deploy NOTO at multiple customer interaction points, not only to screen payments, but also create sophisticated customer profiles that can be used for payment fraud audit and detection.

NOTO offers the capability to place multiple decision making calls throughout the payment transaction flow, allowing for highly accurate outcomes with a low level of false positives.

Using NOTO, fraud teams can tap into 3rd parties and use these only when necessary, creating an optimal cost solution. NOTO can aggregate and profile data across multiple channels, allowing for identification of both fraudsters and legitimate customers when they switch the payment channel.

Response time to new fraud patterns is crucial – with its historical and inline data simulation capabilities NOTO makes developing new fraud policies quick and easy.

Acquirers & PSP's

Scale your business

Acquiring banks and payment services providers operate at the next level of the payment ecosystem. The payment fraud challenges that these organizations face are different to the ones experienced by merchants. Data volumes are much larger and acquirers and payment processors service multiple channels, while often having access to more restricted data than online merchants.

 

NOTO offers an extremely scalable solution that can deal with billions of transactions and high velocity spikes in transaction numbers concurrently. For large organizations, on premise deployment is offered as a standard option.

Using NOTO, fraud teams can tap into 3rd parties and use these only when necessary, creating an optimal cost solution. NOTO can aggregate and profile data across multiple channels, allowing for identification of both fraudsters and legitimate customers when they switch the payment channel.

 

Response time to new fraud patterns is crucial – with its historical and inline data simulation capabilities NOTO makes developing new fraud policies quick and easy.

Along with payment fraud use cases, NOTO can support acquirers and payment processors with their merchant insolvency detection and credit risk strategy. Credit risk teams can develop and test multi-level merchant credit risk models and matrixes and at the same time, set merchant trading activity thresholds and monitor their fulfilment. As a result, merchant exposure can be tracked in real time.

Card Issuers

Profile & Protect

Card issuers are exposed to the same fraud and account vulnerability risks as every other player in the payments space - in each corner of that ecosystem, fraudsters can adopt their approach and exploit new techniques. Payment credentials are being stolen using various means such as phishing attacks, malicious software, card skimmers, massive data breaches, etc.

Card issuers, like acquirers, are unable to access all end-point centric intelligence gathered at the time of payment – device profiling, user navigation behaviour, social media feeds, etc. This poses a significant challenge to fraud prevention and early identification of compromised cards.

To accomplish this complicated task, card fraud managers must develop intricate behavioural profiles that are able to detect the smallest deviation from the normal consumer spending habits and determine if it should be flagged as fraudulent or not.  Developing such user profiles requires a platform with extensive data aggregation, storage and processing capabilities, one that can perform the screening of thousands of transactions per second.

 

NOTO offers an extensive toolset to card fraud managers and professionals within this space. Customer profiling is one of the standard features with NOTO. Profiling offers almost endless data aggregation and list management capabilities. Instant link analysis can identify indirect links between transactions in a millisecond, using multiple user defined criteria.

NOTO’s data agnostic rule engine and performant database allow for the deployment of any statistical model, which has already been developed by in house data scientists. Response time to new fraud patterns is crucial – with its historical and inline data simulation capabilities NOTO makes developing new fraud policies Quick & Easy.

NOTO also offers all fundamental fraud and risk management tools such as workflow management, global search, reporting, analytics, etc.

Fake Account Registration

Differentiate the good from the bad

For most online vendors, customer interaction begins with the setup of an end-user account. This stage receives scarce attention or is often completely neglected by Risk and Fraud for a multitude of reasons:

  • No financial transactions occur at this stage
  • The general perception is that there is no risk of financial loss
  • Cost of monitoring at this stage is often Too High
  • Various technology constraints, mostly originating from the heavily payment biased fraud & risk vendors


Monitoring Account Registrations
is at the front-line of every effective fraud prevention strategy. Good & Bad behaviour profiling begins from the moment of account creation and should not be limited to the financial activity of customers.

The first barrier to fraud, loyalty abuse and referral fraud should be placed at Account Registration. This way, the success rate of fraudsters will be further reduced.

There are multiple techniques to address fraudulent or suspicious account registrations:

  • Closure of suspected accounts
  • Manual review of a selected output of accounts
  • Adding accounts to monitoring lists
  • Reduction of subsequent transaction limits
  • Enforcement of phone number or email address validation, etc.

 

Specialized 3rd party services offering email validation and intelligence can be introduced at this front line of defence.

The key challenge with this use case is to achieve a High Detection Rate of fake accounts, while imposing as little friction as possible on genuine customers and prevent a decrease in customer acquisition.

All additional verification or challenge flows should have clear paths to self-resolution, such that genuine customers can complete them. Every customer lost at this stage is a costly hit to the organization’s top line, as their entire lifetime revenue contribution is lost.

Implementing NOTO at Account Registration level can deliver the much-needed flexibility to deal with the challenges posed at this phase. Ideally, NOTO should be implemented at some of the interim stages of account opening and right after the completion of registration. At the end of the account creation process, a decision can be made to collect different data from specialized 3rd parties – email or phone number intelligence, customer credit rating or KYC data. Usage of such services is usually related to certain expenses and needs to be closely managed.


Using NOTO
’s advanced decision making engine, any fraud organization can develop:

 

Customer account registration monitoring policies request

  • Use & Store 3rd party data
  • Develop & Test different monitoring strategies.

Accounts that appear suspicious but cannot be decisively attributed to good or bad behaviour can be placed in custom lists for further monitoring. Complex networks of accounts can be identified instantaneously using NOTO’s real time link analysis capabilities.

Account Takeover (ATO)

Protect Your Customers

Any organization that supports user accounts is subjected to the risk of Account Takeover. Verified and operational accounts are among the main targets of online criminals. Accounts are compromised for several reasons – theft of available financial or digital value balances, money laundering or future resale of account credentials.

 

Account Takeover techniques are manifold – phishing attacks, session hijacking, MIM attacks, brute force attacks, social engineering and many more. The weakest links in the chain are usually the user behaviour and the security measures implemented by online organizations.

 

Detecting and preventing ATO without destroying customer experience is a complex task that requires monitoring and collecting data from multiple customer interaction points throughout the customer journey. Very often organizations try to detect ATO by just monitoring at a single point – customer logins or transactions. This option is usually driven by the high cost associated with screening all stages of customer activity or the inability of mainstream fraud and risk solution to consume and process events like account updates, password changes, etc.

ATO techniques become more and more sophisticated – fraudsters are usually aware of the customer profile that they are about to attack, the IP address and Device profile are easy to temper and match, language, time zone, OS and browser mismatches are unlikely to exist at login. Therefore, detecting ATO solely at login becomes more and more difficult. Answers to secret questions are also a frequent target of Phishing attacks, hence reducing their efficiency at login.

 

After login, fraudsters usually try to take control over the account by updating contact details and passwords, so the victim is locked out of their account with no communication of subsequent financial operations.

Once the fraudsters are in possession of an account, it is time for any available funds to be stolen, loyalty points redeemed or a purchase to be placed. Screening only at this last stage of ATO is not enough to achieve high detection rate of ATOs.

Most of the risk policies and models place significant reliance on old and verified accounts and their extensive purchase history. Therefore, ATO prevention strategy based only on endpoint, financial transaction screening will not be entirely successful.

 

NOTO offers the capability to connect to multiple stages of the customer journey and consume and process the data from these points of interaction – customer login, account updates, password changes, adding or removing of payment instruments, placing orders, sending or receiving money, etc. For each of these events, Risk and Fraud managers can create unique decision making policies, allowing them to intercept ATO when there is enough data for highly accurate decisions.

 

Let’s have a look at how an ATO develops and how it can be successfully identified and intercepted using NOTO:

 

A login attempted on a customer account:

  • IP address almost perfectly matching the location of all previous IP addresses used
  • Device profile is almost the same as the historically observed ones
  • Just the browser version is new, but is this enough to act – Not really…

 

The next step is adding a new email address to the customer profile:

  • Email address is clean and it is not associated with any previous activity
  • Again, not enough intel to act…

 

Next, the fraudster initiates a payment:

  • To an account that has never been a recipient in the user’s transaction history
  • The transfer is for the entire account balance, this again, is completely deviating from the norm.

 

What do we know so far?

  • IP has not been seen before
  • Email address was just added
  • The entire account balance is about to be sent to a new recipient…

 

It's time to take action!

 

Implementing monitoring in multiple points throughout the customer journey not only allows for high precision when detecting ATO, but also makes it more difficult for fraudsters to figure out your risk and fraud set up.

Loyalty Abuse

Stop promo & coupon abusers

Loyalty Abuse can be just as costly as Payment Fraud or Account Takeover, if left unattended. Very often the risks originating from running different customer loyalty programs are neglected, leaving an exposed weakness in the organization’s fraud and risk management set up. Losses from loyalty abuse are usually not so visible and can remain undetected for long periods of time, until proper reconciliation is conducted.

The reasons why loyalty abuse usually does not make the top of the task list of the fraud managers are related to a lack of proper technology and wrong perception of the level of risk, as well as the level of cost to the business. The fraud and risk vendors that are already in use are frequently incapable of dealing with the challenge of adding a new dimension of monitoring of non-financial events or the cost these vendors require is unjustifiably high.

Most loyalty programs pivot against the customer’s commercial activity, offering different privileges upon achievement of certain usage targets. A successful loyalty abuse prevention program requires the ability to exercise end-to-end monitoring of all customer activity related to the offered loyalty programs – from awarding of loyalty points and bonuses, through their accumulation and final redemption. To increase the accuracy of the loyalty program monitoring, it has to be in conjunction with the customer’s commercial and account activity.

 

NOTO offers real time solution for Loyalty Abuse, which can replace the typically involved heavy and cumbersome manual processes attempting to deal with this challenge.

 NOTO Loyalty Abuse monitoring and prevention can be exercised in parallel with Payment and Account Fraud operations. The loyalty abuse policies and customer profiling can leverage the data already used in other fraud prevention activities, while also receiving and processing use case specific data. Instant link analysis, policy testing on live and historical data streams and workflow management remain at the disposal of the loyalty abuse needs. All this can be done at no extra cost, really maximizing the ROI of the fraud prevention activities already conducted in other verticals of the organization.

Merchant Risk

Keep your commerce stream clean

Our toolset allows you to monitor the behaviour of risky Merchant activities beyond the traditional and tools. Using our flexible decision making and monitoring tools these instances can be easily flagged and handled.

Compliance

Maintain regulatory compliance

NOTO caters successfully to the needs of Compliance departments offering them to create their own space with specific:

  • PEP & Sanctions List checks
  • KYC Streamlining
  • AML policies and rules
  • Workflows and case management
  • Test environments and user groups