Going overseas with no questions - Q&A on BifuPAY risk control product [Part 2]

Middle article: What should I do if I encounter international card fraud and rejection?

Q6: Can the fraud problem be completely solved? How can I avoid this risk?

Ant International PAY: the risk of international card fraud is still difficult to completely eliminate. therefore, the goal should not be to eliminate risks, but to manage risks, spend every penny of prevention and control costs on the cutting edge, and maximize profits within a controllable risk level. This is the best policy.

For merchants with low risk tolerance, overly strict risk control often sacrifices customer experience and order conversion rate, and business benefits fail to reach the best.

For merchants with high risk tolerance, if a very loose risk strategy is formulated, while the payment success rate and order conversion rate increase, rejections and capital losses will also increase. In the long run, high rejection rates and high capital losses will make the card issuer's control more stringent, which will lead to a decrease in order conversion rate, so long-term business benefits will also be affected.

Therefore, the way for overseas merchants to maximize their profits is to "find the best balance between risk and business benefits." That is, to find the best balance between payment success rate and fraud rejection rate.

image.png

Q7: What are the payment success rate and fraud rejection rate?

Ant Guobi Pay PAY: Both the payment success rate and fraud rejection rate are very important indicators.

The completion of an order requires the buyer to attract new customers, the buyer to browse products, the buyer to place orders, and the order payment to be completed. There is a certain loss of buyers in each link, especially in the final order payment link. If the payment "success rate" is high, that is, the "completion degree" is high, then generally the number of stolen card fraud transactions will increase accordingly, resulting in an increase in the "rejection rate" of legitimate cardholders. From the results, the entire transaction will fail and the merchant will suffer.

Therefore, for merchants, in order to increase their profits, they should try their best to intercept suspicious transactions and reduce the rejection rate while increasing the payment success rate. This is what we call "finding the best balance between risk and business benefits."

Q8: How can we find the best balance between this risk and business benefits?

Ant Guobi Pay PAY: The best risk prevention and control is, of course, to "look closely" at each transaction, and implement targeted risk control management measures based on the comprehensive information of each transaction, such as buyer information, transaction behavior, order amount, transaction location, and transaction equipment.

For example, the global risk control system of Ant International's PAY Antong Global (hereinafter referred to as PAY) conducts risk management from all regions, all scenarios, and all links through the combination of online system + offline system risk control scenarios. That is, through risk identification in transactions and further analysis and monitoring after transactions, comprehensive and full-scenario risk management is carried out to remove bad transactions, reduce the rates of fraud and rejection, and bring the transaction success rate to a balance point.

In transactions, online risk control can minimize the risk of merchants. During a transaction payment, PAY risk control will judge the transaction card number, IP, device and other information (such as whether the IP address is inconsistent, whether a large number of transactions have been generated in a short period of time, and other suspicious behaviors) and then use these data points. The algorithm will instantly assess the risk level. High-risk transactions will be marked as "high risk, rejected" by the system, that is, a reject judgment will be given, and risky transactions will be blocked immediately, effectively protecting merchants from losses. If the algorithm is monitored and determines that the risk of the transaction is relatively low, an "accept" judgment result will be given to ensure transaction efficiency. For transactions with unknown risks, dynamic 3D is introduced as an additional security layer to further ensure the authenticity of the cardholder's identity.

This "real-time transaction risk scanning" CoinPay risk control system has built-in complex decision-making algorithms that can make quick judgments based on the collected information. Through self-developed behavioral characterization series algorithms based on risk control event sequences, such as NHFM, DIFM and other self-developed algorithms published at multiple high-level artificial intelligence academic conferences such as WWW, AAAI, SIGIR, etc., consumers' shopping habits are fully understood, historical behaviors are compared to identify possible fraudulent behaviors, and merchants are helped to identify which are real consumers before payment.

The offline system, also known as the "offline risk perception system", refers to a series of background analysis and monitoring activities after the transaction is completed to further ensure the security of the transaction. For example, the system will conduct in-depth analysis of transaction time, amount, frequency, etc., compare it with previous user behavior, and identify potential fraud.

In addition, the Bifu PAY risk control service has established a merchant feedback loop mechanism to collect merchant feedback on completed transactions, especially those that were later marked as problematic or fraudulent. These feedbacks will be incorporated into the continuous optimization of the risk model to improve the accuracy of future judgments. Secondly, based on the results of offline analysis and market dynamics, the Bifu PAY risk control service will adjust its risk control regularly or as needed. The combination of online and offline is the "complete risk attack and defense system" provided by Ant for merchants.

Bifu PAY's risk control service covers 200+ countries/regions, accumulates global gang behavior characteristics, and accumulates hundreds of millions of data samples. From 100+ dimensions such as payment environment, common equipment, address aggregation, etc., it has precipitated thousands of risk characteristics, applied in different industry scenarios, and continues to evolve. 100% real-time risk scanning for each payment, 100% intelligent risk control decision-making, system stability reaches 99.99% system availability, millisecond-level risk processing and response time.

Thanks to a number of innovative technologies such as risk pre-consultation and user behavior prediction, the average consultation time for Bifu PAY risk control service is less than 400ms, which is lower than the industry's 500-700ms risk control time, ensuring smoother payment.

Q9: As an overseas merchant, what methods can verify the authenticity of the customer's identity?

Ant International Bifu PAY: In the process of verifying overseas transactions, common verification methods include credit card number, expiration date, CVV2 (the three-digit verification code on the back of the credit card); in addition, dynamic 3DS decision is also an important security verification method.

3DS, or 3-Domain Secure, 3-Domain includes the issuer, scheme, and acquirer. It is an identity authentication protocol for online transaction scenarios launched by the issuer and the scheme for cardholders to identify and verify the cardholder's cardless transactions. After verifying the cardholder's identity information, the issuer decides whether to authorize the transaction through risk assessment. This payment verification protocol helps reduce the risk of cardless transactions, prevent fraud, and improve the security of online transactions.

After using 3DS authentication, users need to perform additional identity verification before authorizing the transaction to confirm that the transaction is initiated by the legitimate account owner. If there are any risks and responsibilities in the transaction after the merchant initiates 3DS, the risk will be borne by the issuing bank. For example, if the shopper denies that they made or authorized the purchase (the card is lost or stolen), the responsibility for fraudulent chargeback will be transferred from the merchant to the issuing institution, that is, the refund caused by fraud will no longer be borne by the merchant, which also means that 3DS brings a higher pass rate and more accurate fraud risk assessment.

Q10: 3DS is so effective, so why not use 3DS authentication for all transactions?

Ant International PAY: Although 3DS can help merchants reduce risks and transfer responsibilities, if all orders use 3DS, it will bring merchants problems of increased costs and low order conversion rates. Because, first of all, using 3DS authentication for all orders means that the cost of buying this service for merchants will increase. Secondly, 3DS authentication will allow consumers to verify their identities with the issuing bank during the payment process. That is, 3DS requires customers to jump to a verification page on their bank's website, where they enter their card password or send a verification code from their mobile phone. Consumers cannot have a completely smooth shopping experience in this process. During the jump, consumers may abandon their purchases, lose orders, and reduce conversion rates.

Therefore, for merchants, it is necessary to accurately decide "when to use 3DS" in order to find the best balance between risk prevention and control and maximize profits.

As mentioned earlier, the risk control service of Bifu PAY evaluates the risk of transactions through real-time scanning and comprehensive judgment. In addition to the judgment results of "accept\reject", if the algorithm analysis finds that the transaction is relatively low-risk, then an "accept" judgment will be given to help merchants complete the transaction. For transaction scenarios with unclear risks, Bifu PAY risk control will introduce dynamic 3D. Bifu PAY's neural network model, multimodal model, and risk control AI large model decision engine based on Qianwen and LLAMA underlying large model base will determine that the transaction is medium-risk after analyzing multiple information, then it will tell the merchant whether the transaction needs to be verified by 3DS, thereby converting some relatively suspicious transactions to 3DS verification, reducing the "misjudgment" of orders, while mitigating the risk of card theft and improving the payment success rate.

That is, the risk control service of Bifu PAY can more accurately decide which payments are allowed, which payments need to be intercepted, and which payments need further verification, helping merchants identify real consumers and eliminate fraud. This 3DS application is more flexible and is not the "one size fits all" model commonly seen in the market. After a customer accessed the risk control service of Bifu PAY, the total transaction amount increased significantly by 74%, the card theft rate decreased by 57% after one year of access, and the risk control interruption rate decreased by 59%.

Q11: How can 3DS further play a role in high-risk areas?

Ant International Bifu PAY: Leading risk control technology will deploy targeted strategies for identification and attack and defense in high-risk areas. In simple terms, it is "one country, one policy". This is not only an objective need of the market, but also related to the application rules of 3DS in different regions.

For example, the risk control service of Bifu PAY follows this model. For example, in the Brazilian market, 3DS verification is very weak, so in this region, Bifu PAY's risk control mechanism will first intercept high-risk accounts, and then assist in using 3DS to implement risk control strategies;

In the United States, the card group has strict supervision on merchants. For example, if the 3DS fraud rate reaches a certain level, merchants will face high fines and other penalties. Therefore, Bifu PAY's risk model will be more cautious in using 3DS; in Europe, due to the existence of PSD2-SCA, Bifu PAY's risk control service will additionally consider relevant regulatory requirements when building a risk control strategy model.

Note: PSD2 is a European regulation, the full name of which is the Second Payment Services Directive Amendment Act, which aims to make payments safer and more secure through SCA. The Chinese name of SCA is "Strong Customer Authentication", which means that when European shoppers use online payments, they need to meet two identity authentications at the same time in the three items of "information known by the customer (password/PIN code, etc.)", "device owned by the customer (mobile phone/tablet, etc.)", and "customer's biometrics (fingerprint, etc.)".