With the sudden strike of the pandemic and stay-at-home orders, hackers saw a great opportunity to grow their criminal careers. This resulted in an escalation of cyberattacks, including fraud attempts.
When it comes to enterprises and fraud, it is impossible to ensure that one will not fall for the trap. While sometimes fraudulent messages can be easily distinguished, professional cyber criminals can be very convincing. If someone gets deceived, it can potentially lead the business to major money loss.
That is why organizations should be aware of such risks and reduce vulnerabilities with various cybersecurity measures such as fraud prevention tools.
To discuss the phenomenon of fraud and the necessity of prevention services for companies, we had a talk with Ziv Cohen, the CEO of Paygilant, a business that aims to ensure early fraud prevention.
Tell us more about the story behind Paygilant. Which company achievement are you most proud of?
Paygilant was founded to help fintechs bridge the gap between a frictionless user experience and effective fraud prevention. The Paygilant team has been designing and developing anti-fraud products for banks for more than 18 years and envisioned that fintechs (Challenger/Neo banks, eWallets, etc.) will have different requirements which the legacy anti-fraud solutions simply cannot fulfill. Paygilant is designed from scratch to address tech and every aspect of those needs. I’m proud of many achievements – building a robust and solid product that brings tremendous value to our customers, having the best team which makes this magic happen every day, and winning the trust of our customers which is never taken for granted.
You specialize in something called frictionless fraud prevention. Can you tell us a little bit about what this field entails?
Existing anti-fraud solutions were developed years back to combat traditional channel attacks, such as web and physical cards. Hence, their effectiveness against new age attacks in today’s cashless landscape is significantly low, enabling fraud to fly under their radar. In addition, those solutions are intrusive and carry high friction since they require constant validation (SMS, OTP, Pincodes, passwords, etc.) from the user to compensate for their lack of accuracy.
Utilizing our deep knowledge of the fraud landscape, Paygilant has designed a platform that comprises six proprietary intelligence sets, working holistically in real time to prevent fraud on its tracks. The solution is quickly and effortlessly integrated with the application to ease the deployment pain and shorten the time to value. It is designed to accurately detect possible fraud attacks from day one before the transaction occurs and reduce the friction to a bare minimum. Paygilant’s solution is a fully-managed service engineered with end-to-end security and privacy, which is made to meet the highest standards of the banks and regulators.
How do you balance security and the user experience when it comes to detecting fraud?
This is one of the biggest challenges banking and payment platforms face. With the rise of digital fraud, these organizations put security measures in the form of extra steps that interrupt the user experience, such as OTP SMS, constant data validation, fingerprint, facial biometrics, and so on. We knew this to be a crucial factor for their business, which is why Paygilant’s solution was designed with the user’s journey in mind. It was made to protect customers from login to logout, analyzing any activity they perform, to achieve a truly frictionless and safe experience. Paygilant’s 6 Intelligence Sets combine all the elements of the user, device, and transaction to reach an unparalleled accurate risk score which enables the customers to act accordingly. Since only high-risk transactions are denied, legitimate customers can freely transact and pay without being blocked or disrobed.
Did the pandemic present any new challenges in your industry? Have you implemented any new features as a result of the recent global events?
The pandemic has brought a big push into digital channels, particularly mobile transactions as health regulations have impeded people to go out and use cash or physical cards. This has been a very quick shift that has meant a much higher transaction volume. Unfortunately, this opened new opportunities for fraudsters to operate. The fact that you have so many people now using challenger/Neo banking and eWallets to pay online and transfer money attracts fraudsters and cyber attackers to gain financial value or information. We are always strengthening our methods, but Paygilant was designed and engineered from the very beginning to combat such cases and volumes.
You often state that behavioral biometrics authentication is not always sufficient. Would you like to share more about the ins and outs of this security measure?
Physical biometrics, such as fingerprint and face recognition, can be very convenient for the legitimate user, making their experience quick and friendly. However, in these cases, the app will always give you the option to log in with a username and a password, rendering this authentication method useless in the hands of a fraudster.
Behavioral biometrics, such as swipe velocities and finger pressure, can give great insights, helping create a unique user profile, but are insufficient on their own. If the user is moving fast and their palms are sweaty, or they have a cut on a fingertip, all these factors can occasionally cause a slight mismatch and therefore, it’s unwise to solely rely on this as a security measure. Behavioral Biometrics is an integral part of Paygilant’s solution, but it works holistically with 5 other intelligence sets delivering a complete view of the user and the device without solely relying on one parameter.
What fraud methods do you think are the most prominent nowadays?
New account fraud and account takeovers are amongst the most prominent ones. As opposed to an incumbent bank that utilizes its historical and existing profile information of its customers’ behavior to predict fraud, Neo/Challenger banks and fintech are new channels. For example, when a new user downloads the Neo bank’s app and opens a new account digitally, no history or profile exists. Yet, the bank needs to decide if the user is a legit customer or a fraudster. In addition, social engineering is still a very effective way to gain stolen credentials and identities for committing account takeover. It is much easier for fraudsters to conceal their operation by using mobile phones or running apps from emulators. We do handle other fraud cases, such as cross banking fraud, transaction fraud using stolen cards, and more.
Would you like to share some of the best practices companies should adopt to prevent fraud and other cyber threats?
Companies should continuously map their risks and apply security and anti-fraud control accordingly. Especially fintech, digital banks, eWallets, and alike, which are more susceptible to fraud and could pay a higher price in case of an incident. Companies should implement advanced anti-fraud solutions in addition to their authentication methods to reduce the risk without compromising their users’ experience.
Talking about individual users, what security measures do you think everyone should invest in?
First and foremost, never share your passwords and make sure that any message you receive comes from a legitimate source. You can always ask your bank or payment service if the email you received or the person who called you is authentic. Social engineering is one of the most common types of attacks, so never be scared of questioning the source.
And finally, what’s next for Paygilant?
Paygilant is growing by gaining the trust of more fintechs globally. We keep innovating and enhancing our products to ensure the highest level of service provided to the customers, and looking to help more companies and protect them against the ever-growing threats that are knocking on their doors.