Payment fraud attempts increased 73% in 2019, a clear indication that the many new ways to pay are also creating multiple avenues for cybercriminals to steal.

Worse still, the criminals are going for the big kill. Rather than target smaller purchases, they are looking for larger scores, with fraudulent order values now 3x the size of the average legitimate order value.

Identity Trust to the Rescue

Identity trust – the ability to establish a level of trust for every identity behind a payment – offers a way out of this imminent threat.

At its most basic, identity trust involves assigning a level of trust to each event in the payment process. Whether it’s the account behind the payment, the account creation process, or the login event itself, each of these occurrences have identities behind them. Identity trust attempts to determine whether those identities can be trusted.

Trust levels can range from very high to very low. If the trust level is very high, the transaction is passed as safe. Merchants and merchant services companies can, therefore, confidently process the purchase. However, where the trust level is very low, both the merchant and payment processor are warned to proceed with caution as the event is almost guaranteed to be fraudulent.

The Layered Approach to Identity Trust

Merchants are especially encouraged to adopt a multi-layered approach when implementing an identity trust strategy.

One approach that works exceptionally well is the ATO solution, where enterprises fulfill their cybersecurity needs in three steps – protection, policy, and presentation (reporting).

  1. Protection: In this first step, merchants use solutions that track and flag user behavior, devices, and network anomalies. Suspicious activities such as bots, credential stuffing, and brute-force attacks are all instantly flagged.
  2. Policy and customization: This step involves identifying and segmenting users based on common characteristics. Users can be classed based on device types, geographic location, past transactions, and IP risk.
  3. Presentation and Reporting: Here, login trend data, including but not limited to IP information, is captured and analyzed. Risky IPs, compromised accounts, and failed login attempts are instantly flagged and reported.

Author Bio: Payment industry guru Taylor Cole is a passionate payments expert who understands the complex world of merchant accounts. He also writes non-fiction, on subjects ranging from personal finance to stocks to cryptopay. He enjoys eating pie on his backyard porch, as should all right-thinking people.