In a recent interview with SafetyDetectives, Mark Michelon, President of Accertify, brings to light his extensive experience in combating Card Not Present Fraud and leading global risk strategy efforts. Having started his journey in fraud prevention at Orbitz.com, Michelon has spent over two decades safeguarding major brands from the evolving cyber threats that challenge online security today. The conversation delves into Accertify’s pivotal role in fraud prevention, chargeback management, and the continuous battle against the sophisticated tactics of modern cybercriminals, offering a glimpse into the strategic approaches and innovative solutions at the forefront of protecting digital transactions.
Can you please introduce yourself and share a bit about your background and role at Accertify?
My name is Mark Michelon, and I’m the President of Accertify. I spent the last 20 years leading Card Not Present Fraud Prevention teams across the globe; protecting the world’s largest brands from cyberthreats.
I started my fraud career at Orbitz.com where I led the global risk strategy and managed all payment and chargeback processing for Orbitz.
Could you provide an overview of Accertify and its core areas of expertise in the fraud prevention and chargeback management industry?
Accertify provides fraud prevention, chargeback management, account protection, refund and returns abuse protection, Strong Customer Authentication (PSD2) and payment gateway solutions to customers spanning ecommerce, financial services, and other diverse industries worldwide. Accertify’s layered risk platform, machine-learning backbone, and rich reputational community data enables clients to address risk pain-points across the entire customer journey – from account creation to authentication, activity monitoring, payment, and disputes.
Accertify’s Fraud Platform is a software-as-a-service offering that allows clients to adapt their fraud-screening strategy in real-time. It utilizes machine learning models, configurable fraud and policy rules, and robust reputational community data. The platform performs real-time risk assessments, and it offers a wide variety of pre-integrated connections to third party data providers.
Accertify Chargeback Management solution helps many of the largest global merchants manage millions of disputes annually and has been protecting merchants since 2011. Accertify’s Chargeback Management solution incorporates full or partial automation into the process of responding to chargebacks . It offers a software-as-a-service platform that clients can manage themselves or they can outsource the end-to-end management of chargebacks using Accertify’s Strategic Risk Services (outsourced) offering.
From your perspective, what are the most significant challenges that businesses face in terms of fraud prevention today?
The idea of the traditional “cybercriminal” is changing. While traditional payment fraud prevention is still a focus for many businesses, the rise of first party mis-use or “friendly fraud” is having a major impact on many online businesses. We see this type of fraud across many industries. For example, in the retail space, first-party fraud is making it more difficult for businesses to avoid growing returns and refunds abuse schemes. Many returns are legitimate, but when done excessively, the costs add up. There are also customers who knowingly perform malicious returns and profit from back-office processing problems or policy loopholes. The abusive behaviors can range from:
- Returning an item after it has been used / worn
- Returning a different item than originally purchased (often of lesser value)
- Claiming an item wasn’t received
- Manipulating shipping labels to appear like an item has been shipped back when, in fact, it has not.
These behaviors are done to manipulate and exploit return policies.
To address these growing problems, retailers need a solution to help prevent abuse without impacting the experience for good customers.
With the rise of mobile transactions, how is Accertify adapting its solutions to address the unique challenges associated with mobile fraud?
Accertify’s Device Intelligence platform helps clients verify identity, assess, and mitigate risk in real time, and optimize the customer experience across any device, especially mobile devices.
A Software Development Kit (SDK) can be incorporated into mobile applications to access detailed mobile device information. More than a hundred device attributes and operating system attributes can be collected and analyzed to produce a persistent device identifier that is resilient to tampering, application uninstall/reinstall, and OS upgrade. Core features include:
- Malware and crimeware detection: analyses connected devices to detect known malicious applications and criminal tools, such as location spoofing and IP address proxy apps. Malware files are dynamically updated without client interaction.
- Rooted/Jailbroken detection: protects against increasing—and increasingly complex—rooting methods used by fraudsters, such as cloaked Root, through Advanced Root and Jailbreak Detection.
- Trusted Path: security architecture prevents interceptions by providing a complete secure path to transport sensitive information, encrypted end-to-end, signed, and digitally protected against replay attacks and uses Trusted Path to securely communicate sensitive messages.
- Secure messaging: secure means of delivering contextual Two-Factor Authentication (2FA) messages to a registered device through the SDK and secure Trusted Path that cannot be read by any other device, intercepted, or replayed. This can be a stand-alone offering.
- JavaScript collectors can be incorporated into any relevant web page to access detailed browser session information. Hundreds of attributes can be collected and analyzed to produce a persistent device identifier and identify potentially fraudulent behavior.
- Our browser fingerprint “recipe” determines how well devices are differentiated from each other, allowing any client to seamlessly authenticate users with less friction by minimizing collision rates and maximizing fingerprint longevity.
- User Behavior Analytics (UBA): Accertify offers clients the ability to track the behavior of their customers’ web traffic using their UBA solution. By analyzing behavioral signals from users as they interact with client’s websites, UBA can help distinguish good users from fraudsters and detect suspicious activity from humans or bots. The solution provides risk ratings and includes visual representations of a user’s journey through a website, including measurements of page duration, mouse movement, keystroke dynamics, and pasting or auto-filling data into forms.
- Link Search Capabilities: Accertify’s enhanced link search functionality gives the client the ability to search for historic linkages that can clarify whether an event is out of pattern, or is evidence of a loyal, repeat customer. The capability is flexible in what values can be displayed and searched and offers power users the ability to perform batch exports, execute data pivots, and bulk resolution capabilities.
In your view, what are the critical components of an effective chargeback management system?
It is critical for any effective chargeback management system to help in 4 key areas:
- AVOID: Dispute deflection, real-time responses and chargeback alerts (and more) help you stop chargebacks before they occur.
- ADAPT: With network policies and regulations changing twice a year, fraud attacks constantly morphing, and supply chains impacting fulfillment it is imperative to have an agile platform that can quickly adapt as needed.
- ASSEMBLE: With integrations to processors across the globe and a library of pre-built dispute templates, we can help automate the response process and significantly reduce the manual effort required.
- ANALYZE: Chargebacks can be a symptom of a larger problem, and by looking at trends you are experiencing you can see if there are operational processes that are impacting your chargebacks.
What future developments or advancements in technology do you foresee having the most significant impact on the fraud prevention and chargeback management industry?
We’re keeping a lookout for the following fraud threats in 2024:
- Sophisticated social engineering attacks could increase with help from generative AI, such as iPhone voice clone capabilities
- BOT traffic could be more widespread and sophisticated in 2024
- Passkeys could see increasing adoption outside of tech companies and grow to become expected by retail consumers.
- First party mis-use and claims could become even more difficult to prevent without impacting customer experience.
Merchants will need to automate more risk decisions, invest in sophisticated tools with powerful machine learning capabilities and industry-specific models to help drive down the total cost of fraud without impacting valid customers.