I was recently involved in a small consulting project for a European payment institution. They wanted to get an external perspective on their anti-fraud mechanisms.

First meeting: Very nice, pleasant, we quickly hit it off.

Second meeting: We got along so well that we decided to try working together.

Third meeting: The project kick-off, where I started asking the first serious questions.

Imagine my surprise when I found out that they had…

well, NOTHING.

I mean, they had something because they had integrated an external (quite decent, actually) anti-fraud solution provider that assessed each transaction based on their own criteria and gave a total transaction score (on a scale from 1 to 100).

And since the institution I was advising was focused on processing as many transactions as possible (a startup that wanted to build a customer-friendly image), they only rejected transactions that were really suspicious.

But they had nothing beyond that. No internal solutions, no algorithms they had developed, no utilization of the knowledge they already had.

After the kick-off meeting, I knew exactly what I would say at the earliest opportunity.

And I did.

“Don’t write up a huge project that will take months. Don’t go researching endlessly, don’t create fancy procedures, don’t look for huge tools. Let’s take a few of the simplest, most obvious mechanisms that you can quickly implement, and start working on them in the most convenient agile methodology. One by one. Step by step. Every additional security will bring you closer to the goal, every small mechanism implemented will protect you more. Every tiny step towards the simplest solution is better than what you have today. And every day of delay, maintaining the current state, is a day that brings you closer to a disastrous outcome.”

I also suggested a few of the simplest mechanisms they should start with, which they could implement quickly using the data they already had:

  1. Unusual “strange” size of individual transactions
  2. Unusual transaction frequency
  3. Geographical anomalies (high-risk regions, long distance from the last transaction)
  4. Behavioral anomalies (sudden change in spending behavior)
  5. Linked transactions
  6. Anonymous transactions, prepaid cards, etc.

They started implementing everything.

And I’m convinced they also started sleeping a little more peacefully at night.

Because every action—no matter how simple—is better than no action at all.

Subscribe to Karol Zielinski’s mailing list and be part of a community of 1k+ subscribers interested in FinTech and tech business.

I do not send unwanted content. And you can always unsubscribe quickly and safely.

Nie wysyłam niechcianych treści. Plus, możesz zawsze łatwo się wypisać.

Other articles / inne moje treści: