Analysts reviewing rules vs models for merchant acquiring fraud frameworks

Payment service providers (PSPs) and acquirers are some of the oldest organizations currently operating in the financial services landscape. As such, many PSPs have entrenched habits and are often resistant to change. This mindset applies to the rules-based systems that analysts have grown accustomed to using. Let’s review the rules vs. models argument to prevent merchant acquiring fraud and respond to emerging fraud risks - and why many analysts’ Skynet effect fears are overblown.

Many analysts at PSPs and acquiring firms prefer to use a rules-based approach. Often, analysts were self-taught and are familiar with building a sprawling network of rules to do their jobs. But familiarity does not equal effectiveness. A shift from a rules-only to a hybrid rules and models approach is necessary to combat new merchant acquiring fraud tactics and new payment types. 

What’s interesting is that some analysts see a set of rules as a type of model. After all, each new “feature” is designed to identify a new fraud type and decline or accept a transaction. Plus, rules alone can also automate risky decisions. 

But rules-only systems create fraud vulnerabilities and operational headaches. For example, a “stockpile” of rules and individual merchant exceptions can go unnoticed by a PSP. A significant share of transactions get whitelisted or approved automatically in real-time without review. Talk about being vulnerable to fraud attacks!

Trying to untangle the rules can be even more challenging. Many rules are built on top of each other, like a Jenga tower. Removing even one rule has far-reaching consequences if no one understands the rule’s purpose or how it affects other rules. 

If Rules Aren’t Perfect, Why Do So Many Acquirers and PSPs Distrust Machine Learning?

Some analysts distrust machine learning automation. This mindset has been called the Skynet effect, a reference to the villainous AI program from The Terminator films. Remember what happened in that scenario? A global apocalypse! 

Don’t worry, we’re not saying a rules-only system will be cataclysmic. But it will be…moody. That’s because many analysts approve transactions based on their instincts, putting human analysts in control. That’s not exactly a bias-free situation and probably doesn’t align with ESG initiatives

How to Lose a Country With One Rule Change

Need more proof that a rules-only system is not the way to go? Read on!

We’ve all lost our keys, our phones, or forgotten where we parked our car at one point. But imagine losing track of an entire country. Believe it or not, that’s what happened to a PSP a few years ago.

The PSP tried to adjust a rule that no one in the organization understood. Unfortunately, they realized too late that they had unintentionally blocked all transactions originating from a European nation. Fortunately, the PSP had Feedzai’s support. We were able to determine how the rule blocked access to an entire country and reverse the decision. But the damage was already done. Not only did the PSP lose an entire day’s worth of revenue, but it also hurt its reputation with merchants affected by the shutoff.

Rules vs. Models: Complement to Catch More Merchant Acquiring Fraud

PSPs and merchant acquirers do not have to abandon their rules entirely. Instead, PSPs can have their cake and eat it too by complementing rules with models. 

Today’s advanced AI means that rules get the support of machine learning models to quickly identify high-risk merchants and improve fraud detection efforts. Machine learning models can complement existing rules and increase efficiency. It’s a sweet deal for the entire fraud-fighting team.

Firms that use rules with models for merchant acquiring fraud have seen a 30-50% drop in review rates. This ultimately benefits fraud analysts who can spend more time investigating cases and improving rule quality. Analysts also have time to identify high-risk merchants and uncover detectable and preventable fraud patterns that existing rules fail to detect. 

How PSPs Can Smoothly Shift from Rules-Only to Include Models

Here’s how PSPs and merchant acquirers can shift from rules-only systems to rules and machine learning models:

  • Review rules for migration. When making the shift, PSPs must assess what rules they have and determine exactly which ones need to be updated. Allow data scientists to assess how the rules work and if there are a set of features that should be automatically detected. Data scientists can also identify specific criteria to use in features in an advanced model. This is also an opportunity to look for ways to improve the features and rules.
  • Thoroughly profile merchants. PSPs should have a clear understanding of what the business does, their merchant category code, and that the merchant is sending the best data possible. An eCommerce merchant will be able to share IP information, mobile app data, billing information, and shipping addresses. On the other hand, a brick-and-mortar florist business will send fewer data points. All data provided needs to be clear and categorized to help the machine models enhance the PSPs’ existing rules. At the same time, rules also enhance machine learning models.
  • Train staff for the future of payments. Remember the fear of Skynet we discussed earlier? This kind of change can raise fears that some people’s jobs are in danger. PSPs must teach their staff how machine learning models will not eliminate their jobs but enable them to improve their work. By reducing the number of events to review in a day, staff will be less error-prone and able to conduct more thorough investigations. These investigations can uncover more merchant acquiring fraud patterns and find ways to improve revenues. This improves the model by adding more and better labels to fraudulent events and improving the quality of alerts. This will motivate the analysts by reducing false positive alerts.

Change can be intimidating. But rules and models can work together harmoniously to identify emerging fraud risks and prevent merchant acquiring fraud. What’s more, both systems can learn from each other. Machine learning models learn from human intuition while advanced algorithms enhance rules. The end result? Come renewal time, your clients will say, “I’ll be back.”