Viva Wallet's rules-based engine versus Fraudio's Merchant Initiated Fraud system

August 26, 2022

On the second part of our webinar, Giorgos Gkionis, Viva Wallet's Chief Software Architect explains Viva Wallet's prior fraud detection approach and how does it compares to Fraudio's Merchant Initiated Fraud system.

This panel debate is moderated by Diederik Klopper, consultant at PaymentGenes with the participation of Giorgos Gkionis, Viva Wallet's Chief Software Architect Risk, AML & Anti-Fraud, and João Moura, Fraudio's CEO.


Webinar Transcript

[00:00:01.270] - Diederik Klopper
And then George, Viva Wallet is in its stage of hyper-growth, still. That means that you have to onboard a lot of merchants and clients. But with these rules and regulations from the European Central Bank, and the Greek Central Bank becoming more and more strict, what was the other way of solving fraud, if you wouldn't have a solution such as Fraudio? How did you take on those challenges before?

[00:00:30.470] - Giorgos Gkionis
Yeah, well, for years, our in-house developed solution was strictly a rules-based engine, meaning we have applied a set of rules to each and every transaction. And these rules were hard-coded, for example, if the merchant is UK-based and he performs a total amount of transactions, acquired transactions in the last 20 minutes, over £20,000, then do this and that. It's essentially an if-this-then-that framework. And that, of course, can result, as you may realise, in many false positives. It creates a kind of disruption in the business of our customers, and our own, because we can't have that many employees in order for them to check each and every alert that our system pops up. So in a system like this, having an AI assisted sub-system is quite crucial. It's essential. We cannot conduct business in any other way. Our system is still rules-based, but instead of, for example, let me mention the example I told you before, UK merchants, 20 thousand, 20 minutes, we can replace that with "Okay, does Fraudio say okay? If Fraudio says okay, then it's ok, it's legit". So we have delegated all this strict logic to an AI assistant, fuzzy logic, that provides much less false positives and adds quite some value to us and to our customers, therefore.

[00:02:23.090] - Diederik Klopper
Yeah, because then that increases the customer satisfaction. Does it also decrease the time that you need for onboarding? Because perhaps you need less documentation because you can do more accurate checks during the transactional phase?

[00:02:34.690] - Giorgos Gkionis
Yes. First of all, the bottleneck is the documents. We need a bunch of documents for us to onboard each and every merchant. But in order for us to avoid doing extra security checks, rules-based extra security checks during onboarding, we have skipped all that altogether. And then we delegate all the checks based on the transactional behaviour of the merchant to Fraudio. Fraudio responses to us promptly, raises a red flag or a black flag whenever something fishy happens. And then we can take care of that situation as quickly as possible.

[00:03:14.930] - Diederik Klopper
And that then allows you to free up a lot of full-time employees that were working.

[00:03:22.670] - Giorgos Gkionis
Right now, we have millions upon millions of transactions each month. In order for us to manually check each and every alert that a rules-based engine pops up, we need an army of officers checking all the alerts, 24/7. And this, of course, causes some disruption because some alerts, in an if-this-then-that rules-based engine, the "that" part can drop the liquidation of the customer altogether. Or his ability to perform acquiring. So if a false positive pattern happens in a case like that, yes, of course we have a customer disruption. Imagine a bar operating at 1 o'clock at night, where of course our employees are not fully hands-on, each and every one of them at that time on our premises, that could cause a real problem. So all of this has been very much mitigated, thanks to Fraudio.

[00:04:29.870] - Diederik Klopper
Decreasing the amount of false positives has huge uplift for the satisfaction of your clients that are trying to transact. Also, do you see an increase in the amount of fraudulent transactions that you can capture? Because as the rules-based approach is somewhat limited, and once people find out, that these are the rules, and if we just stay outside of these parameters, we can circumvent the system.

[00:04:55.150] - Giorgos Gkionis
Of course, false positives have decreased, but also false negatives. So, the operation, the transactional behaviour monitoring, has become much more effective. This way we can pinpoint anytime something fishy occurs, we are informed by Fraudio about it at that time, that moment when it happens. So either automatically, or through an agent, we can apply some emergency rules right then and there, in order for us to protect our customer, and or ourselves.

[00:05:34.890] - Diederik Klopper
I see a question coming in from Peter. By the way, if anybody has a question, please write it down. And at the end, there will also be some time. But Peter asks: "Did the speed or time per case as well improve?" Of course, in a number of cases, I think drastically decreases, but are there any metrics you can have to increase the handling of those cases?

[00:05:57.090] - Giorgos Gkionis
Well, the time per case. Look, if Fraudio promises that an event is fraudulent, red or black flag, the case is really obvious. We look into our back-office and we see that the transactional behaviour of the customer and it's very obvious that, yes, something has happened, something's going on right there. So, yes, if the red and black flags are true positives, then the handling of the situation is very rapid because it's pretty much obvious what's going on right there. Yeah.

[00:06:32.340] - João Moura
So we send explanations for why we're raising an alert, and so then the fraud Investigations' team on Viva's site is able to just go through the motions. Especially for black alerts, indeed. I think that in the last few months or even the last year, I don't think that we produced any false positive and that's why it's black. So we make it so obvious. We make it look so obvious that simply.

[00:07:18.130] - Diederik Klopper
They're called red handles, because you have red or black flags.

[00:07:20.340] - João Moura
Yeah, but to help quantify, to Peter's question. So, Viva wallet grew 5x in terms of processing volumes or amount of transactions since we went live with this product. And I believe that their Fraud Investigations team did not grow. So that has something to say about how much more efficient each individual investigator is, right, with a tool that's just better than rules-based.

[00:07:58.970] - Diederik Klopper
And João, you mentioned something about black and red flags. What are the notifications that you attach to the transactions and to the merchants?

[00:08:06.560] - João Moura
Yeah, so there's really a lot of explanations, or reason codes. And it can be because we've seen a sequence of failed transactions of decreasing amounts followed by an approved one. Bear in mind that these reports are actually sent offline, in batch, and before settlement. So we can afford to wait a few transactions before we raise the alert. The reason for that is really very simple. We're trying to shut down merchants, not exactly stop individual transactions. And then those alerts are also linked to transactions. So you can actually see in a dashboard what were the exact transactions that triggered that alert and that are connected to those reason codes.

[00:09:09.850] - Diederik Klopper
What are the various alerts that you have? So there's a red flag, there's a black flag. What do those mean?

[00:09:16.060] - João Moura
Yeah, there are black alerts that are basically "shut down this merchant". This merchant is blatantly doing something fishy. Then red alerts are a bit of a catch-all. So we've got money laundering cases through time. We've caught scams as well, but also a lot of merchants. The typical merchant-initiated fraud. So merchant bust-out fraud with a higher score, so to say. And then we also have yellow alerts. Yellow alerts are basically put this merchant on some form of a suspicious list, perhaps adjust the settlement characteristics of this merchant. So maybe increase the rolling reserve, maybe delay settlement. And then we have a little bit more time to see what happens with this merchant. Sometimes it goes away and it was a false positive, but very often it actually escalates, and after a couple of yellow codes in one day, the next day is red and the investigation is initiated.

[00:10:39.030] - Diederik Klopper
And George, has this transformed the way that you now approach the analysis of this?

[00:10:46.110] - Giorgos Gkionis
Can you repeat the question, please?

[00:10:48.000] - Diederik Klopper
Yes. How does the notification and the three levels of alerts from yellow to red to black, how does it transform how you handle these merchants? Because beforehand you either were suspicious of a merchant or not, but perhaps didn't have this depth of information.

[00:11:09.400] - Giorgos Gkionis
Yes, back then, we didn't have any risk classification concerning the rules. This is the first classification. A rule has hit. We don't know how probable the rule is concerning it's true positivity, we don't have any classification about it. Now we do! We know that if a black flag occurs, yes, we shut down the merchant and then we perform checks later. On red, yes, we perform checks as soon as possible, most probably right then there's and then perform some searches ourselves. So yes, it has helped us a great deal to deal with these kinds of situations.

Would you like to learn more about this topic? Then we are pleased to invite you to watch the full webinar here: The secret to hyper-growth for merchant acquirers.

See you soon!

Measure results yourself !

How about trying our solution  and experiencing the next generation for yourself?