The Role of Security-as-a-Service in Fighting Payment Fraud

A close-up image of a person hands on the keyboard of a laptop, holding a debit card in one hand to make an online purchase. Brightwell's Arden solution protects business from payment fraud with its risk detection, transaction monitoring, and compliance services.A person holding a tablet with icons on it.

The fintech industry has seen a boom in investment this year due to the advances it has brought consumers following the COVID-19 pandemic. As a result, consumers can manage, spend and share money more easily and securely than ever before.

But with the rise in fintech startups and organizations, the industry has also experienced an increase in cyberattacks. Driven by the pandemic and the increasing number of digital transactions, identity fraud losses in the fintech industry reached $56 billion in the US in 2020. And last year, cybercrime cost U.S. companies more than $6.9 billion, with only 43% of businesses reporting that they feel financially prepared to face a cyberattack in 2022.

Fintech companies must understand the threats and take steps to guard against payment fraud and cyberattacks. 

The Anatomy of Payment Fraud

It’s vital to understand the anatomy of payment fraud attacks in order to fight fraud. So, how does payment fraud happen?

One of the biggest payment fraud challenges on the card-issuing side is card enumeration - a type of bank identification number (BIN) or brute force attack. In fact, it was a card enumeration attack that resulted in $2.5 million in losses for Brightwell in 2020. These attacks don’t involve any kind of “breach” or “hacking.” Instead, they rely on guesswork or algorithms, with fraudsters using bots to run trial-and-error to guess payment card details. In our case, cybercriminals tried more than one hundred million card transaction attempts at numbers that were in Brightwell’s card range. They tried every combination of a card number, expiration date, and card verification value (CVV) until they got a match. Then, they would drain the card down to zero as fast as possible, using the stolen card information to buy cryptocurrency and other online purchases. While we were ultimately able to recover all funds and return them to customers, we realized the current tools we were using weren’t enough to protect against card enumeration attacks.   

How Security-as-a-Service Can Help

Following Brightwell’s experience with card enumeration, we realized our current tools did not provide adequate protection against payment fraud. Unfortunately, at the time of the attack, the tools available only enabled us to examine the data of a single cardholder to identify anomalies in spending habits, rather than scanning our full environment to identify patterns that could indicate fraud in progress. As a result, all those systems didn’t flag the activity and it went unnoticed until our customer service team noticed the issue.

This key learning is what eventually spurred the creation of Arden - Brightwell’s AI-powered payment fraud solution. However, most fintech companies simply do not have the budget or resources to fight fraud on their own or create their own payment fraud detection solutions. Thus, after testing the solution internally, we decided to offer Arden as a SaaS solution to our customers, becoming the first cloud-based, PCI-compliant card enumeration solution available to card issuers. 

Security-as-a-Service (SaaS) solutions like Arden provide a cost-effective solution to fight fraud and secure payments. Rather than hiring an in-house team, SaaS allows you to outsource fraud protection with cloud-based solutions that can scale and grow with your business and multiple subscription solutions to fit your needs and budget.

Contact Brightwell today to learn how Arden can simplify fraud detection, with cost-effective options to meet your needs and fight fraud before it strikes.