Tokyo Financial Award:
Winning the Cat-and-Mouse Game with Online Financial Fraudsters

日本語で読む
Protecting digital financial services from fraud through proprietary solutions that preserve frictionless transactions won Paygilant Ltd. first prize at the Tokyo Financial Award 2020, organized by the Tokyo Metropolitan Government (TMG).
6IS[26095].png
The company uses multiple data points to identify fraud.

As a growing portion of our lives, particularly the financial side, migrates to mobile, so does the attention and activities of fraudsters. One major challenge in the mobile financial arena is that users expect transactions to be completed in a few clicks but also securely. It is at the nexus of this tension where Paygilant comes into its own.

Founded in Israel in 2016 by Ziv Cohen, a two-decade veteran of the cybersecurity and anti-fraud industry, and his partners, the company seeks to address the needs of the burgeoning ranks of online-first banks and other fintech ventures to protect themselves and their customers.

Leveraging machine learning and AI in its patented tech solutions, "the required insights and the countermeasures that can be applied in real time to bridge the gap between the pace that fraudsters work at and that of the banks," explains Cohen.

Because fraudsters are unencumbered by the processes and regulations that banks need to comply with, "they move faster," he adds.

Intelligent Security Design Delivers Smooth Operations 

At the heart of the company's anti-fraud measures are its proprietary 6 Intelligence Sets (Device DNA, User Space, Activity Map, Bio Markers, App Insights, Transaction View).

"Device DNA" creates a unique ID for each device so that manipulation can be detected when fraudsters use techniques such as cloning; "User Space" observes the environment around the device, allowing for frictionless recognition of a returning customer; "Activity Map" tracks the unique manner a user interacts with an app; "Bio Markers" measure everything from finger size to scrolling speed to pauses; "App Insights" correlates internal and external information to validate IDs as data become available from the app; "Transaction View" analyzes payment patterns using behavioral maps to assess risk.

These layers combine to allow fraud to be detected and stopped without having to resort to additional verification processes like one-time passwords and codes sent via SMS. 

"That's what we have basically managed to do, reduce the friction by really distinguishing very accurately between the legitimate customer connecting from their legitimate device and behaving the normal way they do, as opposed to fraudsters who use different devices and behave differently throughout the entire user's journey."

Tracking and analyzing behavioral patterns and environments can also prevent the creation of bogus accounts, a mainstay of fraudsters, who employ them in numerous nefarious ways. The added challenge is that a new account provides a paucity of data compared to a transaction by an established user. But as soon as an app is downloaded to create a new bank or other financial account, "We can measure and assess the legitimacy of the connecting environment of a phone or machine and then immediately come up with a conclusion as to whether this is in the hands of a legitimate person just by the way it is structured."

The most everyday activities, or their absence, can be telltale signs: "For example, fraudsters, clearly will never make phone calls to their mom from the same phone they're going to use to launch an attack against a bank."

iStock-496796756.jpg
Keeping transactions both secure and frictionless is key. Photo: iStock

Protecting Privacy and Payments

Collecting extensive data about users' habits, locations, biometrics and behaviors naturally raises privacy questions. Cohen acknowledges the concerns and insists Paygilant has prioritized them since its inception.

"Working very closely with the European Commission (the executive body of the EU), according to their guidelines, we managed to design the system with security and privacy built-in. Firstly, it only collects the minimum information required to detect fraud...Then everything is obfuscated, vectorized and encrypted."

This allows its security solutions to be compliant with Europe's General Data Protection Regulation (GDPR) and "all the other flavors of GDPR around the world, including Japan."

Reengaging with the Tokyo Market

Asked about the steps ordinary people can take to avoid being the victim of fraud, he advises caution in dealing with emails or messages purporting to be from banks or payment platforms.

And while tech such as AI is a vital tool in the "cat-and-mouse game" with fraudsters, it is being used by both sides, also allowing for the creation of more convincing fake materials and emails.

If in any doubt, call your bank and confirm, recommends Cohen.
 
"Of course, you know, the human factor is always the weakest link," he adds.

With the world struggling through the pandemic when the Tokyo Financial Award was presented in February 2021, the Paygilant team was unable to travel to Japan to receive their prize or to meet potential Tokyo-based clients afterward.

However, Cohen is keen to add to the regional representation that the company already has in Singapore, the Philippines, and in Hong Kong, with personnel in Tokyo, and "Reengage with more Japanese customers, companies, fintechs."

Tokyo Financial Award: the TMG's Tokyo Financial Award consists of Financial Innovation and ESG Investment categories. The Financial Innovation category recognizes and awards businesses offering promising financial products and services. Successful applicants undergo initial screening and, if selected, receive business support to refine their offerings or enter the Japanese market. The top three companies in this category also receive cash prizes.
https://www.finaward.metro.tokyo.lg.jp/en/
Interview and writing by Gavin Blair
Photos: courtesy of Paygilant
Comment on this article

Rate this article

 Comment on this article
Terms of Use Privacy Policy

Personal data will not be disclosed with the answers