Ritesh: Good afternoon, Bastian.

Bastian: Good afternoon

Great to meet you here in London at ATPS

Thank you for having me

Bastian, I would like to talk to you about fraud detection. Specifically, how to make it seamless and at the same time, uhm, not, uh, I mean making it strong and also ensuring the customer is having a frictionless experience. So, what is your comment on that, how can travel merchants focus on this equation?

Very important is to obviously work with the experience teams, that are many times, whether the companies that are established certain processes that are working on improving the processes and not to reduce, or introduce, more friction to the process.

In that case, the defraud detection solution should ideally always be invisible. Only introduce friction when it is really necessary. Obviously, we have seen Captchas coming up. But sometimes you get asked for a Captcha at every point of time and introducing something like a combination of fraud solutions, you know, orchestration so that you can basically steer to a process that gives the experience you want to have. And maybe only reach out to more expensive fraud solutions when you feel basically there is a need for it.

Bastian, a lot of times companies already have fraud detection tools in place. So, when they offer a new solution to make the experience seamless, how should they go about integration, blending the existing tools with the new one?

With solutions coming up, or also already being in place, it’s always interesting how they are to be integrated. Historically, people used integration kits for all kinds of solutions. But nowadays we are in a cloud-first, API-first kind of world where in an agile manner things need to happen much faster; projects have shorter timelines. We see fraud popping up much quicker. And being there able to use the existing methods is obviously key as some have been proven over years, and they work really well. Some maybe want to add something on top of it, and they are being able to leverage the integration you already have. Nowadays the rest API is basically key for a lot of people so that you don’t have to wait for integration kits, and orchestration solutions perhaps there to also facilitate the fraud solution you already have. On the other side, there are authorization solutions that we can also assist with, that offer you assistance with giving you a picture across the whole landscape of not just one fraud solution but merging those kinds of different signals with existing solutions and integrating where they are basically strong with and the integration class that they typically recommend.

Bastian, can you talk about the trends that have emanated in the last year or so: automation on part of fraudsters, what they are doing on the Dark Web? What kind of trends would you like to highlight as far as fraudsters activities concern?

I think that something that’s always been there, it’s obviously the Dark Web, is that credentials can be bought from there, credential stuffing, brute force attacks, bots that attach to something, that has been there for years. And obviously is still growing. We see at the moment that there is a regular traffic of bots, it’s […] like at 25%, that includes good and bad bots. So that is something that is going to continue to go ahead. But also, the areas that specifically came up during COVID is all this handling of remote; remote workers, remote customers, and also ensuring they are coming in with the right identity. Which is not just purely analyzing the session but also validating their credentials. In this case, it could also be ID verification, and obviously automating those kinds of things. Specifically, customers do not want to wait even longer so things need to happen in real-time, right at the moment when they need it, and for the customer that can also be the case at 2 AM in the night and should happen at any point of time.

How are travel merchants being offered the opportunity to identify a customer in the background, or in a seamless manner? How is this experience shaping up where the customer doesn’t need to do too much because there are certain times when the customer is asked to prove their identity? So, how are merchants ensuring that the digital identity of the customer is being assessed in a seamless manner?

You should ideally use things that customers are using already anyway, either credentials from the party that is very strong in the consumer space, could be the Googles of this world, could be the Apples of this world. And in some areas, I think the financial areas obviously, you want to have a certain respect of it, but they typically have very clean credentials overall. In other areas, that where you can connect social accounts or something that is very strong, that already gives you some indication but then also in other areas where people have typically some sort of trusted device. Everyone leaves their house with a mobile phone, they typically log in from the same laptop, and using those kinds of trusted relationships you see them coming over and over with the same account and the same device and that makes it stronger over the period of time that also then allows you to reduce the friction by not asking them anymore for Captchas or MFA requests for validating the ID and so forth.

So, lastly, from Ping Identity’s perspective, what would be your set of recommendations for travel merchants?

Excuse me?

What would you like to recommend to travel merchants, considering Ping Identity is a specialist in Behavioral Biometrics? So how should travel merchants go about these kinds of solutions if they have to integrate with the fraud detection mechanism they already have in place?

It’s definitely very important to see what there is on the market. It is definitely a shift in many cases, particularly when you look at artificial intelligence machine learning. It’s not that you just switch on the policy and then it works. It’s very adaptive to what you are currently experiencing, and you might not find things out right away. So, from the traditional aspect of regular proof of concept, where you just want to try this policy out, does this policy work or no, this kind of typically black- and whitelisting, it’s a very different experience. So sometimes those trial periods run on much longer, and that’s something that I think is also always good. And maybe reducing the processes on the other side, like the more informational parts, which vendors in many cases tend to give the same answers and why, and answer with yes and no, because bot detection can be similar, but is also again not similar. And then also when you do AI machine learning it can mean completely different things, depending on the area you look at. And then also kind of bringing those things together is also quite important from that aspect.

Thank you, Bastian, for your time.

Thank you.