When data is key: Optimising payments with trillions of dollars worth of global transactions

A lot of companies build smarter solutions for fraud prevention and payment optimisation. These companies often only have access to a specific step in a specific region. To understand why the industry is so fragmented and siloed, it helps to get a glimpse into the wealth of data that’s behind every single payment.

A shopper leaves data at checkout before they click pay. Some of this data is relevant to help us in our risk assessment. If we see all fields being filled out with inhuman speed for example, it’s likely that a bot is making a purchase rather than a person.

When a shopper initiates the actual payment, they need to provide some level of Personal Identifiable Information (PII). Whether it's a card number, a bank account number, an email address, or even a name; shopper information is a part of payment processing.

Then we have the transaction itself. We exchange the transaction request to payment methods or card schemes according to international payment standards. This standard requires a lot of data around fees, entry mode, time of day, user authentication, etc. 

And finally, there’s the response flow where we get information back from banks for the actual authorisation. 

To illustrate this with an example: When you’re trying to buy sneakers, you need to provide a payment instrument, like a credit or debit card, in store or online. Information on that payment instrument is sent to the PSP, in this case Adyen. Often, this information is accompanied by relevant datapoints from before you clicked pay that help us in our risk assessment to decide whether the request is genuine. If we can proceed, the transaction is routed to the issuing bank behind the payment instrument of the shopper. After we hear back from the issuer with a positive response, we can tell a merchant they can proceed with providing the goods or services bought. 

If we see a card number used fraudulently with business A and the same card number pops up later at business B, it might not look fraudulent to business B. Because we have more context and are aware of a higher fraud risk for this particular payment instrument, we can introduce extra security measures like strong customer authentication to make sure that both the business and the legitimate owner of that payment instrument don't incur any financial damage.

Our status as a financial institution operating globally with a banking licence in the EU and a branch licence in the US, combined with the fact that we've been processing such large volumes across the globe for so many years, requires tight controls in the way we collect, secure, store, and use payments data. 

As a financial institution, we have an obligation to protect the larger financial ecosystem and prevent fraud and financial crime. To comply with this obligation, Adyen only processes personal data when strictly necessary to safeguard the prevention, investigation and detection of payment fraud.

That means that we’ll leverage data to the full extent in some cases. In others, we can't and won't use personal data at all. 

We do so by leveraging the trillions of dollars worth of global payments data to recognise trusted shoppers and stop fraudsters. 

"All businesses transacting with Adyen reap the benefits of payments data without having the responsibility of owning or storing it."

Our global reach is unique and helps us recognise trusted shoppers and fraudsters accurately. We’ve processed payments for large global enterprises for years. With the adoption of our in-store payments services on top of our online payments offering, the data has only gotten richer.

Our large reach means there’s a good chance we know whether a shopper that’s unique to your business is behaving normally or fraudulently. We get a live ping the moment a consumer pays on our platform all around the world. That ping tells our systems that this person is transacting according to their normal patterns, whether it’s online shoe shopping on Friday evening, paying for groceries at the supermarket on Sunday morning, or booking a taxi at 2 am.

Due to the sheer size of our platform, there’s a high likelihood we can accurately recognise shoppers and assess risk. In retail, there’s a 90% chance Adyen has seen a shopper before, even when they’re unique to a specific business.

All businesses transacting with Adyen reap the benefits of payments data without having the responsibility of owning or storing it. We’ve processed payments for over one billion consumers globally, giving our AI solutions a strong basis to differentiate trusted shoppers from fraudsters.

Since we can reliably stop fraudsters, we can also reliably identify trusted shoppers. What's very special about the data we've accumulated is that we see patterns beyond what one business sees. 

Say you’re traveling somewhere new and you want to order tickets for a sports game. You order the (expensive) tickets late at night - as soon as you get off the plane. It’s likely that the fraud system doesn’t trust you and blocks your payment, causing frustration for both you, and the businesses that’s looking to fill those final seats. Adyen, on the other hand, knows that your card has a lot of good history on the platform. That’s a sign of being a trusted customer, so we can minimise additional friction and let you complete the transaction and purchase your tickets.

Our shopper recognition means we’re better at risk assessments. It also means we can create a better and faster payment experience for trusted shoppers based on their geographic and personal preferences.

Take the CVC code for example. Contrary to popular belief, a CVC code is not mandatory to process a transaction. We can technically just submit a payment with only a card number, at an increased risk of fraud. But because it’s such a strong security measure, it’s used in many checkouts to this day. 

When you know you’re dealing with a trusted customer from the beginning of the funnel, it makes sense to reduce friction. One way is to process transactions even if the shopper makes an innocent typo, or drop the requirement of the CVC code entirely to speed up checkout.

This is just one way we can help trusted shoppers speed through checkout. Our AI can also decide intelligently to drop or add additional authentication with SMS or biometrics, or offer preferred payment methods with higher conversion in the region.

With all that big data comes the responsibility to store and use that data in a way that ensures security and privacy. We process payments for some of the largest global businesses and own banking licences, requiring tight controls in the way we collect, secure, store, and use payments data. 

"We're responsible for one of the most critical flows of businesses across the world: getting paid."

We’ve always put that responsibility at the heart of how we build our business. With new legislation popping up globally, we continue to sharpen how we design our platform. We commit to GDPR compliance as a minimum basis for our global offering, and we adhere to local regulations in other regions such as India. 

By default, data is stored in Adyen datacentres in the region required by local legislation. All critical flows of Adyen run on-premise. This means that all the components and hardware to handle data for such flows are designed, engineered, deployed, tested and operated by Adyen. Depending on the acquiring region and merchant setup, data may be temporarily held on servers in the region which is closest to the shopper. 

To ensure fast and secure processing globally, we use tokenisation to replace PII. These tokens allow us to use our payments data for accurate risk-assessment across our platform, regardless of where a shopper is from or where they’re paying. The result is fast, secure, and accurate optimisations globally.

There are other financial institutions that have a wide global reach, but they often lack the people and the technology to really surface the value of that data. While there are a lot of companies doing very cool things, they are made up of disjointed systems and infrastructures. These businesses only have access to a piece of the puzzle in a specific region or step in the payment funnel. 

What's so exciting about Adyen, is that we’ve historically invested in our own technology built by a group of talented people that try to understand and leverage our data from a holistic perspective. Leveraging our trillions of dollars worth of global payments data is where our engineering, privacy, and commercial teams come together. 

We're responsible for one of the most critical flows of businesses across the world: getting paid. To make sure we’re still the right partner in 25 years’ time and more, we continue to build products and solutions that bring value to global enterprises, while controlling for all the risks that handling payment data brings. 

Want to learn more about our AI-powered payment optimisations? Discover the Adyen Uplift product suite.