Specialty literature and solutions in the market have been focusing in the last decade on collecting and aggregating significant amounts of data about transactions (and user behavior) and on refining the algorithms used to identify fraud. At the same time, legislation in the European Union has been adopted in the same direction (e.g., PSD2) in order to impose obligations on stakeholders to identify fraud. However, on the one hand, the legislation provides a high-level description of this legal obligation, and on the other hand, the solutions in the market are diversifying in terms of data collected and, especially, attempts to aggregate data in order to generate more accurate results. This leads to an issue that has not been analyzed yet deeply in specialty literature or by legislators, respectively, the privacy concerns in case of profile building and aggregation of data for fraud identification purposes and responsibility of stakeholders in the identification of frauds in the context of their obligations under data protection legislation. This article comes as a building block in this direction of research, as it contains (i) an analysis of existing fraud detection methods and approaches, together with their impact from a data protection legislation perspective and (ii) an analysis of respondents’ views toward privacy in case of fraud identification in transactions based on a questionnaire in this respect having 425 respondents. Consequently, this article assists in bridging the gap between data protection legislation and implementation of fraud detection obligations under the law, as it provides recommendations for compliance with the latter legal obligation while also complying with data protection aspects.
This is an open access article distributed under the Creative Commons Attribution License
which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited