Digitalization has enabled both cybercriminals and dishonest laypeople to perpetrate digital fraud. Get the gory details from a digital fraud expert …
Digital fraud is not considered a single, distinctive crime but covers a range of illegal and illicit actions that are committed in cyberspace, and it has now become a serious cause of concern.
Amid coronavirus-driven lockdowns and social distancing, proliferating mobile apps and online channels have proven to be vital lifelines. Concurrently, online shopping and contactless payments have propelled record e-commerce sales. This may be a blessing during the pandemic but it has also attracted a curse: a drastic surge in digital fraud.
The pandemic has likely not changed how fraud is motivated and committed, but the phenomenon has definitely focused a glaring bright light on the risks of fraud in the hastened advent of all-digital economies and the financial services sectors that power e-payments.
For a deeper look at how financial institutions (FIs) can fight fire with fire (digitally, of course), CybersecAsia spoke with Gerard McDonnell, Regional Solution Director, Fraud & Security, SAS.
CybersecAsia: How serious is the problem of digital fraud, especially now with massive global shift to e-commerce?
Gerard McDonnell (GM): Online shopping and contactless payments have propelled record e-commerce sales and subsequently, massive surges in cyberthreats and digital fraud. The pandemic has also forced the massive ‘un-banked’ population in ASEAN to use cashless payment methods and even digital banking products, like never before.
This is a whole new experience for the users globally, and a new opportunity for the banks—exposing very vulnerable customer-bases prone to phishing scams, identity theft, third-party account take-over and more.
Overall, digital fraud has changed the operating environment globally. FIs face significant risks, in reputation as well as financial losses. Over the years, digital fraud has become strategic and innovative. Hackers are using more sophisticated, innovative ways to hack into accounts by obtaining valuable customer information and login credentials. They are continually developing multiple strategies to identify and exploit systemic weaknesses and vulnerabilities. Some of the most common types of digital fraud include malware, phishing, card not present, counterfeit card and account take over.
If organizations and FIs do not find a way to prevent fraud, there is a real risk of losing credibility and thus consumer trust and associated business. Such risks will also discourage companies from fully-leveraging the amplified reach of digital platforms.
Alternatively, investments in digital security will become a market differentiator, creating business value for companies that take a proactive stance.
CybersecAsia: Why are data and advanced data analytics critical to mitigating digital fraud and financial crime?
GM: The move from omni-channels to multichannel, combined with the sophisticated nature of tools that criminals have available to them, provides a road map for FIs to build their fraud mitigation strategy over the next several years.
Without technological and operational improvements, the global rise of digital fraud will surpass the losses associated with counterfeiting magnetic stripe payment cards. A new fraud report by Javelin Strategy & Research and SAS suggests this digital shift is also fueling a multibillion-dollar-fraud surge worldwide. Some of the key trends and threats are:
- Digital payments present an escalating global risk. Though prevalent payment technologies vary by region, fraud trends have significant commonalities across geographies. This indicates that criminals coordinate and share information more openly than do FIs, giving them a significant advantage in thwarting fraud controls. Cross-border fraud is increasingly common.
- Digital fraud is increasing in frequency and sophistication. Fraudsters and criminal networks’ arsenal of tricks are becoming as advanced as the technologies used to detect their activities. Social engineering, phishing and identity schemes, and the breadth of digital payment methods are shifting the odds in the bad guys’ favor. Organizations should be aware that new payment mechanisms are especially targeted due to ineffective risk mitigation controls at launch.
- Layered technology and analytic capabilities needed to identify overlapping threats in real time. The complexity of criminals’ attack vectors demands a layered approach to preventing and detecting fraud, while also providing a means to orchestrate strategies and investigation activities. Automated actions and predictive case management powered by AI and machine learning can help reduce reliance on human resources.
- Data is critical. Using data for real-time analytics and automated actions will be crucial to thriving in this new digital normal. Capabilities will vary based on technological maturity, but organizations at all stages have a common need for as much real-time data as possible to make effective decisions. Importantly, deploying cloud infrastructure for fraud management systems boosts data ingestion capabilities.
CybersecAsia: How does advanced analytics help financial service organizations to identify threats in real time?
GM: Organizations need to manage risks during the movement from traditional payment methods to the new digital options. Data and advanced analytics can be very beneficial to overcoming digital fraud and financial crime.
For example, it is very important for financial institutions (FIs) to understand all payment entry points. Protecting these entry points from digital fraud can be quite complicated and tedious. The critical first steps are to start processing all data streams in real time and to combine identity management and transaction monitoring to not only identity fraud that has occurred, but to stop it even before it takes place.
The financial services industry as a whole needs to boost utilization of available AI and machine learning technologies. Since the start of the pandemic, FIs have tirelessly innovated to meet customers’ needs for flexibility and immediacy. Now they must redefine how they protect themselves and their customers from the associated risks.
In the digital environment we live in today, the use of data will be pivotal for real-time analytics and automated activities within businesses. The level of needs may vary from industry to industry but they will be important to all businesses to counter fraud and make insightful strategic decisions.
CybersecAsia: What role can the latest advancements in analytics play in helping businesses and banking service providers cope with these new challenges and opportunities in the digital economy?
GM: To handle digital fraud, businesses need more than just the standard analytics. They need to implement adaptive techniques including AI and machine learning, supervised machine learning, unsupervised machine learning, network analysis and text analysis.
All of these technologies form a powerful force for improving both accuracy and efficiency of fraud detection. It only makes sense to bring fraud, Anti Money Laundering (AML) and cyber functions together. Here are seven key considerations for an effective defence using analytics:
Converge fraud and AML programmes. Centralize insights from multiple sources, including cyber-event data, for more complete customer risk assessments in a broader context.
Establish consistent business processes. Intuitive workflow and case management support more efficient investigations, faster resolutions, fewer false positives and higher productivity.
Reduce false positives. Advanced analytics and machine learning can reduce such anomalies so investigative analyses can focus on the cases that pose the most risk to the organization.
Intelligently prioritize alerts for triage, investigation and disposition. Advanced analytics can let defenders quickly see areas of interest and where to focus first.
Leverage interactive visualizations. Investigations can be more targeted and conducted more efficiently through the use of interactive graphics and tables. Import, search, filter and visualize the results in different ways to reveal patterns, people and events hidden in complex data.
Easy report generation. Findings can be documented with screen captures, analyst notes and images and advanced reporting that present data to stakeholders and decision makers much more impactfully.
Advanced analytics help FIs to adapt quickly to an ever-changing landscape with user-friendly data administration and configuration tools, as well as automatic updates. Incorporate new data sources. Evolve processes. Expand intelligence analytics to other areas of the business, or design new components and screens based on changing needs.
CybersecAsia: How should a business start to use data analytics to handle fraud? Please share some practical steps and best practices.
GM: For an overall better and more secure customer experience, digital fraud management requires an approach with faster response to new threats in order to reduce false positives. Using this approach, businesses would be making faster, better informed risk-based decisions across the entire organization.
An end-to-end fraud detection and prevention solution supports multiple channels and lines of business, enabling enterprise-wide monitoring from a single platform. Such a solution simplifies data integration, and enables FIs to combine all internal, external and third-party data to create a better predictive model tuned to the organization’s needs.
Bringing together this data on a single technology platform gives the flexibility to scale up or out as the business changes, and respond faster to new threats as they arise. Data analytics and machine learning solutions can enable the monitoring of payments as well as non-monetary transactions and also events, thus enabling businesses to identify and respond to unwanted and suspicious behavior in real time.
Finding fraud faster reduces revenue loss by staying on top of shifting tactics and new fraud schemes. Embedded machine learning methods detect and adapt to changing behavior patterns, resulting in more effective, robust models. Key technology components let banks easily spot anomalies for each customer. In-memory processing delivers high-throughput, low-latency response times (even in high-volume environments)—enabling FIs to score 100% of transactions in real time.
In practical terms, organizations can use alert management to manage resolutions and manage payment, risk decisions, perform hot listing and blocking, and conduct downstream fulfilment actions ——all from a single interface to increase productivity and efficiency. These practices will ultimately lead to high levels of customer satisfaction. Better fraud detection capabilities and faster response times lead to fewer false positives, which translates to less custom.
Data without analytics is intelligence not realized and monetized, which means businesses are unable to operate at their optimum capacity. Thus, it is imperative for organizations to understand the value and significance of data analytics in this fast-paced digital world. Organizations that want to survive in today’s competitive market need to build the right infrastructure and adopt the right practices across their infrastructure.
CybersecAsia thanks Gerard for his detailed insights. Please consider subscribing to CybersecAsia.net and DigiconAsia.net digital newsletters and content to be kept in tune with both cybersecurity and digital convergence trends and insights.