The Use of Offensive Tactics to Stop Fraud

Criminals engage organizations that manage customers’ assets in a “battle of wits”: They exploit technological and human weaknesses to commit financial crimes and fraud, leaving the organization and its customers holding the bag. A holistic approach to fraud protection should consider both offensive and defensive measures to combat criminals and fraud schemes. In part one of this two-part blog, we will explore the use of offensive tactics to stop fraud at the source.

 

Offense: Going for the Source of Fraudulent Transactions

The best way for a criminal to initiate a fraudulent transaction is in the shadow of a legitimate customer. This could be accomplished via a malware infection on a device that a legitimate customer uses to conduct business, a form filled with the victim’s stolen personal information or a phone call into an unsuspecting call center rep with the correct answers to security questions.

Seeing Fraud Coming Is Hard, but Preventing It from Taking Hold Is Harder

This is a pivotal moment in a fraud scheme. Preventing criminals from getting the fraud off the ground will reduce the amount of work needed to defend against fraud down the road. Delay would involve finding and verifying a fraudulent transaction among numerous genuine transactions.

Fraud protection at the source isn’t trivial because it is hard to consider all the possible ways in which fraudulent transactions can be created. It is even more difficult to extend the reach of the organization’s security measures in such a way that they can be present at the source of fraud. Thus, knowing a fraudulent transaction is coming is the next best thing.

Cyber Protection Is Key to Stopping Fraud at the Source

Customers can choose from many ways to engage the enterprise. The convenience and speed of online and mobile customer engagement channels has shifted a significant portion of offline customer activity to these channels. Also note the rapid adoption of online and mobile banking over the past few years.

With ease of use and convenience comes higher fraud risk, enabled by malware and phishing. These threats enable criminals to collect credentials and personal information and to operate undetected from customer devices. This data is used by criminals to operate in the “shadow” of the user when transacting across all channels.

Frustrate the Fraudsters by Making Fraud a Costly Endeavor

The organization can stop criminals from getting this valuable data by using a set of offensive measures, including malware and phishing protection, account takeover detection and more. Offense forces fraudsters to go back to the drawing board and change their tactics. This is costly and has real implications for their productivity. That said, offensive measures require up-to-date intelligence of criminal plans and tools. This evolving intelligence is essential to match their shifting tactics.

Fraud Protection: An Ounce of Offense Can Save You a Pound of Defense

Offense is a way to wreak havoc among cyber criminals. It reduces effective attack surface area and creates an early barrier that stops the attack before it reaches the enterprise back office. However, offense comes at a cost and requires highly flexible, intelligence-driven operations that can closely match criminals’ evasive maneuvers.

To create a truly holistic approach to fraud protection, strong offense must be complemented by effective defense. We will cover this in part two of this blog.

 

More from Banking & Finance

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

What’s up India? PixPirate is back and spreading via WhatsApp

8 min read - This blog post is the continuation of a previous blog regarding PixPirate malware. If you haven’t read the initial post, please take a couple of minutes to get caught up before diving into this content. PixPirate malware consists of two components: a downloader application and a droppee application, and both are custom-made and operated by the same fraudster group. Although the traditional role of a downloader is to install the droppee on the victim device, with PixPirate, the downloader also…

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today