The Use of Offensive Tactics to Stop Fraud
Criminals engage organizations that manage customers’ assets in a “battle of wits”: They exploit technological and human weaknesses to commit financial crimes and fraud, leaving the organization and its customers holding the bag. A holistic approach to fraud protection should consider both offensive and defensive measures to combat criminals and fraud schemes. In part one of this two-part blog, we will explore the use of offensive tactics to stop fraud at the source.
Offense: Going for the Source of Fraudulent Transactions
The best way for a criminal to initiate a fraudulent transaction is in the shadow of a legitimate customer. This could be accomplished via a malware infection on a device that a legitimate customer uses to conduct business, a form filled with the victim’s stolen personal information or a phone call into an unsuspecting call center rep with the correct answers to security questions.
Seeing Fraud Coming Is Hard, but Preventing It from Taking Hold Is Harder
This is a pivotal moment in a fraud scheme. Preventing criminals from getting the fraud off the ground will reduce the amount of work needed to defend against fraud down the road. Delay would involve finding and verifying a fraudulent transaction among numerous genuine transactions.
Fraud protection at the source isn’t trivial because it is hard to consider all the possible ways in which fraudulent transactions can be created. It is even more difficult to extend the reach of the organization’s security measures in such a way that they can be present at the source of fraud. Thus, knowing a fraudulent transaction is coming is the next best thing.
Cyber Protection Is Key to Stopping Fraud at the Source
Customers can choose from many ways to engage the enterprise. The convenience and speed of online and mobile customer engagement channels has shifted a significant portion of offline customer activity to these channels. Also note the rapid adoption of online and mobile banking over the past few years.
With ease of use and convenience comes higher fraud risk, enabled by malware and phishing. These threats enable criminals to collect credentials and personal information and to operate undetected from customer devices. This data is used by criminals to operate in the “shadow” of the user when transacting across all channels.
Frustrate the Fraudsters by Making Fraud a Costly Endeavor
The organization can stop criminals from getting this valuable data by using a set of offensive measures, including malware and phishing protection, account takeover detection and more. Offense forces fraudsters to go back to the drawing board and change their tactics. This is costly and has real implications for their productivity. That said, offensive measures require up-to-date intelligence of criminal plans and tools. This evolving intelligence is essential to match their shifting tactics.
Fraud Protection: An Ounce of Offense Can Save You a Pound of Defense
Offense is a way to wreak havoc among cyber criminals. It reduces effective attack surface area and creates an early barrier that stops the attack before it reaches the enterprise back office. However, offense comes at a cost and requires highly flexible, intelligence-driven operations that can closely match criminals’ evasive maneuvers.
To create a truly holistic approach to fraud protection, strong offense must be complemented by effective defense. We will cover this in part two of this blog.
Program Director, Mobile and Fraud Strategy, IBM