The Use of Offensive Tactics to Stop Fraud

Criminals engage organizations that manage customers’ assets in a “battle of wits”: They exploit technological and human weaknesses to commit financial crimes and fraud, leaving the organization and its customers holding the bag. A holistic approach to fraud protection should consider both offensive and defensive measures to combat criminals and fraud schemes. In part one of this two-part blog, we will explore the use of offensive tactics to stop fraud at the source.


Offense: Going for the Source of Fraudulent Transactions

The best way for a criminal to initiate a fraudulent transaction is in the shadow of a legitimate customer. This could be accomplished via a malware infection on a device that a legitimate customer uses to conduct business, a form filled with the victim’s stolen personal information or a phone call into an unsuspecting call center rep with the correct answers to security questions.

Seeing Fraud Coming Is Hard, but Preventing It from Taking Hold Is Harder

This is a pivotal moment in a fraud scheme. Preventing criminals from getting the fraud off the ground will reduce the amount of work needed to defend against fraud down the road. Delay would involve finding and verifying a fraudulent transaction among numerous genuine transactions.

Fraud protection at the source isn’t trivial because it is hard to consider all the possible ways in which fraudulent transactions can be created. It is even more difficult to extend the reach of the organization’s security measures in such a way that they can be present at the source of fraud. Thus, knowing a fraudulent transaction is coming is the next best thing.

Cyber Protection Is Key to Stopping Fraud at the Source

Customers can choose from many ways to engage the enterprise. The convenience and speed of online and mobile customer engagement channels has shifted a significant portion of offline customer activity to these channels. Also note the rapid adoption of online and mobile banking over the past few years.

With ease of use and convenience comes higher fraud risk, enabled by malware and phishing. These threats enable criminals to collect credentials and personal information and to operate undetected from customer devices. This data is used by criminals to operate in the “shadow” of the user when transacting across all channels.

Frustrate the Fraudsters by Making Fraud a Costly Endeavor

The organization can stop criminals from getting this valuable data by using a set of offensive measures, including malware and phishing protection, account takeover detection and more. Offense forces fraudsters to go back to the drawing board and change their tactics. This is costly and has real implications for their productivity. That said, offensive measures require up-to-date intelligence of criminal plans and tools. This evolving intelligence is essential to match their shifting tactics.

Fraud Protection: An Ounce of Offense Can Save You a Pound of Defense

Offense is a way to wreak havoc among cyber criminals. It reduces effective attack surface area and creates an early barrier that stops the attack before it reaches the enterprise back office. However, offense comes at a cost and requires highly flexible, intelligence-driven operations that can closely match criminals’ evasive maneuvers.

To create a truly holistic approach to fraud protection, strong offense must be complemented by effective defense. We will cover this in part two of this blog.


More from Banking & Finance

Cost of a Data Breach: Banking and Finance

The importance of cybersecurity has touched almost every industry. Beyond that, robust cybersecurity is table stakes for several sectors, particularly health care and the banking and finance industry. Not only is financial data at risk, but so is customer trust. In banking and finance, trust means everything. Yet, consumers are hesitant to share their confidential data. A recent McKinsey survey revealed that no industry achieved a trust rating of 50% for data protection. Here’s the most sobering stat: 87% of…

What Do Financial Institutions Need to Know About the SEC’s Proposed Cybersecurity Rules?

On March 9, the U.S. Securities and Exchange Commission (SEC) announced a new set of proposed rules for cybersecurity risk management, strategy and incident disclosure for public companies. One intent of the rule changes is to provide “consistent, comparable and decision-useful” information to investors. Not yet adopted, these new rules – published in the Federal Register on March 23 – could change reporting requirements. Take a look at some of the big-ticket items and what your organization needs to know.…

SEC Proposes New Cybersecurity Rules for Financial Services

Proposed new policies from the Securities and Exchange Commission (SEC) could spell changes for how financial services firms handle cybersecurity. On Feb. 9, the SEC voted to propose cybersecurity risk management policies for registered investment advisers, registered investment companies and business development companies (funds). Next, the proposal will go through a public comment period until May 9.  The Importance of Cybersecurity in Finance The 2021 X-Force Threat Index found that financial services were the most targeted industry. Manufacturing beat out…

Top Security Concerns When Accepting Crypto Payment

From Microsoft to AT&T to Home Depot, more companies are accepting cryptocurrency as a way to pay for products and services. This makes perfect sense as crypto coins are a viable revenue source. Perhaps the time is ripe for businesses to learn how to receive, process and convert crypto payments into fiat currency. Still, many questions remain. How can you safely enable customers to pay with Bitcoin or other digital currency? What are the security risks that come with cryptocurrency? Let’s…