The journalist’s nose can be relied upon to sniff out a good story — but can it also sniff out identity fraud?

Shir Levin thinks so. As a fraud analyst with IBM Trusteer, Shir spends her days detecting anomalies in financial accounts and tracking down the bad guys preying on society’s most vulnerable. Shir cut her teeth in news as a journalist for the Israel Defense Force’s radio station, Galei Tzahal (Army Radio), at the age of 18 — and the two roles are more similar than you might think.

“As a news presenter, you need to separate the wheat from the chaff and see the big picture,” Shir said. “And an analyst should also understand the data at a very high level while seeing the story behind the numbers.”

But news wasn’t always Shir’s calling. She applied to Galei Tzahal at 18 because “it sounded intriguing,” though she admits she knew little about journalism.

“Those years were amazing, and kind of crazy,” she said. “I was lucky to have the opportunity to learn from the best journalists in Israel, meet the country’s policymakers, and get my microphone in front of them to ask questions.

“I learned a lot, gained a lot of meaningful, character-building experiences and also made many great friends, including my husband. But it also led me to realize this was not the career for me.”

Understanding the Human Behind the Numbers

While government and law are fascinating fields, they just weren’t data-driven enough for Shir. After her Israeli national service, she went on to study statistics and psychology and fell in love with both fields. She said she was lucky to find a job that combines data with a great product while doing global good with fraud protection.

At Trusteer, Shir works on Pinpoint, a risk engine that detects digital identity theft and fraudulent activities on bank accounts. She writes new logic designed to detect those anomalies and monitor rules performance. She also investigates fraud cases and legitimate user activities to ensure the team has the best possible understanding of the current threat and fraud protection landscapes.

With a background as a legal correspondent, a passion for data and an education in psychology, it seems Shir was tailor-made for her role. Every day, she enters the mind of a fraudster, looking to predict criminal activities, understand how malware works, and identify behavioral anomalies and spoofing attempts while also performing analysis and operational research.

In other words, Shir’s job is to “understand the man behind the numbers.”

How Does a Fraudster Behave?

“Maybe it does have something to do with my news background,” she reflected, “because I always find it easier to get at the bigger picture when you’re telling the story, using the trails you find. When I investigate a fraudulent case or wish to create a new logic to our system, the most effective way would be to try and tell what I believe had happened or what should be caught.”

Shir uses her knowledge of psychology to understand not just the fraudster, but also the end user. She must ask herself, for example, whether it’s suspicious for a particular user to log in to his or her bank account using a hosting service, or to change internet service providers (ISPs) often. The user could be a fraudster, but he or she could also just have strong knowledge of security.

“This is a fast-growing and evolving field that involves both technical and human aspects,” she said. “As time passes and technology progresses, IT security becomes a bigger and more significant part of the everyday life of every person.

“I also find it very creative. Fraudsters change their methods fast, and we should be even faster to catch them. We live in an ever-changing world, and we need to take the opportunities we receive.”

The Psychology of Identity Fraud

Ultimately, Shir describes her role as a unique combination of psychology and statistics. She gathers a lot of data, builds profiles for end users and then tries to draw the line between legitimate and suspicious activity to enable fraud protection.

Knowledge of psychology especially helps in social engineering cases, which, according to Shir, total around 30 percent of fraud cases for some of Trusteer’s clients. Social engineering mainly targets elderly victims and other vulnerable groups and involves the fraudster manipulating the victim. Fraudsters participating in phone scams may even pose as bank employees and attempt to trick users into installing malware disguised as fraud protection software. These fraudsters prey on bank customers’ lack of knowledge and fear of losing savings.

“The challenge here is obvious,” Shir explained. “We can’t rely on device identification methods because the fraud is conducted using the known trusted user’s device, so we have to analyze the user’s behavior. How is he acting throughout the fraud? In which parts does he feel afraid? Nervous? Bored? And how can we use that to our advantage?”

As much as she loves the thrill of chasing down bad guys, Shir said the real satisfaction comes from making the world a safer place.

“Knowing that what I do not only maximizes profits, but also helps people, is just great,” she said.

This sentiment is typical of the Trusteer team. Not unlike journalists working a steady beat, these devoted security professionals are committed to exposing flaws in the banking system, tracking down the bad guys and seeking justice for all.

And for Shir Levin, preventing negative fraud headlines from making it to print is even more satisfying than reporting them to the world.

Meet worldwide technical sales leader Shaked Vax

More from Banking & Finance

Cost of a Data Breach: Banking and Finance

The importance of cybersecurity has touched almost every industry. Beyond that, robust cybersecurity is table stakes for several sectors, particularly health care and the banking and finance industry. Not only is financial data at risk, but so is customer trust. In banking and finance, trust means everything. Yet, consumers are hesitant to share their confidential data. A recent McKinsey survey revealed that no industry achieved a trust rating of 50% for data protection. Here’s the most sobering stat: 87% of…

What Do Financial Institutions Need to Know About the SEC’s Proposed Cybersecurity Rules?

On March 9, the U.S. Securities and Exchange Commission (SEC) announced a new set of proposed rules for cybersecurity risk management, strategy and incident disclosure for public companies. One intent of the rule changes is to provide “consistent, comparable and decision-useful” information to investors. Not yet adopted, these new rules – published in the Federal Register on March 23 – could change reporting requirements. Take a look at some of the big-ticket items and what your organization needs to know.…

SEC Proposes New Cybersecurity Rules for Financial Services

Proposed new policies from the Securities and Exchange Commission (SEC) could spell changes for how financial services firms handle cybersecurity. On Feb. 9, the SEC voted to propose cybersecurity risk management policies for registered investment advisers, registered investment companies and business development companies (funds). Next, the proposal will go through a public comment period until May 9.  The Importance of Cybersecurity in Finance The 2021 X-Force Threat Index found that financial services were the most targeted industry. Manufacturing beat out…

Top Security Concerns When Accepting Crypto Payment

From Microsoft to AT&T to Home Depot, more companies are accepting cryptocurrency as a way to pay for products and services. This makes perfect sense as crypto coins are a viable revenue source. Perhaps the time is ripe for businesses to learn how to receive, process and convert crypto payments into fiat currency. Still, many questions remain. How can you safely enable customers to pay with Bitcoin or other digital currency? What are the security risks that come with cryptocurrency? Let’s…