This is the first installment in a three-part series. Stay tuned for parts two and three to learn more.

Innovation is key to successful digital transformation, digital identity trust and, ultimately, business growth. We live in a dynamic environment that benefits from an adaptive security approach to digital identity trust. Many industry experts recommend continuous risk authentication, but also important to your strategy is your security solution provider and its ability to innovate.

The fraud protection and digital identity trust solution provider you choose can impact your success. Fostering an environment of protection and engaged customers is a team event. Trust in your fraud detection provider can build trust with your customers — it runs full circle.

So how do you know which security provider is best for you? How do you know who to trust? Rob Rendell, global client success leader, financial fraud prevention and strategic development at IBM Security, has been hands-on in fraud prevention vendor selection processes for years and has a deep understanding of what can lead to a successful partnership.

How to Maximize Your Fraud Prevention Investment, According to a Digital Trust Expert

Question: In your experience, why do organizations typically seek a new fraud protection vendor?

Rendell: Typically, one of two things sparks a need for a new vendor:

  1. Fraud losses: Either continual losses (slow bleed) or a major event will cause an organization to look externally to seek a new solution or extension of an existing solution to curve the trend with losses.
  2. Customer experience optimization for new product or feature expansion: When leadership decides to launch new capabilities for consumers, risk management leaders must perform risk evaluations. In some cases, new features and functionality mean unfavorable risk exposure, which requires risk management teams to leverage technology to mitigate the exposure. They also look to balance risk and customer experience. This combined effort can help establish a digital identity trust approach that can provide customers with the journey they expect.

With growing customer demand for anytime, anywhere access, why is real-time visibility important in a new solution?

Rendell: As the settlement of transactions has moved to real time, risk should also be evaluated in real time. Passive monitoring throughout the user journey can help achieve this continuous viewpoint into user risk. It is also important to mitigate session account takeover attacks, which have become increasingly sophisticated.

Passive monitoring also enhances the user experience by helping to reduce interdiction rates. Historically, organizations used strict business policy rules within user flows. Today, they can use intelligence from passive monitoring and only interdict when there is evidence of risk.

We hear a lot of buzz around machine learning and artificial intelligence (AI) being built into fraud protection solutions. Can you tell us what that means?

Rendell: Pairing machine learning and AI with a continuous security strategy can lead to fraud tools that help enable continuous learning. These models can quickly update based on changing fraud trends. This self-tuning doesn’t rely on data analyst intervention. Such intervention requires lengthy data jockeying and can be costly from an employee funding perspective.

What additional value can a vendor bring to your organization that you can’t otherwise do yourself, and how important is this?

Rendell: Typically, vendors (service suppliers) have a unique perspective, as they have a viewpoint into trends in other geographies, markets and organizations. When it comes to fraud information/intelligence sharing, this is important. Consortium data is a powerful tool to help protect peer organizations from common bad actors, and it provokes peers to share insights as they happen. In this model, everyone has each other’s best interest in mind. Consortium insights provide businesses a global viewpoint that they otherwise might not have access to.

Read the “2018 Digital Identity Trust Survey” to learn more

More from Fraud Protection

What’s up India? PixPirate is back and spreading via WhatsApp

8 min read - This blog post is the continuation of a previous blog regarding PixPirate malware. If you haven’t read the initial post, please take a couple of minutes to get caught up before diving into this content. PixPirate malware consists of two components: a downloader application and a droppee application, and both are custom-made and operated by the same fraudster group. Although the traditional role of a downloader is to install the droppee on the victim device, with PixPirate, the downloader also…

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today