Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

11/2/2020
10:30 AM
Chris Ryan
Chris Ryan
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Fraud Prevention Strategies to Prepare for the Future

While companies have largely adjusted to the new normal for security management, here are some tips for combatting fraud, post-COVID.

The global health crisis has impacted businesses and revealed challenges in the way they identify and treat fraud risk. According to the FTC from January to early October 2020, consumers reported losing a total of more than $156 million to COVID-19-related fraud. 

Fraud threats will likely continue to rise across the globe as fraudsters take advantage of the pandemic and rapidly shifting economic conditions. In addition, Experian's annual Global Identity & Fraud Report found that nearly three in five businesses had seen an increase in fraud in the past 12 months prior to the start of the current economic turmoil and 57% of businesses had reported higher fraud losses associated with account opening and account takeover.

Related Content:

25% of BEC Cybercriminals Based in the US

2020 State of Cybersecurity Operations and Incident Response

New on The Edge: What's Really Happening in Infosec Hiring Now?

As organizations manage the current economic volatility, they also need to be thinking of how they'll position themselves for success when the environment improves. Implementing proper fraud prevention strategies can help reduce future losses to their portfolios. Below are ways that organizations can proactively mitigate increasing fraud risks.

Understand and Categorize the Type of Fraud
The ability to accurately identify individual fraud types is important as organizations experience an unprecedented economic period combined with the transition to digital. Through accurate fraud detection models and proper identification, organizations can apply the correct treatments to maximize the effectiveness of their fraud response, since the treatment for first- and third-party fraud is different.

In simple terms, first-party fraud involves a person making financial commitments or defaulting on existing commitments using their own identity, a manipulated version of their own identity, or a synthetic identity that they control. Third-party fraud occurs when a fraudster steals another individual's identity and/or account information to impersonate them and use the account without the accountholder's consent. 

Theoretically, third-party fraud is a little easier to manage, because the fraud victim is usually willing to participate and confirm if activity is fraudulent or legitimate. Without minimizing the challenge of identifying the risky cases, organizations at least have this advantage. If you can reach the victim, you know if a case is fraudulent or not.

On the other hand, first-party fraud can be especially challenging since there's no real victim to verify that fraud is occurring. The person who controls the identity is complicit in the fraud, and that is a big handicap. The problem is amplified during times of economic hardship. The actions of genuinely good people facing financial difficultly can be hard to distinguish from others with fraudulent intent.

When organizations are unsure how to treat different types of fraud risk, it can result in poor customer experience so it's important to have the ability to distinguish these types.

In the past, companies have used "blended" fraud risk scores to predict overall risk based on a range of fraud types but those can sometimes sacrifice accuracy in order to cast a wider net. Many fraud solutions on the market look at all fraud as one classification, which makes it difficult to apply the right treatment for first- and third-party risk. New tools can provide a wide range of scores that predict first- and third-party fraud risk independently, which enables lenders to prescribe treatment for each type of risk. Lenders can then detect and distinguish multiple types of fraud in a single step: first-party, third-party, and synthetic ID. 

By accurately recognizing risk, organizations better able to protect their portfolios and their customers.

Use Advanced Analytics and Technology to Keep Up
Resource constraints, such as smaller budgets for capital expenditures and hiring, are bringing new scrutiny to the decades-old practice of supplementing analytics with manual review to determine the type of fraud risk and the appropriate next steps to combat fraud. Leveraging advanced data and innovative technology, such as machine learning and artificial intelligence, can help organizations detect varying levels of fraud and minimize false positives.

Diverse data is critical to driving model performance and better predicting different types of fraud. The depth and breadth of the data can help companies combat fraudsters who are rapidly evolving and changing their behavior to try to outsmart financial systems.

Chris Ryan is a Senior Fraud Solutions Consultant at Experian. He delivers expertise that helps clients make the most from data, technology, and investigative resources to combat and mitigate fraud risks across the industries that Experian serves. Ryan provides clients with ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.