Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

11/2/2020
10:30 AM
Chris Ryan
Chris Ryan
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Fraud Prevention Strategies to Prepare for the Future

While companies have largely adjusted to the new normal for security management, here are some tips for combatting fraud, post-COVID.

The global health crisis has impacted businesses and revealed challenges in the way they identify and treat fraud risk. According to the FTC from January to early October 2020, consumers reported losing a total of more than $156 million to COVID-19-related fraud. 

Fraud threats will likely continue to rise across the globe as fraudsters take advantage of the pandemic and rapidly shifting economic conditions. In addition, Experian's annual Global Identity & Fraud Report found that nearly three in five businesses had seen an increase in fraud in the past 12 months prior to the start of the current economic turmoil and 57% of businesses had reported higher fraud losses associated with account opening and account takeover.

Related Content:

25% of BEC Cybercriminals Based in the US

2020 State of Cybersecurity Operations and Incident Response

New on The Edge: What's Really Happening in Infosec Hiring Now?

As organizations manage the current economic volatility, they also need to be thinking of how they'll position themselves for success when the environment improves. Implementing proper fraud prevention strategies can help reduce future losses to their portfolios. Below are ways that organizations can proactively mitigate increasing fraud risks.

Understand and Categorize the Type of Fraud
The ability to accurately identify individual fraud types is important as organizations experience an unprecedented economic period combined with the transition to digital. Through accurate fraud detection models and proper identification, organizations can apply the correct treatments to maximize the effectiveness of their fraud response, since the treatment for first- and third-party fraud is different.

In simple terms, first-party fraud involves a person making financial commitments or defaulting on existing commitments using their own identity, a manipulated version of their own identity, or a synthetic identity that they control. Third-party fraud occurs when a fraudster steals another individual's identity and/or account information to impersonate them and use the account without the accountholder's consent. 

Theoretically, third-party fraud is a little easier to manage, because the fraud victim is usually willing to participate and confirm if activity is fraudulent or legitimate. Without minimizing the challenge of identifying the risky cases, organizations at least have this advantage. If you can reach the victim, you know if a case is fraudulent or not.

On the other hand, first-party fraud can be especially challenging since there's no real victim to verify that fraud is occurring. The person who controls the identity is complicit in the fraud, and that is a big handicap. The problem is amplified during times of economic hardship. The actions of genuinely good people facing financial difficultly can be hard to distinguish from others with fraudulent intent.

When organizations are unsure how to treat different types of fraud risk, it can result in poor customer experience so it's important to have the ability to distinguish these types.

In the past, companies have used "blended" fraud risk scores to predict overall risk based on a range of fraud types but those can sometimes sacrifice accuracy in order to cast a wider net. Many fraud solutions on the market look at all fraud as one classification, which makes it difficult to apply the right treatment for first- and third-party risk. New tools can provide a wide range of scores that predict first- and third-party fraud risk independently, which enables lenders to prescribe treatment for each type of risk. Lenders can then detect and distinguish multiple types of fraud in a single step: first-party, third-party, and synthetic ID. 

By accurately recognizing risk, organizations better able to protect their portfolios and their customers.

Use Advanced Analytics and Technology to Keep Up
Resource constraints, such as smaller budgets for capital expenditures and hiring, are bringing new scrutiny to the decades-old practice of supplementing analytics with manual review to determine the type of fraud risk and the appropriate next steps to combat fraud. Leveraging advanced data and innovative technology, such as machine learning and artificial intelligence, can help organizations detect varying levels of fraud and minimize false positives.

Diverse data is critical to driving model performance and better predicting different types of fraud. The depth and breadth of the data can help companies combat fraudsters who are rapidly evolving and changing their behavior to try to outsmart financial systems.

Chris Ryan is a Senior Fraud Solutions Consultant at Experian. He delivers expertise that helps clients make the most from data, technology, and investigative resources to combat and mitigate fraud risks across the industries that Experian serves. Ryan provides clients with ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-36388
PUBLISHED: 2021-06-17
In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.
CVE-2020-36389
PUBLISHED: 2021-06-17
In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.
CVE-2021-32575
PUBLISHED: 2021-06-17
HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.
CVE-2021-33557
PUBLISHED: 2021-06-17
An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.
CVE-2021-23396
PUBLISHED: 2021-06-17
All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function.