Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

11/2/2020
10:30 AM
Chris Ryan
Chris Ryan
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Fraud Prevention Strategies to Prepare for the Future

While companies have largely adjusted to the new normal for security management, here are some tips for combatting fraud, post-COVID.

The global health crisis has impacted businesses and revealed challenges in the way they identify and treat fraud risk. According to the FTC from January to early October 2020, consumers reported losing a total of more than $156 million to COVID-19-related fraud. 

Fraud threats will likely continue to rise across the globe as fraudsters take advantage of the pandemic and rapidly shifting economic conditions. In addition, Experian's annual Global Identity & Fraud Report found that nearly three in five businesses had seen an increase in fraud in the past 12 months prior to the start of the current economic turmoil and 57% of businesses had reported higher fraud losses associated with account opening and account takeover.

Related Content:

25% of BEC Cybercriminals Based in the US

2020 State of Cybersecurity Operations and Incident Response

New on The Edge: What's Really Happening in Infosec Hiring Now?

As organizations manage the current economic volatility, they also need to be thinking of how they'll position themselves for success when the environment improves. Implementing proper fraud prevention strategies can help reduce future losses to their portfolios. Below are ways that organizations can proactively mitigate increasing fraud risks.

Understand and Categorize the Type of Fraud
The ability to accurately identify individual fraud types is important as organizations experience an unprecedented economic period combined with the transition to digital. Through accurate fraud detection models and proper identification, organizations can apply the correct treatments to maximize the effectiveness of their fraud response, since the treatment for first- and third-party fraud is different.

In simple terms, first-party fraud involves a person making financial commitments or defaulting on existing commitments using their own identity, a manipulated version of their own identity, or a synthetic identity that they control. Third-party fraud occurs when a fraudster steals another individual's identity and/or account information to impersonate them and use the account without the accountholder's consent. 

Theoretically, third-party fraud is a little easier to manage, because the fraud victim is usually willing to participate and confirm if activity is fraudulent or legitimate. Without minimizing the challenge of identifying the risky cases, organizations at least have this advantage. If you can reach the victim, you know if a case is fraudulent or not.

On the other hand, first-party fraud can be especially challenging since there's no real victim to verify that fraud is occurring. The person who controls the identity is complicit in the fraud, and that is a big handicap. The problem is amplified during times of economic hardship. The actions of genuinely good people facing financial difficultly can be hard to distinguish from others with fraudulent intent.

When organizations are unsure how to treat different types of fraud risk, it can result in poor customer experience so it's important to have the ability to distinguish these types.

In the past, companies have used "blended" fraud risk scores to predict overall risk based on a range of fraud types but those can sometimes sacrifice accuracy in order to cast a wider net. Many fraud solutions on the market look at all fraud as one classification, which makes it difficult to apply the right treatment for first- and third-party risk. New tools can provide a wide range of scores that predict first- and third-party fraud risk independently, which enables lenders to prescribe treatment for each type of risk. Lenders can then detect and distinguish multiple types of fraud in a single step: first-party, third-party, and synthetic ID. 

By accurately recognizing risk, organizations better able to protect their portfolios and their customers.

Use Advanced Analytics and Technology to Keep Up
Resource constraints, such as smaller budgets for capital expenditures and hiring, are bringing new scrutiny to the decades-old practice of supplementing analytics with manual review to determine the type of fraud risk and the appropriate next steps to combat fraud. Leveraging advanced data and innovative technology, such as machine learning and artificial intelligence, can help organizations detect varying levels of fraud and minimize false positives.

Diverse data is critical to driving model performance and better predicting different types of fraud. The depth and breadth of the data can help companies combat fraudsters who are rapidly evolving and changing their behavior to try to outsmart financial systems.

Chris Ryan is a Senior Fraud Solutions Consultant at Experian. He delivers expertise that helps clients make the most from data, technology, and investigative resources to combat and mitigate fraud risks across the industries that Experian serves. Ryan provides clients with ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing Writer,  11/25/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26250
PUBLISHED: 2020-12-01
OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated (in jupyterhub 1.2) configuration `Authenticator.whitelist`, which should be transparently mapped to `Authenticator.allowed_users` with a warning, is instead ignored by ...
CVE-2020-28576
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.
CVE-2020-28577
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.
CVE-2020-28582
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.
CVE-2020-28583
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.