Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

11/2/2020
10:30 AM
Chris Ryan
Chris Ryan
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Fraud Prevention Strategies to Prepare for the Future

While companies have largely adjusted to the new normal for security management, here are some tips for combatting fraud, post-COVID.

The global health crisis has impacted businesses and revealed challenges in the way they identify and treat fraud risk. According to the FTC from January to early October 2020, consumers reported losing a total of more than $156 million to COVID-19-related fraud. 

Fraud threats will likely continue to rise across the globe as fraudsters take advantage of the pandemic and rapidly shifting economic conditions. In addition, Experian's annual Global Identity & Fraud Report found that nearly three in five businesses had seen an increase in fraud in the past 12 months prior to the start of the current economic turmoil and 57% of businesses had reported higher fraud losses associated with account opening and account takeover.

Related Content:

25% of BEC Cybercriminals Based in the US

2020 State of Cybersecurity Operations and Incident Response

New on The Edge: What's Really Happening in Infosec Hiring Now?

As organizations manage the current economic volatility, they also need to be thinking of how they'll position themselves for success when the environment improves. Implementing proper fraud prevention strategies can help reduce future losses to their portfolios. Below are ways that organizations can proactively mitigate increasing fraud risks.

Understand and Categorize the Type of Fraud
The ability to accurately identify individual fraud types is important as organizations experience an unprecedented economic period combined with the transition to digital. Through accurate fraud detection models and proper identification, organizations can apply the correct treatments to maximize the effectiveness of their fraud response, since the treatment for first- and third-party fraud is different.

In simple terms, first-party fraud involves a person making financial commitments or defaulting on existing commitments using their own identity, a manipulated version of their own identity, or a synthetic identity that they control. Third-party fraud occurs when a fraudster steals another individual's identity and/or account information to impersonate them and use the account without the accountholder's consent. 

Theoretically, third-party fraud is a little easier to manage, because the fraud victim is usually willing to participate and confirm if activity is fraudulent or legitimate. Without minimizing the challenge of identifying the risky cases, organizations at least have this advantage. If you can reach the victim, you know if a case is fraudulent or not.

On the other hand, first-party fraud can be especially challenging since there's no real victim to verify that fraud is occurring. The person who controls the identity is complicit in the fraud, and that is a big handicap. The problem is amplified during times of economic hardship. The actions of genuinely good people facing financial difficultly can be hard to distinguish from others with fraudulent intent.

When organizations are unsure how to treat different types of fraud risk, it can result in poor customer experience so it's important to have the ability to distinguish these types.

In the past, companies have used "blended" fraud risk scores to predict overall risk based on a range of fraud types but those can sometimes sacrifice accuracy in order to cast a wider net. Many fraud solutions on the market look at all fraud as one classification, which makes it difficult to apply the right treatment for first- and third-party risk. New tools can provide a wide range of scores that predict first- and third-party fraud risk independently, which enables lenders to prescribe treatment for each type of risk. Lenders can then detect and distinguish multiple types of fraud in a single step: first-party, third-party, and synthetic ID. 

By accurately recognizing risk, organizations better able to protect their portfolios and their customers.

Use Advanced Analytics and Technology to Keep Up
Resource constraints, such as smaller budgets for capital expenditures and hiring, are bringing new scrutiny to the decades-old practice of supplementing analytics with manual review to determine the type of fraud risk and the appropriate next steps to combat fraud. Leveraging advanced data and innovative technology, such as machine learning and artificial intelligence, can help organizations detect varying levels of fraud and minimize false positives.

Diverse data is critical to driving model performance and better predicting different types of fraud. The depth and breadth of the data can help companies combat fraudsters who are rapidly evolving and changing their behavior to try to outsmart financial systems.

Chris Ryan is a Senior Fraud Solutions Consultant at Experian. He delivers expertise that helps clients make the most from data, technology, and investigative resources to combat and mitigate fraud risks across the industries that Experian serves. Ryan provides clients with ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
CVE-2020-12525
PUBLISHED: 2021-01-22
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
CVE-2020-12511
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.