In today’s connected world, all businesses and organisations are at risk of becoming victims of fraud. Intelligent CISO hears from industry experts about the biggest threats and how these can best be defended against.
Are there any new trends businesses/organisations should be aware of when it comes to fraud?
According to Action Fraud, the UK’s central reporting centre for fraud and cybercrime, one of the most common frauds businesses experience is payment diversion fraud.
This normally happens when a business or their supplier’s emails are compromised and can affect many types of businesses and organisations, including conveyancing and solicitors’ firms, particularly during the completion stage on properties. Other ways in which this can happen is through spoofed emails which claim to be from a CEO. These are often addressed to the financial officer and ask for an urgent transfer.
To prevent this, businesses should ensure they have a means to query any change requests or spontaneous payments. Action Fraud advises solicitors that any payment instructions should come by letter rather than email and that secure platforms are used to exchange correspondence.
Another type of fraud frequently reported to Action Fraud by businesses is phishing. Fraudsters will pose as well-known companies in order to trick businesses into parting with information and money. To prevent this from happening, employees should check the source of their emails before passing on data which may lead to fraud. Businesses need to be aware that phishing emails, calls and texts can also affect their customers, so that they can react appropriately.
The current fraud landscape
Ryan Wilk, Vice President at NuData Security, a Mastercard company
Every week, news of another data breach or exposed server proves that mass-scale personally identifiable information (PII) leaks are now an unfortunate fact of life. The global threat environment is constantly evolving, fraud rates are soaring and fraudsters’ exploits and data mining capabilities are increasingly sophisticated.
As a result, many of the newer authentication alternatives that layer on additional login steps are all too easily thwarted, such as those that layer on additional credentials and one-time codes that revolve around static data.
Online fraud offers a lucrative source of income for cybercriminals, with 3.6 million fraud incidents last year. With such tempting promise of high reward and low prosecution rates, emboldened cybercriminals have grown in their sophistication, exploiting the human-interest factor by posing as trusted companies and then duping consumers into revealing their personal details.
These scams have also proven to be effective in targeting senior executives from organisations, who have been tricked into revealing sensitive information – allowing access to the company network.
To detect out-of-character and potentially fraudulent transactions before they can create a financial nightmare for consumers, businesses must adopt new authentication methods that bad actors can’t deceive. Solutions based on consumer behaviour and interactional signals are leading the way to provide more safety for consumers, and less fraud in the marketplace.
Using biometrics to verify users
NuData Security, acquired by Mastercard last year, takes a different approach to user verification by rendering stolen data valueless. NuData accurately verifies whether a new or known user is behaving suspiciously by looking at what makes them inimitable: their behaviour. This way companies don’t have to rely on personally identifiable information alone.
NuData has an integrated multi-layered approach with passive biometrics that assesses what makes users unique. Together, and with the use of Machine Learning, the solution continually identifies legitimate or fraudulent activity as it evolves.
This proactive approach has a fraud prevention accuracy of 99.9%, protecting user accounts and companies form most forms of fraud, including account takeover with stolen credentials.
Lukayn Hunsicker, BAE Systems Global Head of Banking Fraud Solutions
Fraud affects every type of financial institution, from small, local banks, to credit unions, to the biggest banks in the country. Fraud solutions for each of these institutions are unique to the business.
BAE Systems offers various types of solutions for any type of bank, large and small to help prevent banking fraud and to secure business in the long run. With emerging technologies opening the door to more vulnerabilities, and bad actors finding new ways to enter networks, all banks must take steps to strengthen their defences.
BAE Systems offers a wide array of solutions, one that is designed to help prevent fraud in the banking sector. We do this with market-proven financial crime analytics and risk management solutions that help protect against some of the most complex industry threats.
One example is NetReveal, our risk, fraud and compliance solutions platform, which uses advanced analytics and expertise to unlock data intelligence, helping organisations identify and prevent financial crime.
Preventing fraud can come easily if the right parts are put in place. One best practice for general security health is to always have a clear and thorough business strategy in place, which dictates security strategy across the business. A single business strategy, particularly for smaller banks with less resources, should be kept in mind when developing fraud strategy to ensure long-term security and company alignment.
Overall, financial fraud detection has come a long way in recent years. For example, open source and Big Data technology gives institutions a leg up on addressing financial crime. Overall, technological advancements enable banks to address fraud in a better way, allowing the ability to address new transaction types in a faster manner, while also pairing with analytics in near real-time stream.
In today’s connected world, the increasing convergence of techniques and approaches used between cyber and financial crime can open up new risks. Advances in technology means that people, and funds, move around the world faster than ever before. While all of these factors increase the abundance of fraud in the banking sector, it is preventable with the right solutions in place.
‘Best practice’ for preventing fraud
Rashmi Knowles, Field CTO, RSA Security
The first step in avoiding fraud is creating a ‘human firewall’ within an organisation – i.e. communicating that security is everyone’s responsibility.
Every member of an organisation should understand the threat posed by hackers and the benefits of keeping their company secure, not just within the context of their role, but across the entire organisation.
This can be supported through employee training programmes where employees are capable of not only recognising cyberthreats but are comfortable reporting them. Instead of traditional classroom or computer-based training, organisations should be pushing for concentrated campaigns and interactive training methods such as learning via gaming software.
As employees are generally the weakest link in any company’s security, organisations should seek to educate employees about how they are on the frontline of the fight against cybercrime.
Employees need to be educated to ensure they avoid clicking on links in text messages or emails from unfamiliar senders, which will help to mitigate the risk of having bank details stolen, or malware being installed on devices.
Organisations should also look to create a device identification process, using a business-driven approach to security by linking device identification to a clear risk strategy e.g. ask users on new devices to re-authenticate to reduce the risk of fraud.
RSA Security’s fraud solutions
Daniel Cohen, Director of RSA’s Fraud and Risk Intelligence (FRI) Unit
Fraud is an incredibly complex issue that covers so many different areas, from identity theft to credit card compromise. Traditional fraud methods, such as phishing, trojan attacks and rogue mobile apps are still prevalent.
For example, in RSA’s Q2 fraud report phishing was found to account for 41% of all fraud attacks. Given how many angles there are for cybercriminals to exploit, enterprises need to have a full suite of tools, including intelligent threat systems and sophisticated analytics, available to ensure they are properly protected.
RSA offers a variety of fraud prevention solutions, designed to offer a layered, omni-channel approach to detecting and mitigating fraud. RSA FraudAction provides businesses with visibility into online attacks such as phishing, malware, rogue apps and social media threats.
This is complemented by RSA Web Threat Detection that leverages behavioural analytics to prevent account takeovers, automated attacks and other high-impact fraud threats by analysing user activity from the moment they start a new session to when they log off from a website or mobile app.
Finally, Adaptive Authentication provides transaction-level risk analysis using advanced Machine Learning capabilities, authenticates end-users and detects and prevents fraudulent transactions, across numerous channels, to minimise financial risk.