Can't End Online Fraud? Mitigate It

<div>Several years ago, someone in the banking industry told me that 3-D secure would end online card fraud. But clearly the fraudsters weren&rsquo;t listening. Today, banking fraud is estimated to gross more than $120 billion per annum worldwide &ndash; more than the GDP of New Zealand. <br /><br />Just as water finds a way around obstacles, so does fraud. And, just as a trickle of water can become a raging torrent, so fraud can quickly spiral out of control. It is a harsh fact of life that we are never going to stop fraudsters plying their trade. But we can make it as difficult as possible for them. <br /><br />The trends are not easy to spot, but over the years there has been a significant shift from crimes committed by individuals to crimes instigated by international criminal rings. The typical 1980s fraudster was an individual, preying on consumers&rsquo; credit cards to fund their lifestyle. Today&rsquo;s criminals are more likely to be international syndicates working across borders, using insider knowledge and immense technical skill to attack banks at every point possible. <br /><br /><strong>New Technology, New Fraud Opportunities <br /></strong>Because bank fraud systems are not as mature as card fraud prevention, we are inevitably seeing a rise in attacks in this area. Sophisticated crime syndicates will look at the whole customer rather than specific products. Criminals watch activity across all services, for example: how a card is used, how the current and savings accounts are being used, and how the three interact. <br /><br />The combination of Internet and smartphones offer fraudsters more scope. To highlight the problem, researcher Jon Oberheide at Scio Security published an Android&trade; application masquerading as a preview of the Twilight Eclipse film, attracting 200 teenagers to download it in just 24 hours. The application could be modified using remote server malicious code, turning devices into zombie-like &lsquo;botnets&rsquo; relaying precious financial information to the criminals. <br /><br /><br /><strong>Ten Smart Ideas To Attack Fraud <br /></strong>While we cannot make fraudsters go away, there is a lot we can do to make it harder for them to turn a profit and mitigate the impact.<br /><br /><strong>Great Data</strong><br />The more you know, the easier it is to prevent fraud. If your data is not reliable, your hands are tied. External data sources make a big difference too, so do not neglect regulatory input. And include positive data, so your customers are not incorrectly flagged as criminals when they make an unexpected purchase.</div><div><br /><strong>Effective Actions <br /></strong>You mayhave a massive amount of data andreams of management reports, but if they are not being used properly they are useless. Actions must be accurate and swift. Take the use of a fraudulent card to carry out a transaction.The fraud will increase 10 fold in the 10 minutes immediately after its first fraudulent use if you do not take action to stop it.<br /><br /><strong>Detailed Processes</strong> <br />One size does not fit all. You have to keep reviewing your systems to make sure they arefit for purpose. For example, you cannot just rely on &lsquo;scores&rsquo;because, by definition, they are historical. To see where fraud is being perpetrated, you need bespoke analytics. <br /><br /><strong>Do Your Research <br /></strong>Look for data that criminals are selling online: cards numbers, email accounts and so on. You need to be looking at the same material that fraudstersuse. Keep up to date you&rsquo;re your technology research too. There are many fraud management systems around and you need experience to pick the right ones. <br /><br /><strong>Set Clear Goals </strong><br />Make sure your fraud team has a clear goal. Aiming to keep fraud low is not a good enough target. You need to be clear about the amount of fraud your organisation is prepared tobear. Integrate the fraud team with other departments in your organisation so everyone knows what to look for, and assess how many customers you might inconvenience by implementing tighter security measures. In the end, it will always be a balance between security and customer service.<br /><br /><strong>Employ World-class Expertise <br /></strong>Employ the best systems and get the right people to run them. Often, businesses invest in great systems and buy expensive score cards, but if they are not using them correctly, this investment is wasted and fraud will inevitably run out of control. <br /><br /><strong>Encourage Flexible Thinking <br /></strong>No two fraud attacks are ever the same. We often find it is most effective to put a manual solution in place before technical ones. People can spot trends and problems faster. Make the system work manually &ndash; and then automate it. <br /><br /><strong>Stay One Step Ahead Of The Fraudster <br /></strong>Remain vigilant. Fraud does not keep office hours. Some businesses use only technology to cover the night-time, forgetting that fraud is a round-the-clock operation. Ask more people to look at data so that it is widely understood. We believe data will be shared much more widely in the future and we are currently looking at a fraud utility that breaks down the organisational silo mentality and allows more sharing.<br /><br /><strong>Implement Leading Edge Fraud Prevention Technologies </strong><br />You want the best, but financial organisations need to use fraud prevention technology wisely. The number of leading edge fraud prevention technologies that are emerging into the market is enormous and becoming more and more capable, flexible and effective. But with these developments come huge risks in both the selection of such technologies and the associated implementation strategies. As in Tip 6,it takes experienced fraud prevention teams to be able to make the right product selection. The team also needs to be strong enough to challenge implementation schedules that do not allow sufficient preparation time.<br /><br /><strong>Use An Experienced Provider <br /></strong>It&rsquo;s hard to keep track of changes in fraud activity, in legislation and in technology. By using an experienced provider to advise on key decisions you can get on with what you&rsquo;re best at &ndash; running your business. <br /><br />The fight against the fraudster is a constant battle. The gains for the organised criminal fraternity are so substantial that we know they will never give up. Organised crime is a highly sophisticated, well-funded and technologically advanced business. We can only hope to stay one step ahead by matching them and using our collective experience to plug the gaps when they become exposed. <br /><br />(<em>Raja Gopalakrishnan&nbsp; is Group Managing Director, Asia, FIS</em>)<br />&nbsp;</div>