FIGHTING FRAUD - Dtex Systems
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
I N D EPEN D EN T P U B L I C AT I O N BY RACONTEUR.NET #0627 23/10/2019
FIGHTING FRAUD
03 UK FRAUD CONCERNS
RISE AHEAD OF BREXIT 04 ARE DIGITAL NATIVES
MORE AT RISK? 14 WHEN INSIDER THREATS
COME FROM THE TOP
The SIX Digital Exchange is building
the future of capital markets.
On a foundation of trust & security. sdx.com
I N D EPEN D EN T P U B L I C AT I O N BY RACONTEUR.NET #0565 2 9/ 0 1 / 2 0 1 9 RACONTEUR.NET 03
FIGHTING BREXIT
FRAUD
Risks rise as UK enters
Distributed in
Published in association with
unchartered territory
Fraud flourishes amid uncertainty, raising concerns
for businesses staring down the barrel of Brexit
Michelle Perry restructuring leading to job losses
Contributors
Frederick Tubiermont/Unsplash
may cause a rise in business fraud.
raudsters thrive in dis- When it comes to cyber-fraud
Josie Cox Cath Everett F order and chaos. Where attacks, it is less relevant whether
Freelance business Journalist specialising there is disruption, crim- the UK is in or out of the EU. Cyber-
reporter, commentator in workplace, leadership inals will wheedle their way in to fraudsters operate on an interna-
and broadcaster, she and organisational
take advantage of the confusion. tional level from diverse locations
worked at Reuters and culture, she also writes
The Wall Street Journal, about the impact of
A prime example is the recent col- around the globe. Arbitrary geo-
and was business editor technology on business lapse of 178-year-old tour oper- graphical borders are an irrele-
of The Independent. and society. ator Thomas Cook and ensuing vance to international fraudsters.
potential for business fraud. Just “There's some assurance and
Duncan Jefferies Gemma Milne days after the firm failed, banks confidence in our enforcement,
Freelance journalist and Freelance science and
and other financial services pro- but it’s the unknown – what the
copywriter, he covers technology journalist,
digital culture, technology her work has been viders were warning customers attack will look like – and the level
and innovation, and published in Forbes, about scammers. and methodology of it, as well as
writes for The Guardian the BBC and Quartz. That was just one company col- whether or not we are ready to cope
and Independent Voices. lapse. On October 31, the UK is with it,” says Mr McAuley.
set to leave the European Union, And here’s the rub: cross-border
Michelle Perry Davey Winder which means an almost 50-year cyberattacks are increasingly dealt
Freelance journalist Award-winning
multi-layered relationship would with by cross-border counter fraud
covering the finance and journalist and author, he
business sectors, and specialises in information be unravelled. In this unravelling teams working collaboratively
former editor of a number security, contributing to and the resulting confusion, fraud- around the world. There is a risk
of business magazines. Infosecurity magazine. sters will look to prey on vulnera- that Brexit could impact informa-
She is currently editor of
ble businesses. tion-sharing among law enforce-
UK Landlord magazine.
“Initially, Brexit will present ment agencies. Overseas arrest
quite a threat. If we leave the EU, warrants could also be affected.
and even if we don’t, the uncer- One advantage to leaving the EU
tainty that goes along with it puts single market, however, could be
us in uncharted territory,” says a fall in the incidence of carou-
Marc McAuley, counter fraud is around £49 billion, while indi- are other rules and regulations sel fraud, also known as missing
services lead at the Chartered viduals lose around £7 billion. set by Europe that if all of a sud- trader fraud, in the UK. Carousel
Institute of Public Finance and Amid the Brexit confusion there den we withdraw, what happens to fraud is where criminals import
Accountancy (CIPFA). are certain areas where fraudsters those? Do we continue to abide by goods VAT-free from other coun-
“We don't know what rules or reg- may seek to take advantage of busi- those rules or will business and the tries, then sell the goods to domes-
ulations will be imposed on the UK nesses, according to KPMG. These public sector deviate from them tic buyers, charging them VAT.
public sector and UK business. But areas concern changes to the legal because they are no longer UK The sellers subsequently disap-
the rules will be certainly chang- and regulatory landscape, busi- law? These are the areas that will pear without paying the tax to
ing. And anytime there's uncer- ness investment, tax and changes create confusion and uncertainty. the government.
Publishing manager Head of production
Hannah Smallman Justyna O'Connell tainty or change it creates a threat to the location of operations. I believe there will be a spike in It will not reduce this kind of
for us and an opportunity for fraud- Many EU directives have been fraud intent,” he says. fraud overall, but the VAT scam
Associate editor Design sters to exploit our weaknesses, the incorporated into UK law, but oth- Worryingly though, the first wave will be displaced to outside the
Peter Archer Joanna Bird
ambiguity and uncertainty.” ers have not. CIPFA’s Mr McAuley of fraudsters seeking to exploit UK. However, just as quickly as one
Sara Gelfgren
Roy Waligora, head of inves- says this uncertainty over which loopholes and confusion over legal tax fraud fades, another is likely to
Deputy editor Kellie Jerrard
Francesca Cassidy Harry Lewis-Irlam tigations and corporate foren- rules the UK will keep and which it and regulatory changes are likely take its place.
Celina Lucey sics at KPMG, adds: “Brexit will will not will create a gap that crim- to be industry insiders, KPMG A further opportunity for busi-
Managing editor Colm McDermott affect us in many different ways. inals can exploit. says. Businesses may misrepresent ness would be to embrace the
Benjamin Chiou Samuele Motta Overall though, it would be impru- “We’ve incorporated the their levels of access rights, tax upheaval of leaving the EU and
Jack Woolrich dent to assume some level of dis- EU’s General Data Protection benefits or central grant funding use it as a chance to review all pol-
Digital content executive
Head of design ruption, and potentially chaos, Regulation into UK law, but there to secure investment, or business icies and procedures in the sup-
Taryn Brickner
Tim Whitlock won’t happen. ply chain, knowing your business
“Fraudsters are very agile and partners and other aspects of a
£190BN
that does, to our mind, create the business vulnerable to fraud.
opportunity and environment for It is unlikely fraud prevention
Although this publication is funded through advertising and fraud. Fraud in general in the UK is will ever eradicate business fraud.
sponsorship, all editorial is without bias and sponsored features a sizeable problem and a challenge And as new technologies bring
are clearly labelled. For an upcoming schedule, partnership both for corporates to deal with annual cost us untold benefits, they also aid
inquiries or feedback, please call +44 (0)20 3877 3800 or and also law enforcement.” of fraud in organised crime to devise new
email info@raconteur.net It is not, however, straightfor- the UK ways of defrauding businesses.
Raconteur is a leading publisher of special-interest content and
ward to pin down a concrete fig- Cybercrime is clearly set to grow,
research. Its publications and articles cover a wide range of topics,
ure for the total value of business so governments and business
including business, finance, sustainability, healthcare, lifestyle and
fraud in the UK, but it is clear fraud leaders must co-operate to com-
£100BN 3.4M
technology. Raconteur special reports are published exclusively in
The Times and The Sunday Times as well as online at raconteur.net is a problem that is on the rise. The bat increasingly complex frauds.
The information contained in this publication has been obtained National Crime Agency (NCA) puts Outside the tight-knit EU commu-
from sources the Proprietors believe to be correct. However, the total cost of fraud in England nity, it would be vital for the UK to
no legal liability can be accepted for any errors. No part of this and Wales at £190 billion. The pri- ensure cross-border collaboration
publication may be reproduced without the prior consent of the estimated value of money annual number of incidents
vate sector is impacted the most, laundered through the UK of fraud in England and and international co-operation in
Publisher. © Raconteur Media
losing around £140 billion, accord- each year Wales alone the fight against rising fraud. It is,
ing to the NCA’s estimates. The however, in all parties’ interests to
@raconteur /raconteur.net @raconteur_london estimated cost to the public sector National Crime Agency 2018 work together.
raconteur.net /fighting-fraud-2019
I N D EPEN D EN T P U B L I C AT I O N BY RACONTEUR.NET #0565 2 9/ 0 1 / 2 0 1 9 RACONTEUR.NET 03
FIGHTING BREXIT
FRAUD
Risks rise as UK enters
Distributed in
Published in association with
unchartered territory
Fraud flourishes amid uncertainty, raising concerns
for businesses staring down the barrel of Brexit
Michelle Perry restructuring leading to job losses
Contributors
Frederick Tubiermont/Unsplash
may cause a rise in business fraud.
raudsters thrive in dis- When it comes to cyber-fraud
Josie Cox Cath Everett F order and chaos. Where attacks, it is less relevant whether
Freelance business Journalist specialising there is disruption, crim- the UK is in or out of the EU. Cyber-
reporter, commentator in workplace, leadership inals will wheedle their way in to fraudsters operate on an interna-
and broadcaster, she and organisational
take advantage of the confusion. tional level from diverse locations
worked at Reuters and culture, she also writes
The Wall Street Journal, about the impact of
A prime example is the recent col- around the globe. Arbitrary geo-
and was business editor technology on business lapse of 178-year-old tour oper- graphical borders are an irrele-
of The Independent. and society. ator Thomas Cook and ensuing vance to international fraudsters.
potential for business fraud. Just “There's some assurance and
Duncan Jefferies Gemma Milne days after the firm failed, banks confidence in our enforcement,
Freelance journalist and Freelance science and
and other financial services pro- but it’s the unknown – what the
copywriter, he covers technology journalist,
digital culture, technology her work has been viders were warning customers attack will look like – and the level
and innovation, and published in Forbes, about scammers. and methodology of it, as well as
writes for The Guardian the BBC and Quartz. That was just one company col- whether or not we are ready to cope
and Independent Voices. lapse. On October 31, the UK is with it,” says Mr McAuley.
set to leave the European Union, And here’s the rub: cross-border
Michelle Perry Davey Winder which means an almost 50-year cyberattacks are increasingly dealt
Freelance journalist Award-winning
multi-layered relationship would with by cross-border counter fraud
covering the finance and journalist and author, he
business sectors, and specialises in information be unravelled. In this unravelling teams working collaboratively
former editor of a number security, contributing to and the resulting confusion, fraud- around the world. There is a risk
of business magazines. Infosecurity magazine. sters will look to prey on vulnera- that Brexit could impact informa-
She is currently editor of
ble businesses. tion-sharing among law enforce-
UK Landlord magazine.
“Initially, Brexit will present ment agencies. Overseas arrest
quite a threat. If we leave the EU, warrants could also be affected.
and even if we don’t, the uncer- One advantage to leaving the EU
tainty that goes along with it puts single market, however, could be
us in uncharted territory,” says a fall in the incidence of carou-
Marc McAuley, counter fraud is around £49 billion, while indi- are other rules and regulations sel fraud, also known as missing
services lead at the Chartered viduals lose around £7 billion. set by Europe that if all of a sud- trader fraud, in the UK. Carousel
Institute of Public Finance and Amid the Brexit confusion there den we withdraw, what happens to fraud is where criminals import
Accountancy (CIPFA). are certain areas where fraudsters those? Do we continue to abide by goods VAT-free from other coun-
“We don't know what rules or reg- may seek to take advantage of busi- those rules or will business and the tries, then sell the goods to domes-
ulations will be imposed on the UK nesses, according to KPMG. These public sector deviate from them tic buyers, charging them VAT.
public sector and UK business. But areas concern changes to the legal because they are no longer UK The sellers subsequently disap-
the rules will be certainly chang- and regulatory landscape, busi- law? These are the areas that will pear without paying the tax to
ing. And anytime there's uncer- ness investment, tax and changes create confusion and uncertainty. the government.
Publishing manager Head of production
Hannah Smallman Justyna O'Connell tainty or change it creates a threat to the location of operations. I believe there will be a spike in It will not reduce this kind of
for us and an opportunity for fraud- Many EU directives have been fraud intent,” he says. fraud overall, but the VAT scam
Associate editor Design sters to exploit our weaknesses, the incorporated into UK law, but oth- Worryingly though, the first wave will be displaced to outside the
Peter Archer Joanna Bird
ambiguity and uncertainty.” ers have not. CIPFA’s Mr McAuley of fraudsters seeking to exploit UK. However, just as quickly as one
Sara Gelfgren
Roy Waligora, head of inves- says this uncertainty over which loopholes and confusion over legal tax fraud fades, another is likely to
Deputy editor Kellie Jerrard
Francesca Cassidy Harry Lewis-Irlam tigations and corporate foren- rules the UK will keep and which it and regulatory changes are likely take its place.
Celina Lucey sics at KPMG, adds: “Brexit will will not will create a gap that crim- to be industry insiders, KPMG A further opportunity for busi-
Managing editor Colm McDermott affect us in many different ways. inals can exploit. says. Businesses may misrepresent ness would be to embrace the
Benjamin Chiou Samuele Motta Overall though, it would be impru- “We’ve incorporated the their levels of access rights, tax upheaval of leaving the EU and
Jack Woolrich dent to assume some level of dis- EU’s General Data Protection benefits or central grant funding use it as a chance to review all pol-
Digital content executive
Head of design ruption, and potentially chaos, Regulation into UK law, but there to secure investment, or business icies and procedures in the sup-
Taryn Brickner
Tim Whitlock won’t happen. ply chain, knowing your business
“Fraudsters are very agile and partners and other aspects of a
£190BN
that does, to our mind, create the business vulnerable to fraud.
opportunity and environment for It is unlikely fraud prevention
Although this publication is funded through advertising and fraud. Fraud in general in the UK is will ever eradicate business fraud.
sponsorship, all editorial is without bias and sponsored features a sizeable problem and a challenge And as new technologies bring
are clearly labelled. For an upcoming schedule, partnership both for corporates to deal with annual cost us untold benefits, they also aid
inquiries or feedback, please call +44 (0)20 3877 3800 or and also law enforcement.” of fraud in organised crime to devise new
email info@raconteur.net It is not, however, straightfor- the UK ways of defrauding businesses.
Raconteur is a leading publisher of special-interest content and
ward to pin down a concrete fig- Cybercrime is clearly set to grow,
research. Its publications and articles cover a wide range of topics,
ure for the total value of business so governments and business
including business, finance, sustainability, healthcare, lifestyle and
fraud in the UK, but it is clear fraud leaders must co-operate to com-
£100BN 3.4M
technology. Raconteur special reports are published exclusively in
The Times and The Sunday Times as well as online at raconteur.net is a problem that is on the rise. The bat increasingly complex frauds.
The information contained in this publication has been obtained National Crime Agency (NCA) puts Outside the tight-knit EU commu-
from sources the Proprietors believe to be correct. However, the total cost of fraud in England nity, it would be vital for the UK to
no legal liability can be accepted for any errors. No part of this and Wales at £190 billion. The pri- ensure cross-border collaboration
publication may be reproduced without the prior consent of the estimated value of money annual number of incidents
vate sector is impacted the most, laundered through the UK of fraud in England and and international co-operation in
Publisher. © Raconteur Media
losing around £140 billion, accord- each year Wales alone the fight against rising fraud. It is,
ing to the NCA’s estimates. The however, in all parties’ interests to
@raconteur /raconteur.net @raconteur_london estimated cost to the public sector National Crime Agency 2018 work together.
raconteur.net /fighting-fraud-2019
04 FIGHTING FRAUD RACONTEUR.NET 05
Commercial feature
MILLENNIALS
Ascannio/Shutterstock
Digital natives are Intelligence is vital
tempting targets when dealing with
for fraudsters Monzo
‘friendly’ fraud
Though there is evidence payments to the ticketing With “friendly” fraud growing rapidly, merchants should see
that digital banking has made business. Ticketmaster later
Growing up with digital tech has meant customers more susceptible to confirmed that a breach had chargebacks as an opportunity to improve the consumer experience
the millennial generation is more comfortable financial fraud, Monzo says its
technology has actually made it
occurred, affecting thousands
of its customers.
with sharing their data, but it has left them easier to spot anything unusual “When British Airways was he payments ecosystem has
and take swift action against affected by a similar data T been transformed with new
likely victims of financial fraud any form of risk. breach, we identified the 1,300 technologies offering more
The more than three million Monzo customers who had choice to consumers who now demand
customers of the challenger been affected and ordered faster, frictionless transactions. Most
bank get instant notifications them replacement cards as a investment has focused on the front-
Josie Cox the moment they pay for precaution,” says Ms Vernier. end of payments to increase the speed
something, enabling them to Monzo has also built a and frequency of transactions.
n January, when Niraj Virji Though Mr Virji is still unsure spot an unauthorised use of proprietary 3D Secure In comparison, historically there
I and his girlfriend were pre- how fraudsters managed to swipe their card immediately. They system which verifies online has been little to no investment in
paring to buy their first his personal information, allowing can then freeze their card purchases in-app. supporting the 2 per cent of trans-
home, the 27 year old noticed some- them to change his home address instantly in the Monzo app. “More generally, Monzo actions that result in chargebacks,
thing was wrong. Despite always with the Driver and Vehicle Natasha Vernier, Monzo’s does not rely on passwords since the original chargeback plat-
paying his bills on time, he was told Licensing Agency as well as on head of financial crime, says to access the app, but just on form was developed in the mid-1970s.
his credit rating was terrible. the electoral register. They then that because of this technology the customer's PIN to make This is despite predictions from
“It was strange and I must admit took out two loans in his name, her team has been able to spot payments, because passwords Chargebacks911 that so-called friendly
I was quite shocked,” says Mr Virji, with a combined value of almost signs of a data breach at other are inherently insecure. fraud, whereby consumers seek to
who works as a buyer for WHSmith. £20,000. They opened several companies before these have Who hasn’t used the same abuse the chargeback system to get a
Over the following weeks, he grad- bank accounts and maxed out a even been made public. password twice?,” says Ms refund, will cost merchants upwards
ually understood he’d become the credit card. They even tried buying “When I understood the true a seamless part of this digital life- do on them are safe, for example For example, the company Vernier. “And we never contact of $250 billion a year by 2020.
victim of an elaborate and complex a BMW. Mr Virji was oblivious to extent of the damage, it was just style. In some cases, they may have using social media, being able to alerted Ticketmaster in April our customers by SMS as this This lack of investment spiked a
case of identity theft and financial all this because any related corre- awful,” he says. “The worst thing more of a propensity to try out new spend money at the touch of a but- last year when it detected high is easy to spoof and a route change in 2018 when Visa launched its
fraud, the repercussions of which spondence was going to an address was that when I tried to explain services on digital platforms, which ton and having access to any infor- levels of suspicious activity in for a large amount of social Visa Claims Resolution programme. businesses and institutions minimise source of the chargeback before sub-
would impact him for months. that wasn’t his. myself, some of the banks and can create a higher susceptibility mation you want at any time, has bank accounts used to make engineering scams.” Now the conversation is changing loss, mitigate risk, recover lost revenue mitting the evidence to the acquirer,
financial institutions just didn’t to financial fraud unless proper unfortunately led to a rise in scams and the industry is realising it can no and enhance the customer experience. card scheme or issuer. This intelli-
believe me. I felt like there was a checks have been conducted." and fraud, as well as other serious longer write off the cost of charge- “We’ve seen a 20 per cent growth in gence helps merchants retrieve lost
RISE IN THE NUMBER OF MONEY MULE ACCOUNTS BY AGE GROUP black mark against my name for According to research recently crimes,” says Natasha Vernier, head backs for fear of upsetting their cus- chargebacks year on year, with friendly earnings from friendly fraud, ensure
ages. I even had debt collectors published by Lloyds Banking of financial crime at Monzo bank. tomers, whether on the merchant or fraud doubling. Yet only 18 per cent of consumers are given a fair solu-
2017 2018 calling me.” Group, there was a near four-fold “It is really important our younger be from law enforcement or a bank startups, is capitalising on. Several issuer’s side. claims are estimated to be disputed, tion and provides issuers with valu-
Mr Virji’s experience is an extreme increase in the number of 18 to customers are educated on the and asking the victim to transfer companies are exploring the use Even with these new systems being put since most merchants and acquirers able feedback that improves future
15K example of the potential risks asso- 34 year olds being caught out by risks involved in making payments money into a supposedly safe bank of biometrics and tokenisation to into place, chargeback growth in the UK don’t have the technology or resources decision-making in this area. It’s a
ciated with impersonation scams, impersonation scams in the year to people posing as investors on account. But financial fraud is tak- safeguard customers’ sensitive is outpacing the growth of online trans- to manage the costly disputes. win-win-win.
but less severe incidents of personal to July, making that demographic, social media and more generally ing on many increasingly sophisti- personal information, particularly actions threefold, fuelled by the fact that “The dispute process is still quite “We also provide feedback to the
information theft are occurring along with the over 55 year olds, the on the risks that come with trust- cated guises. The challenge to stay among millennials. two out of five consumers who commit archaic. It takes a lot of time, it’s not fraud filter so you don’t run the risk of
daily. In an on-demand economy, most at risk of being the target of ing everything found online or on safe is becoming like a burdensome In tokenisation, each transac- friendly fraud do it again within 60 days. codified, there’s a lack of intelligence blacklisting every customer who files a
10K where cash is swiftly becoming a financial fraud. mobile phones.” game of tag. tion is completed by generating a “The problem costs both issuers and there are no standardised proce- chargeback,” says Ms Eaton-Cardone.
relic of the past and e-payments the Millennials are more likely than Impersonation scams usually An extensive report on the matter unique token which allows a cus- and merchants,” says Monica Eaton- dures in place. Three quarters of banks “Not all chargebacks are equal.
norm, it’s increasingly common for their older peers to have grown up involve somebody pretending to published by KPMG earlier this year tomer’s sensitive data to be stored Cardone, chief operating officer at we surveyed in Europe said their entire “Because we’re enabling fair and bal-
spenders, particularly millennials, with mobile phones and the inter- found that banks across all regions remotely. NatWest, meanwhile, in Chargebacks911, a chargeback man- processing department for charge- anced decisions for everyone, we’re
to lose sight of where their money net, which means they tend to be of the world consider cybercrimes, early October announced it was agement solution that helps online backs and disputes was manual. also able to help repair the relation-
5K
is going and, crucially, whether it’s more trusting of virtual services notably hacks and data breaches, launching a three-month trial of “There is no way you can scale this ship between merchants and their cus-
reaching the intended recipient. in entertainment, retail and trans- to be the greatest challenge in the biometric fingerprint credit cards without some kind of intelligence and tomers who’ll, hopefully, not only stop
$250bn
“Millennials are digital natives port, but also banking. And anec- field of fraud risk. The report also in partnership with Mastercard and consistency. Consequently, consum- attempting friendly fraud, but also con-
who freely use digital channels and dotal evidence suggests they’re highlights that the pace of techno- the software company Gemalto. ers are exploiting that gap. This is the tinue to do business with that company.
0K are happier [than other demograph- less likely to check their bank state- Apps are integrated into their logical developments means con- The bank says the credit cards Achilles’ heel in the mission of protecting “Everything we do is data driven and
ics] to share data," explains Richard ments regularly if they don't get stant innovation is critical to safe- would offer contactless payments consumers, scaling at the rate required we have invested a terrific amount in
Petley, UK head of tech giant alerts on their smartphone. everyday lives and they expect guard defences. using fingerprint verification for to match the surge of online growth.” automating virtually every cycle of a
Oracle. “Their use of apps is inte- “An increase in people living on
financial services to be a seamless “In the context of a changing transactions up to £100. Previously, Chargebacks911 predicts friendly While it’s crucial that merchants and payment dispute to improve quality
41-50
31-40
fraud will cost merchants upwards
51-60
21-30
grated into their everyday lives and their mobile phones and the expec- global banking landscape, where NatWest had launched a trial for acquirers are able to challenge charge- and consistency across the board. We
part of this digital lifestyle
60<
04 FIGHTING FRAUD RACONTEUR.NET 05
Commercial feature
MILLENNIALS
Ascannio/Shutterstock
Digital natives are Intelligence is vital
tempting targets when dealing with
for fraudsters Monzo
‘friendly’ fraud
Though there is evidence payments to the ticketing With “friendly” fraud growing rapidly, merchants should see
that digital banking has made business. Ticketmaster later
Growing up with digital tech has meant customers more susceptible to confirmed that a breach had chargebacks as an opportunity to improve the consumer experience
the millennial generation is more comfortable financial fraud, Monzo says its
technology has actually made it
occurred, affecting thousands
of its customers.
with sharing their data, but it has left them easier to spot anything unusual “When British Airways was he payments ecosystem has
and take swift action against affected by a similar data T been transformed with new
likely victims of financial fraud any form of risk. breach, we identified the 1,300 technologies offering more
The more than three million Monzo customers who had choice to consumers who now demand
customers of the challenger been affected and ordered faster, frictionless transactions. Most
bank get instant notifications them replacement cards as a investment has focused on the front-
Josie Cox the moment they pay for precaution,” says Ms Vernier. end of payments to increase the speed
something, enabling them to Monzo has also built a and frequency of transactions.
n January, when Niraj Virji Though Mr Virji is still unsure spot an unauthorised use of proprietary 3D Secure In comparison, historically there
I and his girlfriend were pre- how fraudsters managed to swipe their card immediately. They system which verifies online has been little to no investment in
paring to buy their first his personal information, allowing can then freeze their card purchases in-app. supporting the 2 per cent of trans-
home, the 27 year old noticed some- them to change his home address instantly in the Monzo app. “More generally, Monzo actions that result in chargebacks,
thing was wrong. Despite always with the Driver and Vehicle Natasha Vernier, Monzo’s does not rely on passwords since the original chargeback plat-
paying his bills on time, he was told Licensing Agency as well as on head of financial crime, says to access the app, but just on form was developed in the mid-1970s.
his credit rating was terrible. the electoral register. They then that because of this technology the customer's PIN to make This is despite predictions from
“It was strange and I must admit took out two loans in his name, her team has been able to spot payments, because passwords Chargebacks911 that so-called friendly
I was quite shocked,” says Mr Virji, with a combined value of almost signs of a data breach at other are inherently insecure. fraud, whereby consumers seek to
who works as a buyer for WHSmith. £20,000. They opened several companies before these have Who hasn’t used the same abuse the chargeback system to get a
Over the following weeks, he grad- bank accounts and maxed out a even been made public. password twice?,” says Ms refund, will cost merchants upwards
ually understood he’d become the credit card. They even tried buying “When I understood the true a seamless part of this digital life- do on them are safe, for example For example, the company Vernier. “And we never contact of $250 billion a year by 2020.
victim of an elaborate and complex a BMW. Mr Virji was oblivious to extent of the damage, it was just style. In some cases, they may have using social media, being able to alerted Ticketmaster in April our customers by SMS as this This lack of investment spiked a
case of identity theft and financial all this because any related corre- awful,” he says. “The worst thing more of a propensity to try out new spend money at the touch of a but- last year when it detected high is easy to spoof and a route change in 2018 when Visa launched its
fraud, the repercussions of which spondence was going to an address was that when I tried to explain services on digital platforms, which ton and having access to any infor- levels of suspicious activity in for a large amount of social Visa Claims Resolution programme. businesses and institutions minimise source of the chargeback before sub-
would impact him for months. that wasn’t his. myself, some of the banks and can create a higher susceptibility mation you want at any time, has bank accounts used to make engineering scams.” Now the conversation is changing loss, mitigate risk, recover lost revenue mitting the evidence to the acquirer,
financial institutions just didn’t to financial fraud unless proper unfortunately led to a rise in scams and the industry is realising it can no and enhance the customer experience. card scheme or issuer. This intelli-
believe me. I felt like there was a checks have been conducted." and fraud, as well as other serious longer write off the cost of charge- “We’ve seen a 20 per cent growth in gence helps merchants retrieve lost
RISE IN THE NUMBER OF MONEY MULE ACCOUNTS BY AGE GROUP black mark against my name for According to research recently crimes,” says Natasha Vernier, head backs for fear of upsetting their cus- chargebacks year on year, with friendly earnings from friendly fraud, ensure
ages. I even had debt collectors published by Lloyds Banking of financial crime at Monzo bank. tomers, whether on the merchant or fraud doubling. Yet only 18 per cent of consumers are given a fair solu-
2017 2018 calling me.” Group, there was a near four-fold “It is really important our younger be from law enforcement or a bank startups, is capitalising on. Several issuer’s side. claims are estimated to be disputed, tion and provides issuers with valu-
Mr Virji’s experience is an extreme increase in the number of 18 to customers are educated on the and asking the victim to transfer companies are exploring the use Even with these new systems being put since most merchants and acquirers able feedback that improves future
15K example of the potential risks asso- 34 year olds being caught out by risks involved in making payments money into a supposedly safe bank of biometrics and tokenisation to into place, chargeback growth in the UK don’t have the technology or resources decision-making in this area. It’s a
ciated with impersonation scams, impersonation scams in the year to people posing as investors on account. But financial fraud is tak- safeguard customers’ sensitive is outpacing the growth of online trans- to manage the costly disputes. win-win-win.
but less severe incidents of personal to July, making that demographic, social media and more generally ing on many increasingly sophisti- personal information, particularly actions threefold, fuelled by the fact that “The dispute process is still quite “We also provide feedback to the
information theft are occurring along with the over 55 year olds, the on the risks that come with trust- cated guises. The challenge to stay among millennials. two out of five consumers who commit archaic. It takes a lot of time, it’s not fraud filter so you don’t run the risk of
daily. In an on-demand economy, most at risk of being the target of ing everything found online or on safe is becoming like a burdensome In tokenisation, each transac- friendly fraud do it again within 60 days. codified, there’s a lack of intelligence blacklisting every customer who files a
10K where cash is swiftly becoming a financial fraud. mobile phones.” game of tag. tion is completed by generating a “The problem costs both issuers and there are no standardised proce- chargeback,” says Ms Eaton-Cardone.
relic of the past and e-payments the Millennials are more likely than Impersonation scams usually An extensive report on the matter unique token which allows a cus- and merchants,” says Monica Eaton- dures in place. Three quarters of banks “Not all chargebacks are equal.
norm, it’s increasingly common for their older peers to have grown up involve somebody pretending to published by KPMG earlier this year tomer’s sensitive data to be stored Cardone, chief operating officer at we surveyed in Europe said their entire “Because we’re enabling fair and bal-
spenders, particularly millennials, with mobile phones and the inter- found that banks across all regions remotely. NatWest, meanwhile, in Chargebacks911, a chargeback man- processing department for charge- anced decisions for everyone, we’re
to lose sight of where their money net, which means they tend to be of the world consider cybercrimes, early October announced it was agement solution that helps online backs and disputes was manual. also able to help repair the relation-
5K
is going and, crucially, whether it’s more trusting of virtual services notably hacks and data breaches, launching a three-month trial of “There is no way you can scale this ship between merchants and their cus-
reaching the intended recipient. in entertainment, retail and trans- to be the greatest challenge in the biometric fingerprint credit cards without some kind of intelligence and tomers who’ll, hopefully, not only stop
$250bn
“Millennials are digital natives port, but also banking. And anec- field of fraud risk. The report also in partnership with Mastercard and consistency. Consequently, consum- attempting friendly fraud, but also con-
who freely use digital channels and dotal evidence suggests they’re highlights that the pace of techno- the software company Gemalto. ers are exploiting that gap. This is the tinue to do business with that company.
0K are happier [than other demograph- less likely to check their bank state- Apps are integrated into their logical developments means con- The bank says the credit cards Achilles’ heel in the mission of protecting “Everything we do is data driven and
ics] to share data," explains Richard ments regularly if they don't get stant innovation is critical to safe- would offer contactless payments consumers, scaling at the rate required we have invested a terrific amount in
Petley, UK head of tech giant alerts on their smartphone. everyday lives and they expect guard defences. using fingerprint verification for to match the surge of online growth.” automating virtually every cycle of a
Oracle. “Their use of apps is inte- “An increase in people living on
financial services to be a seamless “In the context of a changing transactions up to £100. Previously, Chargebacks911 predicts friendly While it’s crucial that merchants and payment dispute to improve quality
41-50
31-40
fraud will cost merchants upwards
51-60
21-30
grated into their everyday lives and their mobile phones and the expec- global banking landscape, where NatWest had launched a trial for acquirers are able to challenge charge- and consistency across the board. We
part of this digital lifestyle
60<
06 FIGHTING FRAUD RACONTEUR.NET 07
Commercial feature
INTERNET/ECOMMERCE FRAUD LOSSES
Andrew Neel/Unsplash
Losses on UK-issued cards (£m)
Companies seek visibility in 153 135 140 140 190 219 262 310 310 393
fight against insider threats
With insider fraud threats continuing to grow in the digital age, organisations
require a clear and accurate understanding of what users are doing and how they
are interacting with data
apid advancements in tech- they can no longer rely on perimeter
R nology in recent years have security. They need complete visibility
given businesses far greater both on and off the corporate network.
mobility, accessibility and intercon- The 2019 Insider Threat Intelligence
nectivity. Though this has provided Report, which collects data from Dtex
enormous value, it has also meant Systems’ risk assessment findings over
more users have the capability to the previous year, found some form
commit harmful behaviour, fraudulent of undetected insider threat in every 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018
or otherwise. The growing popularity assessment, including high-risk data
UK Finance 2019
of remote working has compounded transfers via USB or cloud and employ-
this risk further by enabling users to ees using personal webmail. Users
commit malicious activity from wher- were found to be bypassing security in
ever they are in the world. 95 per cent of assessments and in 98 What’s more, they can find cases of a good or bad decision is inconsist-
Organisations are no longer just per cent of assessments Dtex found fraud that no human is likely to spot. ent, “then the machine will start
bricks and mortar. Contracting and proprietary company data that was “By deploying constantly learn- to learn things which a human
outsourcing are also on the rise as publicly accessible on the web. ing machines that use the data would quite clearly understand
companies are trying to keep pace in According to the 2018 Cost of Insider from many thousands of mer- are not correct”.
a more competitive space, leading to Threats Report, insider threats cost chants around the world, retail- This could, for example, result in
less human oversight and an environ- businesses an average of $8 million ers have the sort of broad vision AI that becomes more conservative
ment where insider fraud can become an incident. Yet until a few years ago, necessary to spot fraud and orders as time goes on. “For instance, each
more prevalent and difficult to detect. users accessing data within an organ- ECOMMERCE their bank after receiving the item, that are far out of the norm,” says time a fraudulent order is shipped
Assets come and go every day, meaning isation almost entirely evaded the or take over online accounts are Ed Whitehead, managing director, and comes back as a chargeback,
Identifying and
attention of security teams. Today constantly changing and increas- Europe, Middle East and Africa, at the machine learns not to ship sim-
insider fraud is increasingly preva- ingly sophisticated. Signifyd, a fraud protection com- ilar orders,” says Mr Whitehead.
lent and companies struggle to even “Traditional approaches to fight- pany that detects fraud and reim- “Eventually, the machine ratchets
100%
detect it in the first place. ing fraud, such as rules engines and burses merchants for fraudulent down the number of orders a mer-
tackling online
“All businesses, no matter the scoring, are too fixed to adapt to this chargebacks on approved orders. chant is shipping and invariably
industry, are at risk of malicious shape-shifting nature of fraud,” says When AI recognises an out- some of the declined orders were
insiders,” says Armaan Mahbod, man- Malicious insiders, who are responsi- needs to determine whether an activity Eido Gal, co-founder and chief exec- lier order, it can either automati- actually legitimate.”
of assessments found instances of ager of insider threat and cyberse- ble for 22 per cent of all insider threats, is high risk. You need historical activ- utive of Riskified, which provides cally block it or refer it to a human Criminals will always look to cir-
fraud with AI
high-risk data transfer via USB or curity investigation at Dtex Systems. primarily use permitted applications to ity of the user, a comparison to their an ecommerce fraud prevention expert for review. “The best way to cumvent the ecommerce fraud pre-
cloud applications and employees
accessing and using personal email
“These malicious actors can come
from any role, not just pre-deter-
Organisations cannot defend evade detection, including uploading
data to online file-sharing sites sanc-
peers and the organisation to make a
stronger determination.”
solution and chargeback protection
service for high-volume and enter-
use AI is to use it to solve the simple
cases,” says Paul Weathersby, senior
vention systems that merchants put
in place and some are already using
accounts on corporate endpoints mined groups of ‘high-risk’ job titles. against attacks that they cannot tioned for business use, utilising per- Dtex Systems provides the compre- prise merchants. director of product management at AI for just this purpose. It’s there-
98%
Therefore, a continuous audit trail of sonal webmail accounts that aren’t hensive end-point visibility that com-
see... With greater visibility comes
Mr Gal claims AI solutions LexisNexis Risk Solutions UK. fore essential that online retailers
all users, devices and applications monitored and unblocked data-dump- panies need at scale to understand, that learn from each transaction “A person is better at making employ multiple methods of ecom-
within an organisation is critical to greater certainty, which translates ing websites. in near real time, any abnormal user and improve their accuracy are decisions, so you could use the merce fraud prevention and layers of
catch warning signs and conduct In Dtex’s report, 95 per cent of behaviours which have led to iden- Artificial intelligence (AI) can help retailers much more effective than these machine for cases which are fairly control, says Jackie Barwell, direc-
effective investigations. to more efficient investigations assessments also identified employees tification of fraudulent behaviour. legacy methods of ecommerce easy to process and improve the tor of fraud product management at
found customer proprietary “Organisations are often too late and using anonymous and private brows- Furthermore, Dtex’s data highlights the rapidly identify and prevent ecommerce fraud, fraud prevention. customer experience, and then ACI Worldwide.
information publicly accessible on
the web
tracks have already been covered. In a
recent phishing attack on an Australian
ing, which was an increase from 60 per
cent the year before. When there is no
contextual information necessary to
understand the bigger picture behind
but human oversight is still essential “Fraudsters take many different
approaches to appear as a legitimate
pull out the exceptions that some-
one needs to look at.”
Positive profiling, for instance,
builds a comprehensive picture of
97%
university, for example, they didn’t have nearly universal that malicious insid- malicious intent, threats can be even users’ malicious actions. cardholder,” he says. “They may Mr Whitehead agrees that a customers at the individual level
the audit trail to effectively investigate ers will attempt to cover their tracks, more difficult to detect, as is the case “Through this visibility and the eleva- use a proxy, spoof a device or take degree of human oversight is a key through behavioural data, exter-
after the incident, which severely ham- or circumvent security tools or alert- with the 68 per cent of insider threats tion of anomalous behaviour, Dtex ena- over a cardholder’s retail account. A part of effective AI-based ecom- nally confirmed fraud intelligence
pered their recovery and response.” ing thresholds,” he adds. “We consist- that are purely down to negligent users bles organisations to be ‘left of boom’, well-designed AI solution examines merce fraud prevention. “There and a wide range of customer iden-
Companies typically have some form ently find that investment in detect- causing accidental harm. This makes which means the organisation is build-
Duncan Jeffries the links across these datapoints, are certain tasks that machines tifiers. “Rather than the traditional
found instances of employees
of fraud controls in place, includ- ing these early stages of the kill chain, the visibility of user behaviour across ing and running a security posture that compares them with historic orders are good at, those requiring speed route of screening each transaction,
engaging in flight risk behaviour
ing thresholds and limits, to identify like covering tracks or security bypass, the entire organisation crucial. gets out in front of the threat, allowing hanks to the internet, we those where the card and cardholder and instantly determines when and scale, and there are tasks that this focuses fraud screening on the
T
95%
specific transactions. However, many gives organisations the best return “Organisations cannot defend against security teams to act before an inci- no longer need to go to the are physically present. In fact, a something is wrong.” humans are good at, those requir- person behind that transaction,” Ms
offenders are high-level executives, and results. Just as one example, Dtex attacks that they cannot see,” says Mr dent, not just respond after the fact,” shops; instead, the shops study by LexisNexis Risk Solutions AI and machine-learning tools look ing intuition and experience,” he Barwell explains.
managers or otherwise, who are fully caught data theft by a foreign national Mahbod. “Also, placing monitors on says Mr Mahbod. “By seeing the full kill come to us. In a few clicks you can found that fraud via remote chan- at hundreds of datapoints across bil- says. “Combining the two creates a She adds that the technique is
aware of the limits and go below the at one of our customers, AMP, due to the critical systems is not enough because chain of events, companies are able to order everything from the latest dig- nels, such as online and mobile, is lions of transactions to identify pat- powerful shield to fraud while also especially useful for new ecom-
thresholds to avoid detection from culprit’s attempts to circumvent com- it only gives you less than half the full identify suspicious behaviour prior to ital gadgets to dog food, from the up to seven times harder to prevent terns that might constitute fraud. recognising legitimate orders that merce methods such as click and
found users actively attempting suspect transactions. They may steal pany security.” story. When a malicious insider steals events actually harming the business. comfort of your sofa. And same- than fraud in person. might include some red flags.” collect, “where there is not as much
to circumvent corporate smaller quantities of data or money There are two factors that make data from a critical system, transfer- This allows organisations to be proac- day delivery options mean you can So if an online retailer’s ecom- Data feeding into an unsuper- time available to conduct post-trans-
security policies
over a long period, resulting in the larg- insiders a greater fraud threat than ring the data to their own device, what tive rather than reactive.” receive items faster than ever. merce fraud prevention system vised machine-learning model action, real-time analysis”.
74%
est cumulative value stolen. outside attackers. Their malicious did they do next? With greater visibility But the speedy online transactions isn’t up to scratch, it can cost them also needs to be properly mon- Other new ecommerce services
Most commonly, the individuals that attacks are not premeditated and comes greater certainty, which trans- and one-click purchasing systems dearly. Indeed, Juniper Research itored. Otherwise, says Mr will no doubt arrive in the future
are committing malicious insider activ- they rarely act immediately after being lates to more efficient investigations. For more information please visit that underpin the ecommerce sector predicts that CNP fraud could cost Weathersby: “The vast amounts of and fraudsters will inevitably seek
ity are people in positions of trust, who brought into an organisation. Instead, “On the flip side, when you don’t have dtexsystems.com don’t just make life easier for con- online retailers more than £58 bil- data an unsupervised model works to exploit them. But as long as online
saw the use of unsanctioned already have some level of authorised they slowly accumulate insights on all visibility across an organisation and sumers; they make things easier for lion over the next few years. [With AI] retailers have the sort through can produce rules that retailers have AI in their armoury,
portable applications, which access to critical systems. This is why it is the traps set in place. Secondly, inside look at a specific device or IP address fraudsters too. The tools and techniques criminals don't make sense based on data they should manage to stay ahead
are increasingly being used to so important to understand the insider attackers generally have some level of for security incidents, you run the risk Successful ecommerce retailers use to carry out chargeback fraud, of broad vision necessary to which is quite hard to locate.” of cybercriminals looking to profit
bypass security threat kill chain, says Mr Mahbod.
“Methods for intrusion and exfiltra-
authorised access, either in their cur-
rent role or a previous role within the
of creating too many false positives
because your solution does not have
receive thousands of orders a day,
and these card-not-present (CNP)
where the consumer makes an online
purchase with their own credit card
spot fraud and orders that are He adds that if the method for
supplying a machine-learning tool
from one of modern life’s greatest
gifts, the option to shop from the
Dtex systems 2019 insider threat
intelligence report tion are constantly evolving, but it is same company. all the organisational domain context it purchases are harder to verify than and requests a chargeback from far out of the norm with feedback on what constitutes comfort of your home.
06 FIGHTING FRAUD RACONTEUR.NET 07
Commercial feature
INTERNET/ECOMMERCE FRAUD LOSSES
Andrew Neel/Unsplash
Losses on UK-issued cards (£m)
Companies seek visibility in 153 135 140 140 190 219 262 310 310 393
fight against insider threats
With insider fraud threats continuing to grow in the digital age, organisations
require a clear and accurate understanding of what users are doing and how they
are interacting with data
apid advancements in tech- they can no longer rely on perimeter
R nology in recent years have security. They need complete visibility
given businesses far greater both on and off the corporate network.
mobility, accessibility and intercon- The 2019 Insider Threat Intelligence
nectivity. Though this has provided Report, which collects data from Dtex
enormous value, it has also meant Systems’ risk assessment findings over
more users have the capability to the previous year, found some form
commit harmful behaviour, fraudulent of undetected insider threat in every 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018
or otherwise. The growing popularity assessment, including high-risk data
UK Finance 2019
of remote working has compounded transfers via USB or cloud and employ-
this risk further by enabling users to ees using personal webmail. Users
commit malicious activity from wher- were found to be bypassing security in
ever they are in the world. 95 per cent of assessments and in 98 What’s more, they can find cases of a good or bad decision is inconsist-
Organisations are no longer just per cent of assessments Dtex found fraud that no human is likely to spot. ent, “then the machine will start
bricks and mortar. Contracting and proprietary company data that was “By deploying constantly learn- to learn things which a human
outsourcing are also on the rise as publicly accessible on the web. ing machines that use the data would quite clearly understand
companies are trying to keep pace in According to the 2018 Cost of Insider from many thousands of mer- are not correct”.
a more competitive space, leading to Threats Report, insider threats cost chants around the world, retail- This could, for example, result in
less human oversight and an environ- businesses an average of $8 million ers have the sort of broad vision AI that becomes more conservative
ment where insider fraud can become an incident. Yet until a few years ago, necessary to spot fraud and orders as time goes on. “For instance, each
more prevalent and difficult to detect. users accessing data within an organ- ECOMMERCE their bank after receiving the item, that are far out of the norm,” says time a fraudulent order is shipped
Assets come and go every day, meaning isation almost entirely evaded the or take over online accounts are Ed Whitehead, managing director, and comes back as a chargeback,
Identifying and
attention of security teams. Today constantly changing and increas- Europe, Middle East and Africa, at the machine learns not to ship sim-
insider fraud is increasingly preva- ingly sophisticated. Signifyd, a fraud protection com- ilar orders,” says Mr Whitehead.
lent and companies struggle to even “Traditional approaches to fight- pany that detects fraud and reim- “Eventually, the machine ratchets
100%
detect it in the first place. ing fraud, such as rules engines and burses merchants for fraudulent down the number of orders a mer-
tackling online
“All businesses, no matter the scoring, are too fixed to adapt to this chargebacks on approved orders. chant is shipping and invariably
industry, are at risk of malicious shape-shifting nature of fraud,” says When AI recognises an out- some of the declined orders were
insiders,” says Armaan Mahbod, man- Malicious insiders, who are responsi- needs to determine whether an activity Eido Gal, co-founder and chief exec- lier order, it can either automati- actually legitimate.”
of assessments found instances of ager of insider threat and cyberse- ble for 22 per cent of all insider threats, is high risk. You need historical activ- utive of Riskified, which provides cally block it or refer it to a human Criminals will always look to cir-
fraud with AI
high-risk data transfer via USB or curity investigation at Dtex Systems. primarily use permitted applications to ity of the user, a comparison to their an ecommerce fraud prevention expert for review. “The best way to cumvent the ecommerce fraud pre-
cloud applications and employees
accessing and using personal email
“These malicious actors can come
from any role, not just pre-deter-
Organisations cannot defend evade detection, including uploading
data to online file-sharing sites sanc-
peers and the organisation to make a
stronger determination.”
solution and chargeback protection
service for high-volume and enter-
use AI is to use it to solve the simple
cases,” says Paul Weathersby, senior
vention systems that merchants put
in place and some are already using
accounts on corporate endpoints mined groups of ‘high-risk’ job titles. against attacks that they cannot tioned for business use, utilising per- Dtex Systems provides the compre- prise merchants. director of product management at AI for just this purpose. It’s there-
98%
Therefore, a continuous audit trail of sonal webmail accounts that aren’t hensive end-point visibility that com-
see... With greater visibility comes
Mr Gal claims AI solutions LexisNexis Risk Solutions UK. fore essential that online retailers
all users, devices and applications monitored and unblocked data-dump- panies need at scale to understand, that learn from each transaction “A person is better at making employ multiple methods of ecom-
within an organisation is critical to greater certainty, which translates ing websites. in near real time, any abnormal user and improve their accuracy are decisions, so you could use the merce fraud prevention and layers of
catch warning signs and conduct In Dtex’s report, 95 per cent of behaviours which have led to iden- Artificial intelligence (AI) can help retailers much more effective than these machine for cases which are fairly control, says Jackie Barwell, direc-
effective investigations. to more efficient investigations assessments also identified employees tification of fraudulent behaviour. legacy methods of ecommerce easy to process and improve the tor of fraud product management at
found customer proprietary “Organisations are often too late and using anonymous and private brows- Furthermore, Dtex’s data highlights the rapidly identify and prevent ecommerce fraud, fraud prevention. customer experience, and then ACI Worldwide.
information publicly accessible on
the web
tracks have already been covered. In a
recent phishing attack on an Australian
ing, which was an increase from 60 per
cent the year before. When there is no
contextual information necessary to
understand the bigger picture behind
but human oversight is still essential “Fraudsters take many different
approaches to appear as a legitimate
pull out the exceptions that some-
one needs to look at.”
Positive profiling, for instance,
builds a comprehensive picture of
97%
university, for example, they didn’t have nearly universal that malicious insid- malicious intent, threats can be even users’ malicious actions. cardholder,” he says. “They may Mr Whitehead agrees that a customers at the individual level
the audit trail to effectively investigate ers will attempt to cover their tracks, more difficult to detect, as is the case “Through this visibility and the eleva- use a proxy, spoof a device or take degree of human oversight is a key through behavioural data, exter-
after the incident, which severely ham- or circumvent security tools or alert- with the 68 per cent of insider threats tion of anomalous behaviour, Dtex ena- over a cardholder’s retail account. A part of effective AI-based ecom- nally confirmed fraud intelligence
pered their recovery and response.” ing thresholds,” he adds. “We consist- that are purely down to negligent users bles organisations to be ‘left of boom’, well-designed AI solution examines merce fraud prevention. “There and a wide range of customer iden-
Companies typically have some form ently find that investment in detect- causing accidental harm. This makes which means the organisation is build-
Duncan Jeffries the links across these datapoints, are certain tasks that machines tifiers. “Rather than the traditional
found instances of employees
of fraud controls in place, includ- ing these early stages of the kill chain, the visibility of user behaviour across ing and running a security posture that compares them with historic orders are good at, those requiring speed route of screening each transaction,
engaging in flight risk behaviour
ing thresholds and limits, to identify like covering tracks or security bypass, the entire organisation crucial. gets out in front of the threat, allowing hanks to the internet, we those where the card and cardholder and instantly determines when and scale, and there are tasks that this focuses fraud screening on the
T
95%
specific transactions. However, many gives organisations the best return “Organisations cannot defend against security teams to act before an inci- no longer need to go to the are physically present. In fact, a something is wrong.” humans are good at, those requir- person behind that transaction,” Ms
offenders are high-level executives, and results. Just as one example, Dtex attacks that they cannot see,” says Mr dent, not just respond after the fact,” shops; instead, the shops study by LexisNexis Risk Solutions AI and machine-learning tools look ing intuition and experience,” he Barwell explains.
managers or otherwise, who are fully caught data theft by a foreign national Mahbod. “Also, placing monitors on says Mr Mahbod. “By seeing the full kill come to us. In a few clicks you can found that fraud via remote chan- at hundreds of datapoints across bil- says. “Combining the two creates a She adds that the technique is
aware of the limits and go below the at one of our customers, AMP, due to the critical systems is not enough because chain of events, companies are able to order everything from the latest dig- nels, such as online and mobile, is lions of transactions to identify pat- powerful shield to fraud while also especially useful for new ecom-
thresholds to avoid detection from culprit’s attempts to circumvent com- it only gives you less than half the full identify suspicious behaviour prior to ital gadgets to dog food, from the up to seven times harder to prevent terns that might constitute fraud. recognising legitimate orders that merce methods such as click and
found users actively attempting suspect transactions. They may steal pany security.” story. When a malicious insider steals events actually harming the business. comfort of your sofa. And same- than fraud in person. might include some red flags.” collect, “where there is not as much
to circumvent corporate smaller quantities of data or money There are two factors that make data from a critical system, transfer- This allows organisations to be proac- day delivery options mean you can So if an online retailer’s ecom- Data feeding into an unsuper- time available to conduct post-trans-
security policies
over a long period, resulting in the larg- insiders a greater fraud threat than ring the data to their own device, what tive rather than reactive.” receive items faster than ever. merce fraud prevention system vised machine-learning model action, real-time analysis”.
74%
est cumulative value stolen. outside attackers. Their malicious did they do next? With greater visibility But the speedy online transactions isn’t up to scratch, it can cost them also needs to be properly mon- Other new ecommerce services
Most commonly, the individuals that attacks are not premeditated and comes greater certainty, which trans- and one-click purchasing systems dearly. Indeed, Juniper Research itored. Otherwise, says Mr will no doubt arrive in the future
are committing malicious insider activ- they rarely act immediately after being lates to more efficient investigations. For more information please visit that underpin the ecommerce sector predicts that CNP fraud could cost Weathersby: “The vast amounts of and fraudsters will inevitably seek
ity are people in positions of trust, who brought into an organisation. Instead, “On the flip side, when you don’t have dtexsystems.com don’t just make life easier for con- online retailers more than £58 bil- data an unsupervised model works to exploit them. But as long as online
saw the use of unsanctioned already have some level of authorised they slowly accumulate insights on all visibility across an organisation and sumers; they make things easier for lion over the next few years. [With AI] retailers have the sort through can produce rules that retailers have AI in their armoury,
portable applications, which access to critical systems. This is why it is the traps set in place. Secondly, inside look at a specific device or IP address fraudsters too. The tools and techniques criminals don't make sense based on data they should manage to stay ahead
are increasingly being used to so important to understand the insider attackers generally have some level of for security incidents, you run the risk Successful ecommerce retailers use to carry out chargeback fraud, of broad vision necessary to which is quite hard to locate.” of cybercriminals looking to profit
bypass security threat kill chain, says Mr Mahbod.
“Methods for intrusion and exfiltra-
authorised access, either in their cur-
rent role or a previous role within the
of creating too many false positives
because your solution does not have
receive thousands of orders a day,
and these card-not-present (CNP)
where the consumer makes an online
purchase with their own credit card
spot fraud and orders that are He adds that if the method for
supplying a machine-learning tool
from one of modern life’s greatest
gifts, the option to shop from the
Dtex systems 2019 insider threat
intelligence report tion are constantly evolving, but it is same company. all the organisational domain context it purchases are harder to verify than and requests a chargeback from far out of the norm with feedback on what constitutes comfort of your home.
You can also read
