The inevitable result of digital transformation is the merging of business and technology. When it comes to fraud and security, that merger needs to happen sooner rather than later; before malicious actors ensure there is no later by bankrupting the business’ balance sheet.
No one will be surprised to learn that fraud is a problem for everyone – consumers and businesses alike. On the consumer side, the US Federal Trade Commission reports that “consumers reported losing more than $5.8 billion to fraud in 2021, an increase of more than 70 percent over the previous year.” For business, the costs are staggering. A 2022 PwC report found that “46% of surveyed organizations reported experiencing some form of fraud or other economic crime within the last 24 months.” While more large businesses (greater than $10B revenue) tend to suffer the consequences more often than smaller businesses, both paid dearly with costs per incident in the millions no matter the size of the business.
Stopping fraud is not only good for consumers but also for business.
Unfortunately, the increasing frequency with which malicious actors carry out fraud campaigns against business makes that challenging. It’s no wonder that nearly 60% of CFOs plan to increase anti-fraud investments – with a focus on anti-fraud technology - over the next year.
The savvy CFO should also connect with their friendly cybersecurity teams and consider the benefits of security and anti-fraud teams collaborating – especially on the use of technology to combat fraud. The more business relies on technology to engage with customers, process payments, and manage personal information, the more they need to rely on technology to secure those activities.
This is paramount in our digital-as-default world. With payments and finance and commerce increasingly conducted via digital channels, the opportunities for fraud are nearly limitless. 80% of respondents to a survey conducted by the Association of Certified Fraud Examiners (ACFE) and Grant Thornton anticipate growth in cyber-fraud and social engineering. "Other risks projected to see large increases include identity crime (e.g., identity theft, synthetic identity schemes, and account takeovers), unemployment fraud, and payment fraud (e.g., credit card fraud and fraudulent mobile payments).”
Malicious actors know security and anti-fraud teams usually operate in silos. The former generally sits on the IT side while anti-fraud sits squarely on the business side. This allows bad actors to find the gaps between them and slip in to execute attacks with alarming success.
One of the ways security and anti-fraud teams can better collaborate is to better communicate, especially when it comes to the digital signals that can be a portent of imminent fraud.
Malicious actors are evil geniuses at figuring out what behaviors and actions will trigger the attention of anti-fraud systems and teams - and avoid them. If an idling session triggers an anti-fraud action, fraudsters will make sure the session remains active. If typing too fast – or too slow - might alert a system to possible fraud, bad actors will be certain that keystrokes occur at just the right speed.
But they can’t avoid generating digital signals that, when properly analyzed by security solutions and teams, identify them as what they are: indicators of possible fraud. That’s because rules in firewalls and anti-fraud services attempt to anticipate – and prevent – suspicious behavior, but digital signals offer real-time insight into behavior that exposes what fraudsters are actually doing. Cybersecurity solutions can infer risk from actual behavior and technology characteristics that can’t be hidden by adjusting keystrokes or spoofing meta-data.
Consider that anti-fraud solutions and teams are rarely notified of credential stuffing attacks, even though they often precede a successful account takeover that ultimately winds up as another fraud statistic. Communication across teams could circumvent hours of investigation and well-intentioned but ineffective mitigations.
But to have an impact on fraud, those insights need to be shared with the people who can do something about it. In a digital world, fraud and security teams should be partners.
This is not peculiar to anti-fraud efforts; every digital business will have teams whose goals intersect at the roads of business and technology. Sharing the right information at the right time is critical to success, whether the goal is optimizing performance for an extraordinary digital experience or protecting customers and the business from fraud with robust security solutions.
That’s why in a digital world, anti-fraud and security should be partners.
Related articles:
Senior stakeholders who want to hold on to their CISOs must ensure that they have sufficient incentives and, more importantly, support to cope with the burden of risk that they are carrying.
The most alarming takeaway from Cisco’s new Cybersecurity Readiness Index report is that even after decades of having the importance of cybersecurity driven home, cyber threats are still taken too lightly.
In today’s data-driven world, higher educational institution networks and their management must be modernized to address the needs of everyone across campus. Enterprises face similar challenges and also need to modernize their networks.
