While opponents and fraudsters are continuously adjusting and developing,
there are some procedures that services can require to enhance their fraud programs Numerous organizations, particularly those in the monetary sector and those that transact heavily online(ecommerce), currently have a scams program.
In many cases, that scams program might be rather fully grown, while in other cases, it may still be growing. Regardless of the maturity of a fraud program, there are always actions that can be taken to enhance its performance and effectiveness.
While there are several metrics by which a fraud program can be determined, the amount/percentage of scams detected and mitigated, in addition to the prospective scams loss avoided are 2 of the main measures.
With enemies and fraudsters continually adjusting and developing, what are some steps that organizations can take to improve their scams programs?
While definitely not an extensive and total list, here are my thoughts on six ideas for improving an existing fraud program, regardless of its maturity:
1. Enhance your intelligence: As assaulters and scammers adjust and progress, their strategies and methods do also. While specific services might have the ability to stay existing on a part of these modifications, it is almost difficult to achieve the breadth needed to successfully counter the quickly changing risk landscape.
By pooling resources and wanting to service providers that concentrate on staying existing, fraud groups can enhance their reach, exposure, and breadth.
Even much better than merely enhancing the team’s intelligence is finding ways to weave that intelligence into the day-to-day operations of the fraud group in a smooth and automatic style.
2. Supplement your telemetry data: Perhaps the scams team looks at individual transactions or series of deals. Or, perhaps the group looks for known patterns of activity in log data.
Or, perhaps there are a set of rules, signatures, and limits running over one or more data sets that are prepared to fire when there is a match. Whatever data you are looking at, it can likely be supplemented.
If you aren’t currently taking a look at the end-user journey through your application and the end-user’s habits within that journey, you might want to take a look. That telemetry data can be extremely valuable and can offer distinct insight and crucial context around numerous different activities, demands, and transactions.
That insight and context integrate to help support much better decision making. Simply put, they straight lead to much better and more trustworthy fraud detection.
3. Enhance your decision making: Usually, the choice about whether or not a specific habits is fraudulent isn’t binary.
Rather, the probability that something is fraudulent is a probability based upon a number of various elements. Like any probability-based decision, its quality and precision depend upon a number of different factors, including the quality and precision of the input information, along with the breadth and coverage of the information.
As such, enhancing, augmenting, and supplementing the data you use to compute what activities might be deceptive will assist you more precisely find and alleviate fraud.
You will find more true positives, while at the exact same time minimizing the variety of false positives and false negatives. All of that spells good news for the scams program.
4. Evaluate sessions: As you have actually likely already gathered, it is insufficient to take a look at private transactions or individual activities within the application.
Rather, a more holistic technique around understanding what is going on in the session as a whole is required. Basically, genuine consumers don’t live within limits all the time, nor do they live within a well-defined set of guidelines.
Just through analyzing sessions and all of the relevant context they provide can scams groups move far from a consistent diet of false positives and improve their performance.
5. Eliminate automation: Many individuals consider automation entirely in regards to attacks, often in large volumes, by bots. What people in some cases forget, nevertheless, is that there is also the element of Account Takeover (ATO).
To put it simply, besides attacking applications to take them offline, drive fundamental costs up, and perform credential stuffing attacks, bots are also used to take over accounts. Bots are not just a security problem. They are, basically, the cutting edge of fraud.
As such, removing automation not only has benefits for the security group, it likewise has incredible benefits for the scams team also. Mitigating bots and automation is well worth the scams team’s time, and it is well worth performing in collaboration with the security team.
6. Merge security and fraud: As our understanding of danger management as an occupation grows, the unification of the security and scams teams only makes good sense. In addition to the bot usage case, there are numerous other use cases where security and scams teams can, should, and need to collaborate in order to efficiently mitigate threat.
The 2 functions have numerous synergies – security knowledge can often enhance the scams program and vice versa. Unifying these two groups into one powerful danger mitigation force is one way in which organizations can considerably enhance both their security and fraud programs.
Possibly you have been operating in the scams space for years and have a mature scams program. Or, perhaps you are just beginning and are developing and growing a nascent fraud program. In either case, there are actions you can take to widen your view, enhance your decision making, and enhance the state of your scams program.
Releated: All About the Bots: What Botnet Trends Portend for Security Pros
Joshua Goldfarb (Twitter: @ananalytical )is presently Director of Product Management at F5. Previously, Josh worked as VP, CTO – Emerging Technologies at FireEye and as Chief Gatekeeper for nPulse Technologies till its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to assist business build and enhance their network traffic analysis, security operations, and occurrence reaction capabilities to improve their details security postures. He has consulted and advised many customers in both the general public and private sectors at tactical and tactical levels. Previously in his profession, Josh functioned as the Chief of Analysis for the United States Computer System Emergency Situation Readiness Group (US-CERT) where he built from the ground up and consequently ran the network, endpoint, and malware analysis/forensics abilities for US-CERT. Previous Columns by Joshua Goldfarb
