How performing behavioral analysis across silos can help detect sophisticated attacks.
Leslie K. Lambert
www.csoonline.com | Apr 13, 2018
Cyber fraud costs organizations billions of dollars each year, and its financial impact continues to climb as criminals are getting smarter and their attacks more complex.
While the increasing need for rapid and complex fraud risk detection is common in many sectors, it is perhaps most acute among financial institutions and online merchants. Competition is fierce in these highly digitized markets, and margins are razor-thin. Customers are extremely demanding, and constantly seek better, more user-friendly payment options and channels.
Cross-channel fraud detection has been an area of focus for both business and security leaders for nearly a decade. It began in earnest following the FFIEC’s publication of guidance in January of 2011. These were the early days of phishing attacks and credential hijacking, which leads, of course, to account takeover.
Subsequently, the FS-ISAC began issuing its own guidance on handling cross channel fraud to its member organizations, upping the urgency to tighten controls around authentication and identity.
Meanwhile, security teams have become overwhelmed by the sheer volume of data that needs to be analyzed to find evidence of fraud. To complicate matters, most online fraud detection solutions are still focused on monitoring specific channels or silos.
Rules are running out of gas
First-generation tools for identifying fraud use rules-based architectures that only look at historical data and statistical models in a specific community or area.
Consequently, they do not work across different channels at the same time, and do not work in real-time. Outdated and overly broad rules have a negative impact on the consumer experience of legitimate users and result in lost revenue through high numbers of false positives.
Automated attacks and the speed with which fraudsters can modify their techniques — to avoid detection and find weaknesses across all channels — continue to put pressure on rules-based systems. This slows the detection of new attacks and increases false positives, as rule libraries expand in breadth and complexity trying to keep up with new fraudulent activity.
Clearly, organizations need a different approach. Specifically, one that takes a behavioral view of threats across all channels from retail to online, from mobile to legacy systems, and monitors as many transactions as possible.
The attack surface is getting bigger
In financial services, fraud often involves the use of sophisticated tools and techniques to exploit the vulnerabilities of one channel to steal customer data or access credentials, then using that stolen information in another channel to siphon funds or make fraudulent purchases from a related account.
With multi-channel banking becoming the norm, including the regular use of multiple mobile devices from various access points, financial services organizations are under tremendous competitive and regulatory pressures to adequately protect their products and services to combat fraud attempts.
Businesses are expected to manage these issues without impacting customer service levels, while operating within compressed competitive and go-to-market timelines. In many cases, taking action and spending money to buttress traditional security tools and practices with the implementation of more advanced detection, prevention and predictive mechanisms takes a backseat, thus allowing the attack surface to expand.
Automation is needed and already used by fraudsters
These hurdles beg for a fresh perspective such as the use of the newer generation machine learning and analytics technologies that can address the challenge of cross channel fraud in a holistic manner.
For example, one of the leading challenges associated with implementing cross-channel fraud detection is the danger of fragmentation, where detection, alerting and case management practices have historically been operated as separate silo activities, when they should be managed as one.
Combining access and transaction data from multiple channels into data lakes where both machine learning and advanced analytics can be applied to derive meaningful relationships in real or near real time is one way to avoid this problem. This approach enables financial services firms to centralize monitoring across multiple channels to detect and prevent fraudulent activities that may appear benign in isolation.
A rarely discussed, yet key motivational factor for employing machine learning and advanced security analytics to combat cross channel fraud is that fraudsters are using these same technologies. Advances in artificial intelligence (AI) and machine learning are enabling malicious actors to harvest information and perform fraud at “machine-speed” and in a more targeted manner.
Furthermore, the ability to detect automated-account (i.e., bots) cross channel fraud, will become more difficult as these technologies increasingly behave more like humans—with the ability to adapt to human reactions, tailor messaging, and exploit emotions.
Fortunately, organizations have access to equally powerful systems that can link together seemingly disconnected access and transactional activities across channels to root out automated fraud. It’s essentially becoming a machine-to-machine combat.
While it’s critical for today’s security professionals to support their businesses without slowing down the customer experience, they also need to be able to detect, prevent and predict cross channel fraud at the same rate or faster than the bad actors out there. Speed is key, as the alternative leads directly to higher losses.