Facing the coronavirus pandemic, the world is amid one of the biggest challenges in recent history, likely more impactful than the 9/11 tragedy and its aftereffects – both the human and economic toll. In mere weeks, COVID-19 has upended how we go about our daily lives. Yet even as we struggle to find our footing in this new “normal,” there are opportunists poised to exploit the day’s upheaval for personal gain.
As schools and businesses across the country shutter, one of the most immediate changes is the sudden and massive shift from in-person to online and digital interactions. While society has moved increasingly toward digital engagement in recent years, the pandemic has pushed us faster and more completely into the digital realm, in some cases against our will and beyond our comfort zones. This is true not only for consumers but for industry – the merchants, suppliers, retailers and more.
What risks lie in this unexpected, gargantuan shift? Fraudsters and cyber-adversaries revel in the disruption, seeing a prime opportunity to strike unwitting, unprepared victims. Within days of COVID-19 being classified a pandemic, we saw cyberattacks on the Department of Health and Human Services website. We’ve seen a proliferation of fraudulent websites on pandemic pertinent topics, each illicitly developed to compromise individuals’ identities or gain access to their financial accounts. The most likely victims? The same people most vulnerable to the virus: the elderly and those with underlying health issues, whose fear and anxiety may push them to any information they can find about the virus, factual or not.
With digital migration, the risk of identity manipulation and fraud grows for consumers and industry alike. As in the past, consumers will look to businesses to protect them (and their digital identities) from fraudulent activity. That puts a double onus on the business community. Businesses must simultaneously safeguard their customers while protecting themselves, be it a single significant attack or many small, fraudulent transactions.
The best offense is a strong defence
Criminals don’t discriminate. They adeptly seek out the most vulnerable to perpetrate their schemes. While some industries are better prepared than others, now is a time for increased vigilance across the board.
First, the leaders. The financial services, government and health care sectors are among the most mature and well-versed in managing fraud and cybersecurity risks. The challenge for organisations in these industries will be to stay sharp in their fraud monitoring and security programs in the face of plummeting sales, rampant illness and general anxiety. They should:
- Rigidify fraud tracking regimens with more frequent data review to accelerate detection and mitigation measures. Responding quickly to known and new fraud trends helps minimise losses.
- Increase the manual review of borderline applications and transactions, where there is a higher likelihood of fraudulent activity.
Organisations in industries with typically less sophisticated security and anti-fraud programs are attractive targets. These include retail, food services, communications and similarly situated industries. As these organisations alter their delivery modes to meet the surging demand of an increasingly sequestered public, digital traffic will soar. It isn’t a stretch to predict a corresponding spike in online payments fraud. They should:
- Intensify or initiate new fraud monitoring approaches to address rising fraud and cybersecurity risks. Understand the nature and characteristics of losses to foster a more focused and timely response to fraud threats.
- Be vigilant against card not present (CNP) fraud. CNP measures will likely need to be adjusted with new rules and models, particularly for retailers and food services industry businesses.
Each of us, as individuals, can also play a part in helping industry fight fraud. Phishing and social engineering schemes are more sophisticated than ever – and operating beyond “business as usual” in our personal and professional lives puts even the savviest among us at heightened risk. We should:
- Each of us, as individuals, can also play a part in helping industry fight fraud. Phishing and social engineering schemes are more sophisticated than ever – and operating beyond “business as usual” in our personal and professional lives puts even the savviest among us at heightened risk. We should:
- Closely and regularly monitor your financial accounts. Report suspicious activity as quickly as possible.
- Review credit reports to identify unauthorised lines of credit or new credit inquiries and applications.
We’re in this together
Keep in mind that, although we find ourselves in uncharted waters facing the pandemic, we have solid, proven approaches to managing fraud and cyber-risks. While not all businesses can rely on fraud monitoring tools as robust as the financial services industry, advances in cloud technology make the deployment of analytics, and even artificial intelligence, faster than ever and put such capabilities within reach of even small and medium businesses.
In this accelerated move to digital, identity authentication and validation become more important than ever. While swelling digital interaction and e-commerce present new challenges, they also provide more information to fight fraud. Device and behavioural biometric data, for example, can be used to assess the risk of an online customer or transaction – and a company need not rely solely on its own limited information. Data providers can deliver an understanding of a device, phone number or email address across many customer experiences, helping businesses better measure the identity risk attached to each new or existing customer.
The silver lining in this dark cloud: we have the data, analytics and technology to effectively and efficiently manage and mitigate fraud and security risks. A strong defence just requires that we – consumers, businesses and technology vendors alike – join forces to make it available.
Come what may, we’re all in this together, and we each have a part to play. Consumers, stay vigilant. Businesses, keep focused on fraud prevention and cybersecurity, bolstering any weaknesses. We, the solution and data providers, will support the ability to quickly ramp up the defences needed to temper the risks that arise. Together, we can more successfully keep the criminals at bay and collectively focus our efforts and energies at ending the pandemic.
Dan Barta, Principal Enterprise Fraud and Financial Crimes Consultant, SAS