Anyone with an online business has now joined the front-line fight against serious criminal organizations – whether knowingly or unknowingly. That’s a fact. But stopping these organizations, and the people within them, is a cat and mouse game and right now fraudsters are staying way out in front.
Maintaining security and protecting data is the responsibility of all business leaders today, large and small – especially as many moved into the online space, using it as a ‘lifeline’ during Covid-19, while customers have been forced to shop from the safety of their own home.
For example, even restaurants which didn’t previously have any sort of takeaway capacity have put their menu onto apps such as Uber Eats and Just Eat, and retailers without online stores have scrambled to turn their businesses digital, causing a huge boom for the ecommerce industry.
But the fact is, moving online isn’t as simple as it might seem – and many of the companies who have made this leap will now know this. Opening your business up online also opens up your business to new and more subtle types of risk. Because while outright theft within a physical setting is relatively easy to monitor and prevent, data theft and other types of online fraud sit behind a screen and can be extremely difficult to spot.
Unfortunately, recent history shows us that fraud prevention methods are not really fit for purpose in combatting the growth of the problem. In fact, we already identified 2020 as a year that was going to see a rise in cybercrimes, and that was before Covid-19 exacerbated the problem. The truth is, many businesses moving online for the first time are simply not ready for these threats, and any precautions they do have are unlikely to be enough.
So, for business leaders that are now refocusing their attention on fraud, understanding the mindset of a professional fraudster and why this poses a risk to all businesses, including theirs, is a good place to start.
But what is it that fraudsters don’t want any of us to admit?
1. The anonymity movement is making things worse - It is creating a safe haven for the criminal organizations that fraud companies are coming up against, and those operating within them, enabling them to collaborate and expand undetected. What’s more, the recent ‘right to be forgotten’ law, is helping them cover their tracks once they have used stolen data to commit the crime.
2. The struggle is real – Many think artificial intelligence (AI) and machine learning (ML) are the answer to our fraud woes and can be left to their own devices to solve problems. Yet this mentality needs to change if we are to keep up with fraud trends. The truth is, supervision is necessary to stay on top of these trends and analyses the data needed to understand how to react to fraud. Those committing fraud understand these trends and are making real-time decisions in response to them.
So, the way we use AI and ML is outdated. Fraud managers and employees should be moving towards a ‘supervised learning’ model – this is a tactic the whole industry needs to catch up with.
3. It’s not all them – Across many industries, there is a level of something we call ‘data breach fatigue’ taking place, which can cause fraud prevention to become a tick box exercise and decreasing budget line. This level of mass acceptance can be easily used as a weapon against companies. If the urgency to prevent fraud is not addressed on a cultural level in a business, as well as on a technological level, we will soon be standing at the edge of an unbridgeable chasm.
4. Patience is their virtue – Throughout the pandemic there has been a rapid rise in phishing scams, ID theft and account takeover, which have been used to target the most vulnerable. Phishing scams that offer financial aid and false employment websites that steal identities have been used against people who have lost jobs or have been furloughed during the outbreak.
Acknowledge the risk
Still, the real fallout of the current fraud ‘boomtown’ will not be felt fully for many, many months – imagine the yearly chargeback mayhem in February after the dust settles on seasonal sales and now take into consideration the number of businesses that have moved online and the sudden spike in fraud we’ve been experiencing. Businesses must be prepared for friendly fraud and chargebacks to be higher than usual in the early months of next year.
What’s more, use of the personal and financial data harvested from customers in recent months will be carefully timed by fraudsters – rather than accusing and fraud shaming businesses that have been victims – we should plan to avert longer-term disasters as the stolen data makes its way back to market.
Let us not forget that everyone in the fraud prevention chain, from fraud specialist businesses and in-house risk professionals, to technology providers and industry consultants, are all in the job for one reason – to prevent crime. And this work is vital to support businesses as the economy feels the impact of Covid-19. The industry must band together if hardworking, genuine businesses, are to come out stronger than ever.
So, if anything, this fight has revealed that it’s not enough to just analyses the behavior of fraudsters, but we need more relevant data points to be able to predict fraud before it even occurs. Especially as more and more businesses are quickly transforming to take advantage of digital opportunities during this global crisis.
Fraud concerning financial and identity theft often provides funding for more serious criminal activity – such as the drug trade and terrorism – and that’s not to mention the significant personal impact on members of the public, and reputational and financial damage caused to businesses.
In parallel, the universal digitalization of all consumer and business interactions is in full flow, surging on even faster since the outbreak of the Covid-19 pandemic and leapfrogging previous processes and protocol. So, the pressure on businesses and fraud professionals to better protect these vital digital environments is mounting.
That’s why it’s essential for digital businesses to acknowledge their risk exposure and work with a specialist to assess the best way to protect themselves and their customers. At the moment, too many businesses risk having their digital potential strangled by growing fraud, even though we all know that prevention is always better than cure.
Tamas Kadar and Bence Jendruszak, Founders of SEON