Behavioural Analysis: The Most Trusted Defence Against Frauds

The RSA Q1 2018 Fraud Report indicates Phishing accounted for 48% of all cyberattacks. Canada, the United States, India and Brazil were the countries most targeted by phishing. Financial Trojan horse malware accounted for one out of every four fraud attacks observed. Consumer transactions and fraud continue to grow in the mobile channel. During this period, 55% of transactions originated in the mobile channel and 65% of fraud transactions used a mobile application or browser. More than 80% of observed fraudulent e-commerce transactions originated from unknown (new) devices.

I had an interesting conversation with Daniel Cohen, Director, Head of Products, RSA Fraud & Risk Intelligence – a business unit that provides hundreds of organisations worldwide with anti-fraud services, including phishing and malware attack handling and cybercrime intelligence operations. It was both revealing and scary how different fraud syndicates from different parts of the world operate and victimise both institutions and individuals.

Below are the excerpts of the interview:

DCISO: Let’s begin with the term “fraud” and how it has gained prominence?

Daniel Cohen (DC): Fraud is a very broad term. A lot of incidents that take place today, are classified as fraud. We, at RSA, focus on consumer, financial fraud, which is one of the most prevailing forms of fraud.

Well before cybercrime bubble was inflated, financial fraud had the world in its grip. In today’s context, it has become even more complex because every business is adopting digitalisation as the way to transform. With the exponential growth in digital transactions, it is expected that by 2021 over 3 billion users will access financial services online. With an exposure of this magnitude, it is imminent to detect frauds originating from the dark web, malware and other such sources.

DCISO: There is a growing concern among businesses about diminishing customer trust due to increase in incidents of fraud. How can these issues be addressed?

DC: In my view, a lot depends on which hat are you wearing while looking at fraud. If you wear a business hat, you’d want to exploit the benefits of digitalisation and thus make it open, and frictionless. If you wear a fraud preventer’s hat, you’d want to have a tightly-guarded environment and allow consumers access through a single channel to provide business the required security. Lastly, if you wear a consumer’s hat, you’d indeed look want security but at the same time would also want the process to be frictionless and convenient.

Here’s an example of the real world. A lot of banks in Australia have integrated Amazon Alexa into their workflows. Think about the shift and assess how the three distinct personas will look at it. Business will call it a great initiative because it gives convenience to customers resulting in more transactions. The fraud teams will be paranoid because it burdens them with more identity and access management and user authentication tasks for the new devices. The consumers will be happy because humans are the creatures of convenience and this gives them a great deal of convenience. So, on one hand businesses have to digitalise to grow and on the other hand, there is a need for building trust among the growing digital identities and assets. Bridging this gap is a complex task for security and fraud teams.

DCISO: Let’s keep the consumers – the creatures of convenience – aside for a moment. What’d you advise the companies to provide consumers their required confidence?

DC: In no particular order or priority, I’d place the following recommendations for the organisations to check on frauds and thus create trust:

  • Visibility: In the context of consumer financial frauds, visibility means we get a single view of consumer transactions and not fragmented. Today, the banks’ anti-fraud measures are fragmented (in silos). They will have a different solution for web and mobile, for call centers, for the IVR or branch. But each one of these solutions is seeing the consumer activity only for that particular channel. However, the fraudsters are conducting social-engineering attacks across all channels. And because the solutions are in silos, their risk analysis is also done in silos. To fight fraud, organisations should invest in a solution that gives an omni-channel visibility and monitors consumer activities across channels.
  • Machines: In this age, fraud teams can harness the power of machine learning/big data analytics to get better risk analysis. It will also help in setting up more effective policy rules to not only allow genuine transactions to go through seamlessly but also stop the suspected activities at source. Join the capability and power of machine learning with that of visibility, and the accuracy of risk analysis goes much higher than the normal. It also brings you the behavioural aspects of trusting identities.

DCISO: In any typical banking or financial org, there are separate teams managing security, risk, and fraud functions. In the world where virtual identities are spiralling, who is responsible to manage identities to help check frauds?

DC: Security is a function that protects the IT/Data assets of an enterprise. Years back nobody knew where the function of fraud detection stood in an organisation. But today, there is a growing convergence of security and fraud in banking sector globally. It starts with the physical teams sitting in the same room and looking at the same information dashboards. During an interesting conversation with a large Australian company, it was revealed that a lot of fraud cases get solved because of the knowledge sharing between the two teams. While there is still a division between fraud and security teams, it is fast becoming porous and a lot of information is shared is flowing to and fro.

DCISO: Where, according to you, most perpetrators of fraud reside? Are they insiders or outsiders?

DC: Fraud, when its committed, is about both volume and value. The outside fraud attacks are high in volume. This type of attacks has increased exponentially in past few years. For example, millions of fraudsters are trying to dupe users on social media sites – be it Facebook, Twitter or any other – in different, deceptive ways. But when it comes to insider fraud, it’s mostly about the value. Even one insider can create havoc and syphon off millions. Having said that, it is very hard to detect the modus operandi of an insider fraudster. But if you talk of sheer numbers, the outsiders outnumber the insiders.

DCISO: How can an organisation deal with the inside fraudsters?

DC: The only trusted way of doing this is through behaviour analysis. We have a proven use case here. A large financial institution, through behaviour analysis and by understanding the pattern of usage of internal systems, established a lead, which helped them nab the fraudsters. There are defined roles in a banking org to do defined jobs. That role defines which systems, applications and processes one can access. If an insider is going beyond those roles in a suspicious way, that means there are chances of a fraud brewing. So, it’s mostly through behavioural analysis.

DCSIO: Tell us about some common, prevalent type of frauds that occur today?

DC: It varies from one region to another. RSA Q1, 2018 fraud report indicates that mobile frauds are on an incline in India. To know the reason, let’s take a step back. Fraudsters want to make as much money as possible with as little investment as they can. Due to growing mobile penetration in India, it is a natural, susceptible target for fraud through various vulnerable and fake mobile apps. Similarly, scam is another type of fraud that is prevalent in many countries, geographies. The caller will call and trick you to pay a fine or else threaten you to face legal consequences. Phishing is still an active source of fraud. I call it “Digital Pickpocketing,” which will always be around. The last most prevalent type is credit card fraud including card skimming at point of sale machines, or phishing for credit card details etc.

DCISO: How do the fraudsters behave; what do you do with intelligence?

DC: Interestingly, our intelligence allows us to have a deep, insider view of the human aspects of fraud. It is interesting to know how frauds look like in different geographies. Equally interesting is to know how the Chinese-speaking, Arab-speaking or Russian-speaking hackers behave. Cultural elements play a very vital role in their interactions. For example, you have to strike very business-oriented, accurate, conversations with Russian-speaking hackers. Whereas the case of South American hackers is different. There, everybody is in everybody’s pants. A lot of connections are mapped with social identities in South America. Our investigations found out that a lot was going on between hackers based in India and Indonesia. Arab-speaking underground is an interesting study too. They praise each other, praise the lord, and they are big on credentials.

As part of work, our intelligence not only feeds into our systems but also work with law enforcement agencies. A lot of them approach us to seek information on different undergrounds and fraud syndicates. We collaborate with both government agencies and the industry to help prevent fraud as much as possible.

Leave a Comment

Your email address will not be published.

You may also like