By Robert Griffin, VP of Counter Fraud Solutions, IBM
If you were a criminal, would you bother robbing one bank if you could steal infinitely more from thousands of banks worldwide, and with far less risk?
Of course not. And that calculation is why fraud has exploded online. It is estimated that $3.5 trillion is lost each year to global fraud and financial crimes. With the rise of mobile devices, social networks and cloud computing, we live in a hyper-connected society that creates and shares more information than ever before.
In our roles as consumers, employees and citizens, we’re rarely more than arm’s length from a smartphone, tablet or PC to engage with work colleagues, share social updates or transfer funds between bank accounts. This has given rise to a new and technically proficient generation of criminals that are constantly probing for vulnerabilities in how organizations and individuals connect and share information. And they’re going after the richest payouts with the lowest risk.
An explosion of big, diverse, high-volume data can equal big opportunities for fraudsters who try to hide their tracks in an information smokescreen. Identity fraud affected more than 12 million individual in 2012, according to a Javelin Strategy & Research Report, resulting in theft of nearly $21 billion. Digital fraud helps explain why 70 percent of companies have experienced crime. In the past year, we’ve seen an alarming rise in the number of retailers hacked, banks compromised and personal information stolen from popular websites.
And it’s not just everyday robbers. Money launderers, organized crime networks, and cyber thieves around the world are in on the act. In fact, organized crime groups are behind 80 percent of all cybercrime. All this underscores why fraud is no longer just a cost of doing business. In going digital, fraud has become something much bigger, less tangible and far more invasive.
In the past, businesses just wrote off a percentage of their fraud losses rather than invest in a counter fraud strategy. Today, given the scale and access delivered by digital platforms, the collateral damage caused by fraud impacts not only business brands and bottom lines, but each of us as individuals through higher insurance premiums, slower medical claims processing and increased municipal tax rates.
Criminals have become the earliest adopters of new technology, so it’s little surprise that they’re making the most of today’s emerging capabilities around big data and cloud. However, these same technologies can help organizations turn big data into an investigative asset to help identify, disrupt and prevent fraud. Here are three ways business leaders can start turning the table on would-be fraudsters:
1) Let criminals know you’re onto them: Criminals want easy targets. If you let them know you’re watching them, they’ll move on to the next unsuspecting victim. Consider a health insurance fraud scheme organized by multiple players. A counter fraud system can actively monitor suspicious activity in real-time to determine if someone has a forged identify, and then set up counter measures to prevent false medical claims being made on a legitimate account. Once a claim is blocked and the fraudster identified, they will more often than not get nervous and move on. This of course requires an organization to have these types of systems in place, and to instill an overall culture of fraud prevention.
2) Be proactive and take a holistic view: With the advent of big data and the ability to identify trends and patterns that would have otherwise gone undetected, organizations can start to draw conclusions more quickly. They can be proactive rather than reactive, and squash potential problems before they turn into brand nightmares. By picking up indicators of suspicious behavior early, you can understand whether something is a false positive — such as an innocent typo or mistake in a form submission — or the result of true criminal intent.
The key is taking a holistic view of the entire business. The days of extracting information from siloed data warehouses in order to compile and analyze it are over. Those data siloes must be integrated and able to communicate with each other in real-time using analytics embedded into the technology infrastructure. This is important because today’s attacks are growing in coordination and sophistication.
Consider direct denial of service (DDoS) attacks, which are typically large groups of individuals that access a website at the same time in order to shut down its servers. Let’s say a bank is being hit with a DDoS and has deployed its entire security team to combat the issue and bring their servers back online. At the same time, the bank starts seeing suspicious account behavior in a separate part of the organization. By deploying a true, enterprise-wide counter fraud initiative — or one that combines advanced technology and cultural vigilance — organizations can quickly realize the DNS attack was classic sleight of hand to mask the second, more-invasive attack to steal funds from a customer account.
3) Remove false positives to improve customer service: Taking a holistic view also lets organizations dissect risks faster and more effectively so they can give legitimate customers an exceptional service experience. While we can always prevent fraud by locking down every corporate site, mobile app or social platform, it’s simply not a reality in today’s digital and hyper-connected society. So it’s imperative that organizations get smarter about balancing service and security.
When data is interconnected and constantly being analyzed, it enables organizations to move to an evidence-led operations model, which can focus on cutting down false positives, so they don’t have to slow down customer service, put a stop on an account, or deny a transaction. Many fraud detection systems simply look at the specific transaction, rather than context. But with big data and advanced real-time analytics, today’s counter fraud systems can detect potential patterns of fraud and automatically delineate between simple user error and malicious criminal intent.
Robert Griffin is Vice President of Counter Fraud Solutions at IBM. He has spent more than 35 years in the Software and Services industry. His prior company, i2, was sold to IBM in 2011. Mr. Griffin sits on the Board of Directors for the Intelligence and National Security Alliance (INSA) and on the Advisory Board for Infragard (a public-private, non-profit between U.S. businesses and the FBI).