enterprisesecuritymag

Don't Be A Soft Target: Three Tips To Shut Out Fraudsters

By Micah Willbrand, Managing Director for Identity and Fraud Solutions, Experian UK&I

Micah Willbrand, Managing Director for Identity and Fraud Solutions, Experian UK&I

What does your fraud attack rate say about your business? In today’s fast-moving digital marketplace, organisations are understandably focused on catching fraudsters, when perhaps they should be more focused on keeping criminals away altogether.

Experian’s 2019 Global Identity and Fraud report found that 55 percent of organisations reported a rise in online fraud losses in the previous 12 months. Yet only 50 percent felt they held a high understand of how fraud affects their business.

Businesses would do well to consider the fraud attack rate they have experienced over this time, which includes both missed and detected fraud attempts.

From a fraudsters’ point of view, an attack is considered to be successful if they have been able to get in to your organisation and managed to transact. The fraud prevention tools your company has in place might keep some attacks out, but not all - so you can be viewed as an easy target.

Naturally, a business in this position will focus its efforts on trying to stop the fraudulent attempts which have beaten its defences, rather than trying to shut the door for good.

Experian’s research shows businesses with high attack rates experience fraud losses some 56 percent above those with a low attack rate. To add to their difficulties, those with a high attack rate generally have much higher operational expenses – such as more fraud investigators on the payroll – as they attempt to repel the fraud attacks in their system.

Three tips to improve your organisation’s fraud prevention strategy:

1. Don’t be a soft target

The dark web and online forums are rife with fraudsters comparing notes on what types of businesses make for easier targets than others. They share experiences and learn from them, much like legitimate businesspeople do. To counter this, directors should review their internal policies and procedures to better understand where there are gaps before their business is viewed as easy pickings.

2. Check your surroundings

Along with your own organisation’s experience, it’s worth looking at other companies in your sector. Industries such as airlines, delivery services and telecommunications have few large organisations, so if there is a change of policy at one then it can result in a rise, or fall, of attacks at others.

Competitor analysis allows you to assess how often comparable businesses have been targeted by fraudsters, when the attacks occurred and what it meant for the business. There may even be things you can learn from the source of the attacks, whether it’s ongoing phishing attacks, human error or poor internal policies. Regular audits help organisations to put the right fraud prevention solutions into place.

3. Choose the right prevention strategy

The best fraud prevention strategies we have seen combine technical and human expertise because it perfectly counters the way most criminal operations are run.

Machine learning is a key weapon in the fight against fraud because it helps to identify attacks quickly. It uses the results of previous applications and whether they were fraudulent or not, so improved decisions can be made in future. Machine learning technology also means that legitimate applications are less likely to be flagged as potentially fraudulent, so genuine customers can experience a seamless journey.

In summary

The businesses which are best prepared to tackle fraud, through a mix of technology and human expertise, can often be the ones with the lowest fraud attack rates – and the happiest customers.

Weekly Brief

Read Also

A Perspective on Vulnerability Management

A Perspective on Vulnerability Management

Gary Sprague , Director, Information Security, Compliance & Privacy Officer, Rent-A-Center
A Cloud Services Security Playbook

A Cloud Services Security Playbook

Arun DeSouza, CISO & CPO, Nexteer Automotive
Managing Access-Point-Risk without Interfering Too Much With Business Processes Efficiency.

Managing Access-Point-Risk without Interfering Too Much With...

Luther Uthayakumaran, Head Strategy and Innovation, Sydney Water
Is your carrier keeping your SMS Two-Factor Authentication Secure?

Is your carrier keeping your SMS Two-Factor Authentication Secure?

Steve Buck, Chief of Security Business Unit, Mobileum
How Modernized Encryption Standards and TLS 1.3 May Impact Your Security Strategy

How Modernized Encryption Standards and TLS 1.3 May Impact Your...

Ben Schoenecker, CISSP, Director of Information Security, Hendrick Automotive Group
White Box Cryptography (WBC)

White Box Cryptography (WBC)

Dr. Tsirinsky, CTO, E.S. Embedded Solutions