Embrace ‘intelligent friction’ in fight against online fraud

Issue 2 2021 Information Security, Security Services & Risk Management

As the number of consumers transacting online grows rapidly in lockdown economies, bad actors have followed the money, resulting in a spike in online fraud. Speaking at a global payments roundtable on digital fraud, Entersekt CEO, Schalk Nolte, looks at how involving the customer through 'intelligent friction' can stymie the efforts of fraudsters.

Waiting for machines to learn

Over recent months, users flocking online due to the COVID-19 pandemic has resulted in fraudsters launching huge volleys of cybercrime attempts. Nolte describes these volume-based attacks as 'spray and pray' efforts and says even the new tech heroes, machine learning (ML) and artificial intelligence (AI), are battling to keep up. In fact, the World Economic Forum estimates financial crimes could cost global citizens up to $1 trillion each year.

"Things are more focused now. It becomes a numbers game. If you have double the amount of users transacting online, even if you get just a two percent return on your emails, that’s a good rate for any fraudster. What we are seeing now just boils down to new use cases based on the same methodology," he says.

The obvious response to the increase in fraud attempts and especially some for the more sophisticated attempts, is to throw more technology at the problem. Nolte, however, says banks and other organisations are missing a trick if they think they can just rely on new tech like ML and AI.

"The problem with so many new users is that you have nothing to compare their behaviour against. No matter how good your ML or AI is, it's all about relying on user behaviour to predict actions. This ratchets up the number of false positives. If consumers use their credit card online for the first time, for example, and it gets declined because of a false positive result from the fraud engine, they will be far less likely to try shop online again with that card (or at all). Machines need to experience fraud before they can learn from that fraud, it's a reactive process."

Customers know best

For this reason, Nolte says getting the customer involved in the process puts boots on the ground to fight fraud and they are the most invested boots of all.

"Imagine if we could reach out to a customer and just ask them, is this really what you want to do? That's the magic. Nobody knows whether a transaction is real as well as the customer does. This intelligent friction is something to be welcomed. It's all about finding the balance; you don't want to bother the customer too much, but customers want to be in control, even when it comes to paying their existing beneficiaries. Authenticating the transaction instils confidence, and deputising the customer by giving them control builds trust," he says.

According to Nolte, different types of fraud raise their heads in different parts of the world depending on local conditions and standards embraced in that location.

"You see fraud move around the world. As it's solved in one place, it moves on to another market. Choosing the best standards is what keeps customers safe - and they needn't even know it's happening in the background. Sometimes you experience a kick back from your user base if their experience changes and so updating in the background is sometimes best," Nolte advises.

Changing roles of financial institutions

Looking to the future, Nolte says that banks could leverage their position of trust as well as their unique access to user data to become the custodians of our consumers’ digital identities.

"Banks play a significant role in consumers' lives. The trusted relationship between consumers and their financial institution means that banks are exceptionally well positioned to play a much larger role going forward. Instead of using my Google and Facebook to log in somewhere in the future, perhaps I can use my bank account, because that's where the anchor of my identity is," he suggests.

Nolte, like many in his industry, believes there is room for industry standards when it comes to fraud detection and prevention. There is no reason why the best authentication should be a competitive advantage when it could be an industry standard. However, he says while this becomes a reality, organisations should waste no time in taking action.

"The tools are there, there is no reason to wait for the industry to define what should be done. You can't be paralysed by worrying about how your customers will perceive the changes. Ultimately, if they are part of the solution and they know that they will be safer, they will be on board. The winning formula is to find someone to partner with who has done it before and done it at scale. Someone who knows the tech and knows what to expect. Even though fraudsters are constantly evolving and refining their techniques, we know that we can still make a massive dent in the damage they are doing. It's all about having the right partner," Nolte concludes.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Continuous security optimisation.
News & Events Information Security
Cymulate has announced its partnership with SentinelOne, a threat exposure validation and AI-powered cybersecurity platform. The collaboration delivers self-healing endpoint security that empowers businesses to increase protection for every endpoint on their network.

Read more...
Protect your smart home devices
Kaspersky IoT & Automation Information Security Smart Home Automation
Voice assistants, kitchen robots, smart lights and many other intelligent devices have become part of our everyday life. However, with the rise of smart technology comes the need for robust protection against potential vulnerabilities.

Read more...
ISPA’s take-down process protects from local scams
News & Events Information Security
During the recent school holidays, parents could rest a little easier knowing that ISPA, SA’s official internet industry representative body, is removing an average of three to four problematic websites from the local internet every week.

Read more...
NEC XON disrupts sophisticated cyberattack
Information Security
NEC XON recently showcased its advanced cyberthreat detection and response capabilities by successfully thwarting a human-operated ransomware attack targeting a major service provider.

Read more...
What’s your cyber game plan?
Information Security
“Medium-sized businesses are often the easiest target for cyber criminals, because they are just digital enough to be vulnerable, but not mature enough to be fully protected," says Warren Bonheim, MD of Zinia.

Read more...
Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.