Embrace ‘intelligent friction’ in fight against online fraud

Issue 2 2021 Information Security, Security Services & Risk Management

As the number of consumers transacting online grows rapidly in lockdown economies, bad actors have followed the money, resulting in a spike in online fraud. Speaking at a global payments roundtable on digital fraud, Entersekt CEO, Schalk Nolte, looks at how involving the customer through 'intelligent friction' can stymie the efforts of fraudsters.

Waiting for machines to learn

Over recent months, users flocking online due to the COVID-19 pandemic has resulted in fraudsters launching huge volleys of cybercrime attempts. Nolte describes these volume-based attacks as 'spray and pray' efforts and says even the new tech heroes, machine learning (ML) and artificial intelligence (AI), are battling to keep up. In fact, the World Economic Forum estimates financial crimes could cost global citizens up to $1 trillion each year.

"Things are more focused now. It becomes a numbers game. If you have double the amount of users transacting online, even if you get just a two percent return on your emails, that’s a good rate for any fraudster. What we are seeing now just boils down to new use cases based on the same methodology," he says.

The obvious response to the increase in fraud attempts and especially some for the more sophisticated attempts, is to throw more technology at the problem. Nolte, however, says banks and other organisations are missing a trick if they think they can just rely on new tech like ML and AI.

"The problem with so many new users is that you have nothing to compare their behaviour against. No matter how good your ML or AI is, it's all about relying on user behaviour to predict actions. This ratchets up the number of false positives. If consumers use their credit card online for the first time, for example, and it gets declined because of a false positive result from the fraud engine, they will be far less likely to try shop online again with that card (or at all). Machines need to experience fraud before they can learn from that fraud, it's a reactive process."

Customers know best

For this reason, Nolte says getting the customer involved in the process puts boots on the ground to fight fraud and they are the most invested boots of all.

"Imagine if we could reach out to a customer and just ask them, is this really what you want to do? That's the magic. Nobody knows whether a transaction is real as well as the customer does. This intelligent friction is something to be welcomed. It's all about finding the balance; you don't want to bother the customer too much, but customers want to be in control, even when it comes to paying their existing beneficiaries. Authenticating the transaction instils confidence, and deputising the customer by giving them control builds trust," he says.

According to Nolte, different types of fraud raise their heads in different parts of the world depending on local conditions and standards embraced in that location.

"You see fraud move around the world. As it's solved in one place, it moves on to another market. Choosing the best standards is what keeps customers safe - and they needn't even know it's happening in the background. Sometimes you experience a kick back from your user base if their experience changes and so updating in the background is sometimes best," Nolte advises.

Changing roles of financial institutions

Looking to the future, Nolte says that banks could leverage their position of trust as well as their unique access to user data to become the custodians of our consumers’ digital identities.

"Banks play a significant role in consumers' lives. The trusted relationship between consumers and their financial institution means that banks are exceptionally well positioned to play a much larger role going forward. Instead of using my Google and Facebook to log in somewhere in the future, perhaps I can use my bank account, because that's where the anchor of my identity is," he suggests.

Nolte, like many in his industry, believes there is room for industry standards when it comes to fraud detection and prevention. There is no reason why the best authentication should be a competitive advantage when it could be an industry standard. However, he says while this becomes a reality, organisations should waste no time in taking action.

"The tools are there, there is no reason to wait for the industry to define what should be done. You can't be paralysed by worrying about how your customers will perceive the changes. Ultimately, if they are part of the solution and they know that they will be safer, they will be on board. The winning formula is to find someone to partner with who has done it before and done it at scale. Someone who knows the tech and knows what to expect. Even though fraudsters are constantly evolving and refining their techniques, we know that we can still make a massive dent in the damage they are doing. It's all about having the right partner," Nolte concludes.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Managed security solutions for organisations of all sizes
Information Security News & Events
Cyber attackers have become significantly more sophisticated and determined, targeting businesses of all sizes. PwC’s Global Digital Trust Insights Survey 2025 Africa and South Africa highlights the urgent need for organisations to implement robust cyber risk mitigation strategies.

Read more...
Data resilience at VeeamON
Technews Publishing SMART Security Solutions Infrastructure Information Security
SMART Security Solutions attended the VeeamON Tour in Johannesburg in August to learn more about data resilience and Veeam’s initiatives to enhance data protection, both on-site and in the cloud.

Read more...
The role of drones in farm protection
Agriculture (Industry) Security Services & Risk Management
Laurence Palmer reminds us of the role drones play in agricultural security and offers a free security risk assessment template for downloading (link at the end of the article).

Read more...
SMART Surveillance Conference in Johannesburg
Arteco Global Africa Technews Publishing SMART Security Solutions Axis Communications SA neaMetrics Editor's Choice Surveillance Security Services & Risk Management Logistics (Industry) AI & Data Analytics
SMART Security Solutions hosted its annual SMART Surveillance Conference in Johannesburg in July, welcoming several guests, sponsors, and speakers for an informative and enjoyable day examining the evolution of the surveillance market.

Read more...
Troye exposes the Entra ID backup blind spot
Information Security Infrastructure
If you trust Microsoft to protect your identity, think again. Many organisations naively believe that Microsoft’s shared responsibility model covers Microsoft Entra?ID – formerly Azure AD – but it does not.

Read more...
Secure data protection without hardware lock-in
Infrastructure Information Security News & Events
New Veeam Software Appliance empowers IT teams to achieve instant protection with Veeam’s fully preconfigured, software-only appliance, delivering enterprise-ready simplified deployment and operational efficiency, robust cyber resilience.

Read more...
Check Point launches open, vendor-neutral MDR services
Information Security News & Events Products & Solutions
New Check Point MDR 360° and MXDR 360° offerings deliver 24/7 managed continuous threat monitoring protection across endpoints, cloud and network environments with built-in identity threat detection and 160+ integrations across hybrid, multi-vendor environments.

Read more...
Credential theft surges in South Africa
NEC XON Information Security
NEC XON issues a critical cybersecurity warning about the dual threat of massive credential theft and AI-powered cyberattacks sweeping across the region, with an increasing number of incidents and evolving threat tactics.

Read more...
Want effective Attack Surface Management? Think like an attacker.
Information Security
Effective ASM requires companies to think like attackers, anticipate risks, and act decisively to reduce exposure by knowing their environment, deploying a structured approach, leveraging capable tools, and addressing both internal and external risks.

Read more...
Your Wi-Fi router is about to start watching you
News & Events Surveillance Security Services & Risk Management
Advanced algorithms are able to analyse your Wi-Fi signals and create a representation of your movements, turning your home's Wi-Fi into a motion detection and personal identification system.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.