Embrace ‘intelligent friction’ in fight against online fraud

Issue 2 2021 Cyber Security, Security Services & Risk Management

As the number of consumers transacting online grows rapidly in lockdown economies, bad actors have followed the money, resulting in a spike in online fraud. Speaking at a global payments roundtable on digital fraud, Entersekt CEO, Schalk Nolte, looks at how involving the customer through 'intelligent friction' can stymie the efforts of fraudsters.

Waiting for machines to learn

Over recent months, users flocking online due to the COVID-19 pandemic has resulted in fraudsters launching huge volleys of cybercrime attempts. Nolte describes these volume-based attacks as 'spray and pray' efforts and says even the new tech heroes, machine learning (ML) and artificial intelligence (AI), are battling to keep up. In fact, the World Economic Forum estimates financial crimes could cost global citizens up to $1 trillion each year.

"Things are more focused now. It becomes a numbers game. If you have double the amount of users transacting online, even if you get just a two percent return on your emails, that’s a good rate for any fraudster. What we are seeing now just boils down to new use cases based on the same methodology," he says.

The obvious response to the increase in fraud attempts and especially some for the more sophisticated attempts, is to throw more technology at the problem. Nolte, however, says banks and other organisations are missing a trick if they think they can just rely on new tech like ML and AI.

"The problem with so many new users is that you have nothing to compare their behaviour against. No matter how good your ML or AI is, it's all about relying on user behaviour to predict actions. This ratchets up the number of false positives. If consumers use their credit card online for the first time, for example, and it gets declined because of a false positive result from the fraud engine, they will be far less likely to try shop online again with that card (or at all). Machines need to experience fraud before they can learn from that fraud, it's a reactive process."

Customers know best

For this reason, Nolte says getting the customer involved in the process puts boots on the ground to fight fraud and they are the most invested boots of all.

"Imagine if we could reach out to a customer and just ask them, is this really what you want to do? That's the magic. Nobody knows whether a transaction is real as well as the customer does. This intelligent friction is something to be welcomed. It's all about finding the balance; you don't want to bother the customer too much, but customers want to be in control, even when it comes to paying their existing beneficiaries. Authenticating the transaction instils confidence, and deputising the customer by giving them control builds trust," he says.

According to Nolte, different types of fraud raise their heads in different parts of the world depending on local conditions and standards embraced in that location.

"You see fraud move around the world. As it's solved in one place, it moves on to another market. Choosing the best standards is what keeps customers safe - and they needn't even know it's happening in the background. Sometimes you experience a kick back from your user base if their experience changes and so updating in the background is sometimes best," Nolte advises.

Changing roles of financial institutions

Looking to the future, Nolte says that banks could leverage their position of trust as well as their unique access to user data to become the custodians of our consumers’ digital identities.

"Banks play a significant role in consumers' lives. The trusted relationship between consumers and their financial institution means that banks are exceptionally well positioned to play a much larger role going forward. Instead of using my Google and Facebook to log in somewhere in the future, perhaps I can use my bank account, because that's where the anchor of my identity is," he suggests.

Nolte, like many in his industry, believes there is room for industry standards when it comes to fraud detection and prevention. There is no reason why the best authentication should be a competitive advantage when it could be an industry standard. However, he says while this becomes a reality, organisations should waste no time in taking action.

"The tools are there, there is no reason to wait for the industry to define what should be done. You can't be paralysed by worrying about how your customers will perceive the changes. Ultimately, if they are part of the solution and they know that they will be safer, they will be on board. The winning formula is to find someone to partner with who has done it before and done it at scale. Someone who knows the tech and knows what to expect. Even though fraudsters are constantly evolving and refining their techniques, we know that we can still make a massive dent in the damage they are doing. It's all about having the right partner," Nolte concludes.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

The year resilience paid off
Issue 8 2020 , Editor's Choice, Security Services & Risk Management
Hi-Tech Security Solutions spoke to Michael Davies about business continuity and resilience in a year when everything was put to the test.

More is less in cybersecurity
Issue 2 2021 , Cyber Security
Post-pandemic paradox: more solutions do not bring better protection. Despite 80% of organisations running up to 10 different protection and cybersecurity solutions simultaneously, more than 50% of them experienced downtime from data loss last year.

Ransomware and Microsoft Exchange Server attacks are surging
Issue 2 2021 , Cyber Security
Check Point Research sees global surges in ransomware attacks, alongside increases in cyberattacks targeting Microsoft Exchange Server vulnerabilities at a time where CISA has raised the alarm about ransomware attacks against Microsoft Exchange servers.

Malware disguised as meeting apps spiked by 1067%
Issue 2 2021 , Cyber Security
Atlas VPN analysis reveals that cyber threats disguised as videoconferencing applications jumped by 1067% in a year. The data analysed was provided by Kaspersky.

Free technology to boost future careers
Issue 2 2021 , Cyber Security, Security Services & Risk Management
A global shortage of cybersecurity professionals has become so severe that companies are increasingly at risk from hacking and industrial espionage.

IoT malware attacks worldwide surge by 66%
Issue 2 2021 , News, Cyber Security
Based on the ‘Global Cyberattack Trends’ report by SonicWall, in 2020, malware attacks on IoT devices spiked by 66% compared to 2019. In a year, they grew from 34,3 million cases to nearly 56,9 million.

New security frontiers: An opportunity to rewrite the rules
Issue 2 2021 , Cyber Security
Paul Crichard, chief security technology strategist, BT, explores how organisations can reimagine their security for the cloud, turning it into an enabler for better ways of operating.

Seven simple steps to keep your SME cyber-safe
Issue 2 2021 , Cyber Security
Cybersecurity experts at ENHALO, a full-circle cyber defence group, understand the cyber-challenges facing the SME owner; here are seven simple steps to keep your SME cyber-safe in 2021.

Dealing with farm attacks
Issue 2 2021, Technews Publishing , Editor's Choice, Integrated Solutions, Security Services & Risk Management, Agriculture (Industry)
Brutal farm attacks are unfortunately a common event in South Africa. Laurence Palmer suggests a proactive, community-based approach as the optimal way to prevent these heinous crimes from happening in the first place.

Snyk launches in South Africa
Issue 2 2021 , News, Cyber Security
Snyk provides a platform to secure all of the critical components of today’s cloud native application development, including the code, open source libraries, container infrastructure and infrastructure as code.