January 10, 2019
Every day huge amounts of data are generated from siloed, single-purpose solutions. As a result, many organizations find it extremely difficult to identify relevant patterns and signals across various data sets that could point to either fraudulent online behavior or indicate a security breach. In many cases, organizations simply fail to connect the dots. Security breaches often go undiscovered for months, yet it takes only minutes for a victim’s identity credentials to be compromised.
The Whole is Greater than the Sum of its Parts
Innovation continues to drive change as tech-savvy consumers demand a new caliber of online experience that is consistent with the rapid digitization of most industries. One of the major side effects of this phenomenon has been the exponential rise in fraud and web security risks. To mitigate these risks, companies commonly make significant investments in single-purpose fraud and security solutions. Unfortunately, these solutions are optimized to detect a specific threat vector which provides one dimensional information. Furthermore, companies often departmentalize functions or skills to quickly address seemingly unrelated fraud and security incidents.
Departmentalization often results in segregation, duplication, and confusion over fraud and security risk mitigation. Recent data breaches demonstrated the vulnerabilities of single-purpose solutions and departmentalization as cybercriminals continue to exploit the lack of oversight, visibility, and accountability within organizations.
Every day huge amounts of data are generated from siloed, single-purpose solutions. As a result, many organizations find it extremely difficult to identify relevant patterns and signals across various data sets that could point to either fraudulent on-line behavior or indicate a security breach. In many cases, organizations simply fail to connect the dots. Security breaches often go undiscovered for months, yet it takes only minutes for a victim’s identity credentials to be compromised.
Consumer digital footprints are complex and multifaceted, meandering across channels, locations, and devices as a user transacts and interacts throughout their day. As industries transform to meet new consumer expectations and global complexities, fraud prevention and IT security are becoming intertwined in new and synergistic ways. Success in both worlds relies on being able to manage, understand and respond to a single view of the consumers’ digital identity by using behavioral analytics and real-time data.
Connecting Fraud and Security Dots for Better Decisioning
Cybercrime is more automated, organized and networked than ever before. The growing sophistication of cybercriminals is evident in the evolution of attacks and the use of advanced tools, such as malicious programs, that allow criminals without technical skills to deploy computer ransomware or perform video or audio eavesdropping with a mouse click. Cybercriminals outsmart many traditional security solutions as they mimic legitimate users and no longer appear malicious. Rather than attacking from a single IP address, cybercriminals may vary their IP address with different attack patterns. Instead of using exploit code, cybercriminals leverage stolen credentials to bypass security controls, steal confidential information, commit financial crimes, and disrupt operations, all without detection. Here are a few examples of how leading security controls fail to detect cybercriminals.
- Distributed Denial of Service (DDOS) technologies rely heavily on IP velocity filters and IP reputation that are easily defeated. This gets worse especially when cybercriminals attempt to access accounts just by trying a single stolen username and password on thousands of websites. Furthermore, cybercriminals attempt to evade detection by adjusting their individual bot traffic to fly under the radar of traditional rate control detections. For example, an individual bot might generate a handful of attempts to target a single website or organization by trying just a few username and password combinations. This approach allows cybercriminals to test at undetectable rates over weeks or months, potentially leveraging a plethora of bots to carry out high volume attacks against multiple organizations.
- Web application security systems (WAF)s were invented to protect against insecure code such as cross site scripting and SQL injection attacks. WAF looks for special strings of input, such as special characters and sequences of characters because these are often confused as web execution code by the web application server. Simply put, WAF were built to address web security issues, but fail to identify cybercriminals masquerading as legitimate users.
- Two-factor authentication can be defeated by trojans, man-in-the browser and man-in-the-middle attacks. One-time password (OTP) via SMS messages can be intercepted by malware that has infected a person’s device. Two-factor authentication essentially lacks insight into the user’s device and assumes that the user’s actions are what the user intended. The solution does not account for the fact that legitimate users can carry out actions that they did not intend to.
- Antivirus works by detecting signatures of malware and viruses. However, cybercriminals can evade signatures by altering code before it is assembled to machine code to make the virus look different. Essentially malware authors test their trojans and viruses against common antivirus solutions to ensure that the code cannot be detected before using it.
- Static identity verification methods are often cleared when stolen user information is compared to legitimate data from external bureaus. As more identities have been breached, static information alone becomes ineffective.
While traditional security controls have blind spots, the challenge is not the lack of features but the lack of integration. Single-purpose solutions when used alone are more brittle and susceptible to being attacked individually by cybercriminals. The key is to leverage the collective knowledge of fraud and security systems to make better decisions against threats.
Cybercriminals will continue to bypass existing controls and protections if fraud and security solutions remain siloed. Organizations that focus on digital identity can deliver a more holistic and structured approach to threat management. Understanding digital identities and online personas offers an umbrella of protection against fraudsters and fraud rings attempting to pierce siloed security solutions.
The goal is to support a unified view of risk across the fraud, security, risk, compliance, and customer engagement departments and to assess risk across all digital channels and consumer journeys. Monitoring and managing digital identities and personas in real time is one way to achieve this. Understanding the digital DNA of users and their unique online footprints introduces the concept of “trust”, which can be leveraged in very powerful ways.
Knitting together trusted digital identities creates a wall that is impervious to fraudsters. Since the digital footprint of a fraudster is typically markedly different from a trusted user, fraudulent behavior becomes far easier to detect by leveraging digital identities.
Holistic Protection Against Fraud and Security Risks
One of the best ways to tackle complex, global cybercrime is using a global shared network that provides insight into the digital identifies of connecting users.
The unique digital identity for each user should be synthesized by analyzing the myriad connections between devices, locations and anonymized personal information and threat. Behavior that deviates from the trusted digital identity needs to be accurately identified in real time, alerting businesses to potential fraud. Suspicious behavior needs to be detected and flagged for manual review or rejection before a transaction is processed.
The solution should provide insight into connecting users and a platform to execute decisions on.
Digital Identity Insight
Three key data points define digital identity across all device platforms. These can be summarized as:
Device identification, device health and application integrity.
Incorporating anonymized, non-regulated personal information such as user name, email address and more. Defining a pattern of trusted user behavior by combining identity and transactional metadata with device identifiers, connection, and location characteristics.
Detection of malware, Remote Access Trojans (RATs), automated bot attacks, session hijacking and phished accounts, combined with global threat information such as known fraudsters and botnet participation.
A framework enabling custom integrations of external signals that provides a consolidated view of the user across all digital touchpoints and lifecycle. The solution needs to address the continuous and evolving need to test and integrate new and niche intelligence feeds, signals, and authentication methods with disparate or legacy security solutions. It should enable organizations to connect the dots from their existing fraud and security solutions, providing a holistic view of legitimate and malicious users. The platform needs to help preserve prior and future data investments and help organizations make faster, smarter fraud decisions with clear, decisive action. The platform should contain the following key functions:
Leveraging advanced behavior capabilities is key to understanding legitimate user behavior and enabling more accurate detection of genuine fraud. For example:
• International transfers that exceed a financial value threshold and originate from new account holders needs to be labeled as ‘high risk’.
• The solution should be able to perform behavioral analysis of a business’s customers during periods of normal operation and compare such data to that gathered during a Slow-Rate bot attack. This allows differentiation between a human and a bot the moment they land on the site.
Unite fraud and security tools with prepackaged third-party services such as authentication and verification products. The complete solution should validate transactions in real time, setting alerts for manual reviews, or triggering downstream processes such as fulfillment, ticketing, and other CRM-related activities for trusted transactions. For example:
• Create tailored rules around any data points from third-party data sources. The solution should have the ability to incorporate a third-party threat score or threat classification, with a rule that detects any transaction that exceeds a specific value. This allows businesses to incorporate their own tolerance for risk.
- Decision Science
The solution needs to enable continuous decision optimization. Case management tools should be provided to enable a smarter, more integrated way to handle increasingly complex caseloads with shrinking resources.
As fraud and security risks converge, organizations are becoming exposed to threats that can fall between the cracks with siloed solutions. Many organizations are unable to connect the dots because each individual solution only provides a piece of the puzzle. Fragments of data from fraud and security solutions lack in-depth information to provide deep insights into the true risks organization face.
With digital identity, fraudulent behavior becomes far easier to detect, as the digital footprint of a fraudster is often markedly different from a trusted user. This enables fraud, security, risk, compliance, and customer engagement departments to have a unified view and risk model of a user across all digital channels and lifecycle and engagement. Leveraging the power of digital identities to establish trusted behavior unique to each user is the best way to rout out fraudsters and hackers while stopping good customers and users from getting caught in the net.
Cybercriminals will continue to bypass existing controls and protections by exploiting the gaps between siloed solutions. While numerous security measures are needed to protect an organization, combining information from all available sources to determine if users are who they claim to be is perhaps the most important.
Organizations need a more comprehensive way to evaluate risks due to evolving cybercriminals who can attack at a critically controlled level, access complete stolen identities, and hijack legitimate login sessions to look like trusted customers.
Leveraging a platform to combine information from various sources of siloed solutions and data ensures both fraud and security issues are better detected, orchestrated, and acted upon. This pragmatic approach helps organizations identify both risks and opportunities allowing organizations to grow and protect against monetary and brand damages.