Advice from a CISO : How to beat the Fraudsters
Blog: Capgemini CTO Blog
CISOs are the business leaders everyone is talking about. But what do they have to say? Mike Turner is Chief Information Security Officer at Capgemini and shares his views.
Whether you work for an investment bank or a high-street retailer, you have to ask the same question hundreds, maybe even tens of thousands of times a day: Is this transaction passing through my systems legitimately, or is there an attempted fraud taking place?
Fraud costs the global economy £3.55 trillion ($4.65 trillion) every year, and rather than getting easier to track, it is getting more complicated. Detecting fraud has traditionally been a matter of identity validation and risk assessment. This takes time and adds steps to the transaction process. It is a simple problem that’s very tricky to solve: while the transactee wants the process completed as simply and quickly as possible, the processor carrying the financial risk needs to validate their ability to pay.
Businesses have for decades created rules to mitigate the risks of fraudulent activity, but with transaction numbers rising and high customer demand for instant decisions, manual intervention in every transaction has been impossible for some time. Previously, processors have used authentication steps to validate cardholders, using protocols such as 3-D Secure. Yet these methods do not assess behaviour, they simply confirm the individual holds the right credentials.
But the rigidity of a rules-based approach is fast becoming an Achilles heel. One of the reasons fraudsters are successful is because of their ability to adapt, and organisations are continuously playing catch up. The sheer volume of transactions makes it impossible to make individual decisions while maintaining a speed that won’t frustrate or deter customers. That’s why many organisations are turning to automation to balance speed with security.
Artificial Intelligence is now helping to level the playing field. Financial institutions have long been the battering ram when it comes to detecting fraud and they are leading the way by using AI to process huge amounts of data and identify risk factors in a way that can automatically modify the rules, or rather algorithms, to identify fraud. Machines are learning from fraudsters and adapting to their changing behaviour.
There are lots of ways fraud can take place, and they vary across vertical markets, too. It can be external or internal, or committed by someone with legitimate credentials, and depending on the aim of the fraudster have countless nuanced methods. So, how can the banking approach be relevant?
In the past transactions were processed by rules, but rules need to be defined, which is where artificial intelligence steps in. You can understand what a legitimate transaction looks like, by examining the behaviors of the people taking part. For example, you can tell whether a human or a machine is entering user credentials, because the key strokes happen in a particular way. Furthermore, humans will browse a supermarket website in a different way to a bot.
With cognitive learning, you can analyse data and see what the abnormal patterns look like – setting rules based on those patterns. This can all happen without a human in the loop slowing down the process: you can cater for millions of scenarios, becoming more agile in your fraud detection.
Elsewhere, sectors such as insurance are using AI to crosscheck claims from multiple sources. On trading floors, AI can monitor the behaviour of traders the way they manage their portfolios. Each of these examples have very different requirements, but the basic approach is the same, using technology to identify patterns, then building algorithms that can be adapted in real-time to trigger processes designed to mitigate risk. In the future, quantum computing will allow us to process billions of transactions in the time it takes to process thousands now. Those gains in speed will enable more analysis, faster identification of trends, and better real-time risk mitigation.
Criminals are working tirelessly to make their activities look legitimate. They will also always look for the easiest way to defraud and for the most vulnerable targets. It is time to think about how you currently assess fraud risks in your business, and whether Artificial Intelligence has a role to play in stopping your company and customers becoming a victim.
First published in IDGConnect