The evolution of fraud and emerging trends to watch

How is fraud different than 10 years ago?

It’s almost impossible to even compare, as fraud continues to evolve almost literally by the hour. What’s important to understand is that fraud today is highly sophisticated. That said, fraud ten years ago was sophisticated as well, but only in context. Fraud has always been able to push the boundaries of technology, and everyone fighting fraud has historically always been one step behind. That was certainly the case ten years ago. So what’s really changed today, is that for the first time, we have the means to get ahead.

Yet even as our fraud fighting methods have evolved, so has fraud itself. Bots enable fraudsters to act at almost unimaginable scale. The amount of valuable personal and financial data now stored and accessible online represents almost unlimited opportunity to fraudsters pursuing profit through criminal means, and with the wide-ranging tools and techniques they now have at their disposal, the potential for disaster is much higher and much worse than it was a decade ago. This is why fraud prevention has to change. Reactivity is no longer viable. You can’t just try to minimize losses after the fact. Incremental steps are too little, too late. Therefore, significant change in how we address fraud is required.

How will fraud attacks evolve in the future?

Fraudsters are omnivorous when it comes to technology. They’ll use anything they can if it helps their criminal efforts. Their motivations don’t change – they want to steal our money and profit off our data. But their techniques and strategies evolve quickly. Quicker even than ours do, because they don’t have to follow the rules.

In the future, attackers will continue to do the following: 1) They will continue to breach various databases in order to steal customer data, and 2) They will continue to exploit new and innovative technologies for their own criminal purposes.

The end result is that vulnerability is virtually a given, and simply trying to put up stronger walls is not the answer. Response speed isn’t always the answer either – no matter how quickly you respond to an attack, the fact of the matter is, you will still be behind.

There is only one real answer: proactivity. We simply have to see attacks when they’re forming and stop them before they can launch and have an impact. Only in this way can we actually prevent losses from occurring. So we have a choice, and in either case, we proceed from the same assumption – that any online platform that represents value to a fraudster is vulnerable to attack. As to how we deal with this, we can either try to limit the damage by putting up stronger defenses and prepping for quicker response times, or we can stop the attacks from causing damage in the first place. The latter is the only viable way forward.

Despite Machine Learning (ML) solutions, we still see a lot of fraud attacks; why is the current approach not always working sufficiently? How can banks approach this problem differently?

Most existing machine learning solutions are still inherently reactive. They depend on training data and historical labels. This approach is both reactive and incremental, and with it, it’s difficult to truly match – let alone exceed – the speed of modern fraud.

These traditional approaches also have a kind of sacrificial quality to them, in that there are always many early victims before a solution is implemented. Given the potential scale and scope of criminal activity we’re now talking about, we just can’t proceed like this. The magnitude of damage we’d be accepting as a given is just too great.

So how do you defend against new and evolving types of attacks?

What this all comes down to is the ability to foresee unknown attack types while there is still time to prevent reputational and financial loss. This is not as impossible as it sounds. Even as attack types evolve, digital footprints are still created. With advanced unsupervised machine learning (UML) capabilities, and the ability to deploy account-level detection solutions, we have the means to reveal those footprints and expose the activity that foreshadows an attack. That makes it possible to neutralize attacks while they’re still forming.

With UML, we can analyze data holistically. We can surface correlations between accounts and actions that would go unnoticed if viewed in isolation. We can connect the dots between global events to reveal patterns that clearly indicate coordinated activity. By embracing and enabling account-level detection, we can potentially be even more proactive. With account-level detection, we can go into action the moment a legitimate account is compromised, or a fake account is created – and in both those cases, we can act before the accounts are used in an attack. That’s what we mean by proactive fraud prevention – stopping attacks before harm is caused.

Will Open Banking trigger a new era of fraud?

I think it’s not so much that it will trigger a new era of fraud, so much as that it affords fraudsters another set of potential vulnerabilities to try and exploit. The cat-and-mouse game is always evolving, and as new technologies are developed and new platforms emerge, fraudsters adapt to try and take advantage, and we adapt to prevent them from doing so. Open Banking will certainly open up a new front in the battle. For one thing, Open Banking allows banks to be more interconnected with new types of social commerce. In China, for instance, WeChat provides payment functions and is integrated with banks, and mobile payments are accordingly very popular. From the convenience perspective, this is good for consumers, as it enables them to do more, in less time. At the same time, this shift will inevitably introduce new types of fraud patterns that banks are not familiar with, and historical use cases will not apply to these new events, so the old solutions will not work like they used to. This is just one example of why reactive approaches do not suffice.

If we’re to really protect businesses – and their customers, and their data – we have to do better than reacting after the fact. We have to aggressively take the upper hand, and stop fraudsters before they can unleash their attacks.

About Yinglian Xie

Yinglian Xie is CEO and Co-Founder of DataVisor, a Silicon Valley-based technology company providing advanced fraud management solutions powered by artificial intelligence. Prior to founding DataVisor, Yinglian worked at Microsoft Research. Her focus was on advancing the security of online services with big data analytics and machine learning. Yinglian completed both her Ph.D. and post-doctoral work in Computer Science at Carnegie Mellon University, and currently holds over 20 patents in her field.

About DataVisor

DataVisor is the leading fraud detection company powered by transformational AI technology. Using proprietary unsupervised machine learning algorithms, DataVisor restores trust in digital commerce by enabling organizations to proactively detect and act on fast-evolving fraud patterns, and prevent future attacks before they happen. Combining advanced analytics and an intelligence network of more than 4B global user accounts, DataVisor protects against financial and reputational damage across a variety of industries, including financial services, marketplaces, e-commerce, and social platforms.