As fraud landscape evolves, so must your response

As fraudsters become more sophisticated, prevention requires complete visibility, says Rashmi Knowles, chief security architect, Europe the Middle East and Africa, at RSA, the security division of EMC


Cyber criminals are more organised than ever. Using online services to commit fraud, known as fraud-as-a-service, opens up the most advanced threat technologies to a wider base of fraudsters.

Because of this your fraud strategy must continuously adapt to protect your customers and digital assets, but that is only half the battle. Consumers demand fast, easy access to accounts, products and services, and do not want their experience interrupted. Any successful strategy must balance an organisation’s security requirements with the need for convenient user access. Organisations must aggressively rethink traditional notions about what constitutes a threat and how to defend against it intelligently.

Gil Shapira, worldwide general manager, RSA Fraud and Risk Intelligence, says: “Fraudsters are constantly changing their techniques, and customers change their online behaviour, which limits the ability of traditional fraud strategies to detect evolving threats and their impact.”

To differentiate a genuine customer from a criminal requires an overview across the entire online consumer life cycle from pre-login through transactions to post-login

Protecting customers

Gaining broader visibility into your entire online user life cycle as well as shared intelligence around the latest threats is essential, allowing extended analysis of the behaviour of humans and devices so that fraud patterns are quickly detected. As a result, only high-risk activities are interrupted and the normal user’s security experience remains transparent.

An intelligence-driven fraud prevention strategy is multi-faceted, spanning user behaviour, device fingerprints, known fraudulent entities and threats from the underground. To differentiate a genuine customer from a criminal requires an overview across the entire online consumer life cycle from pre-login through transactions to post-login.

Your solution must work seamlessly across all channels. It must provide expanded choices for integration with new and existing services and technologies, especially when it comes to step-up authentication. You not only need to understand your risk tolerance, but the appropriate security for the digital channel used by your customer. You must also be able to correlate cross-channel activity for login and transactions. For example, if a customer makes a transaction on their laptop followed shortly afterwards by another from a mobile device in another country, this should be flagged.

There are three things organisations should do now to adopt an intelligence-driven fraud prevention strategy.

First, gain broader internal and external visibility to evaluate risk and cyber-crime threats across all online digital channels.

Second, extrapolate insight from the data to understand normal-state behaviour to spot, investigate and root out anomalies that indicate threats based on your unique risk profile, and immediately see which threats are most damaging.

Third, responding to malicious anomalies designates the right corrective action to mitigate the specific threat and enforce controls to initiate a remediation process and operationalise the response.

We’re finding organisations that use our fraud and risk intelligence solutions gain visibility into shared intelligence on emerging attacks and threats. They can analyse interactions and transactions to detect anomalies that indicate threats quickly, and take corrective action based on custom-defined threat levels to reduce losses from fraud and undetected breaches. This approach is well positioned to address the ever-changing threats of today and anticipated threats of the future with minimal interruptions to your consumers digital channel experience.

Follow us on twitter: @RSAFraud

Take a journey through a Decade of Fraud and Cyber Crime: http://www.emc.com/microsites/rsa/timeline/index.htm

Combat fraud with an intelligent driven strategy: http://www.emc.com/video-collateral/demos/microsites/mediaplayer-video/combatting-fraud-threats-intelligent-security-rsa.htm