Is it time to merge your fraud and cyber teams?

The rise of highly skilled criminal gangs is a strong argument for cybersecurity and anti-fraud professionals to join forces, but there are other factors at play too

Gettyimages 645973167

During the Covid-19 pandemic, 3.2 million UK households bought a pet to stave off lockdown loneliness. Unfortunately, where that kind of cash goes, criminals usually follow. 

Pets4Homes, the most popular pet-classifieds platform in the UK, was soon besieged by fraudsters and cybercriminals keen to dupe would-be pet-owners. Axel Lagercrantz, its CEO, soon realised that the unprecedented consumer demand led to a spike in activity from sophisticated and multi-disciplined criminal gangs. 

This ranged from puppy smugglers and fraudsters marketing puppies that didn’t exist, to cybercriminals attempting to steal data. Despite the company’s interventions, the fraudsters would reappear on the site using different names and contact details. 

Lagercrantz decided to set up a 24/7 reactive team. Its brief was simple: to identify fraud and cybersecurity threats and, crucially, share that information around the business, with a focus on seamless, silo-free communication between the company’s risk-detection points. 

This team cross-checked IP addresses to confirm the vendors behind each advert did live at the address listed on their account. They then applied the banking industry’s Know Your Customer identity checks on pet vendors, with breeders required to provide a photo of themselves alongside a picture of their ID. Any new photo of a puppy was checked that the image hadn’t been stolen from elsewhere on the internet. 

Pets4Homes found it was consequently blocking more than 40% of all adverts, as attempts to place fake or misleading adverts increased by more than 300% compared with 2019.

Today, less than 0.1% of all Pets4Homes advertisers are flagged as problematic in any way, says Lagercrantz. “With every added layer of verification and security, we have seen a constant drop, not only in confirmed cases but also in attempts.”

What do businesses gain from uniting cyber and fraud teams?

This principle – that fraud and cybersecurity teams have been kept apart for too long – is one that other parts of UK plc would do well to discover for themselves. 

For instance, the financial services sector spends £22,000 every hour fighting fraud and financial crime. But with cyber crime and fraud moving in closer circles because of the rise of highly skilled crime gangs, this investment may be going to waste unless all the information about digital threats is shared effectively.

Anti-fraud and cybersecurity teams should therefore have transparent lines of communication, sharing their findings, workflows and resources. This should be the case across the three core threat functions – identification, monitoring and response – says Marit Rodevand, CEO and co-founder of Strise, an anti-money-laundering software used by banks across Europe. 

Rodevand explains that while the sensible application of AI can help to overcome any gaps in legacy technology, businesses should also constantly examine how and where risk information is shared among their teams. When a high-risk customer has been denied certain services by one department, it must be impossible for them to become a customer in another. 

“In larger organisations, a chief risk officer oversees these combined efforts and implements greater internal collaboration,” Rodevand continues. “Especially when a transition from siloed legacy systems is required, as this is often a complex barrier to integrating fraud and cyber departments.”

How to harmonise the two functions

Effective protection isn’t about blindly merging cyber and anti-fraud teams, though. Instead, teams should be encouraged to share information about threats by establishing a ‘cyber-fraud’ function, such as a regular meeting among key team members. So says Eliza-May Austin, the co-founder and CEO of cybersecurity consultancy 

“Equip them with a whiteboard and allocate two hours to see what unfolds,” she recommends. “Observe how these sessions benefit your business and how the people involved perceive the potential synergies. If this approach proves effective, consider making it a regular practice or explore the idea of a broader restructuring.”

You’d be surprised how effective a shared vocabulary can be

Quick wins, like applying shared terminology across teams, can ensure jargon does not get in the way of closer collaboration. “You’d be surprised how effective a shared vocabulary can be in achieving a common end goal,” says Rodevand. 

And businesses can unite fraud and cyber operations further by standardising risk-scoring across teams, says Rodevand. “This ensures that people are on the same page, so that risks are not duplicated. This can be easily achieved by assigning people with responsibility for overseeing these efforts.”

While not every potential fraudulent email needs to be reviewed by a cybersecurity expert, it is important that fraud specialists share their insights into emerging trends and scams with their cyber counterparts, says Austin. 

Is it worth keeping some barriers between fraud and cyber teams?

Removing some of the barriers between fraud detection and cybersecurity is not about forcing talented people to job-share or cover two functions at once, adds Austin. “Fraud analysis is an individualised process. It demands a dedicated and competent team capable of responding to anomalies in say, card usage, or detecting attempts by individuals to impersonate vulnerable relatives over the phone. Fraud focus remains on individual cases. 

“On the other hand, cybersecurity is a broad domain encompassing network security, endpoint security, infrastructure as code-based forensics, incident response, testing, detection and response, and engineering, among other aspects. Each of these areas requires a distinct skill set.”

Separation is also an important part of compliance checklists, which will likely vary across cybercrime and fraud departments. After all, a Know Your Business (KYB) checklist is different from a cybersecurity checklist, says Rodevand. “So implementing a centralised checklist would require employees to undertake checks that may not be necessary, draining time, money and resources.”

While treating cybercrime and fraud as a shared problem encourages teams to share operational expertise and have the same goals in mind, it’s worth applying skilled professionals wisely, says Austin. “There’s little value in deploying highly skilled cybersecurity analysts to investigate whether someone on a call was impersonating a relative to secure a loan. To the untrained ear, anti-fraud and cyber detection may seem similar, but they are fundamentally different in terms of their focus and required skill sets.”