Duncan Ash, Global Industries, Vice President at Confluent
Financial crime in the UK is climbing. Research from Ofcom has found that almost nine in 10 adults (87%) in the UK have stumbled across some form of scam online; two in five (42%) have lost money to them.
Most of these scams revolve around fraud, with many encountering impersonation fraud (51%), software service fraud (37%), and identity fraud (24%). And while you’d assume that most businesses could identify these fakes and protect their customers accordingly, this is much trickier than it sounds.
Take a simple transaction: a single-fund transfer to a payee that hasn’t been registered before.
There’s nothing inherently suspicious about this, but any fraudulent actor should trigger a warning. If they’re logging in from a device in one location but have been recorded as using multiple IP addresses that don’t match that location, for example, a red flag will be raised.
Doing so demands the real-time analysis of personal and financial data. The teams obligated to tackle fraud need to be able to manage multiple data elements, often in real time, if they’re to defend customers from cybercrime. Without that data, cybersecurity and fraud teams are hamstrung.
If companies can’t run comprehensive threat intelligence, the risk of false positives is far higher – while helping competent cybercriminals to fly under the radar. And with new payment methods, communication channels, and financial service providers arriving every year, the number of attack surfaces for bad actors is increasing.
Many businesses use quantitative analysis to try to drive down false positives. But this relies upon statistical models and rules, which are, again, most effective when based on real-time data. Businesses that lack the robust data infrastructure to provide this are likely to be the ones in trouble in the first place.
The same goes for tools that integrate artificial intelligence (AI) or machine learning (ML). The algorithms within may be incredibly fast – but they’re dependent upon the quality of data upon which they’re built.
Seeing the wood for the trees
The thread of steel here is clarity. Fraud and cybersecurity teams are struggling to identify exactly what they’re dealing with in time to act.
This is complicated further by the increasingly blurry lines between cyberattacks and fraud. Phishing – the acquisition of personal data to gain access to finance – is a common example. Is it fraud, a cyberattack, or both?
As a result, many businesses have failed to adapt to the challenge. Despite the convergence of fraud and cybercrime, the teams responsible for handling these issues continue to function as individual departments.
This leads to massive inefficiencies. The two teams will have different access, and understanding, of datasets that can duplicate or entirely omit data points available to one but not the other. Attempts to correct this are hamstrung by both a lack of visibility, and the use of differing platforms or tools in each department.
If organisations are to meaningfully tackle the threat of fraud, they cannot allow cybercriminals to continue to divide and conquer; they need a centralised, coordinated response.
Two become one
As such, businesses would be wise take the strengths of the cybersecurity and fraud departments and combining them into something new: the fusion centre.
Cybersecurity teams will usually have prioritised investment in Security Information and Event Management (SIEM) solutions that are designed to make the most of unstructured data to investigate and resolve incidents. They can identify important occurrences amidst a sea of complex, illegible data. But what they can’t really do is extract and share those insights elsewhere.
Fraud teams, meanwhile, will typically place much more emphasis on tackling transactional, structured data – primarily from the company’s own databases. They can’t tackle swathes of unstructured data as SIEM systems can, but they’re much more effective at extracting insights from good-quality datasets.
When combined, the two negate the weaknesses of the other. They can take vast swathes of data and identify the key datapoints within. And with one team reading from the same hymn sheet, it’s possible to rapidly launch a coordinated response to the challenge.
The fusion centre offers the potential for a genuinely 360-degree view of any fraudulent transaction. So, how do we start thinking about establishing one?
Teamwork makes the dream work
The logistics of the fusion centre will be complex, but adhering to some simple principles will create the right foundation.
The process starts by deconstructing the barriers between the two teams. This usually means re-establishing the roles and responsibilities to fit a one-team approach and dispensing with any obsolete tools or software in favour of the solutions that fit the new team’s remit.
In the best-case scenario, organisations will be able to use the fusion centre as the place to centralise data from the mainframe, from its ledgers, and from existing databases – including security data from outside the business, such as watchlists. This data can then be combined with the unstructured data sources being parsed by the cybersecurity side of the fusion team.
A platform approach is often the most pain-free method here to establish a ‘Single Source of Truth’ – an environment into which you can introduce one data source at a time, visible to everyone.
This also demands something of a cultural shift. There will inevitably be increased control and responsibility in some areas, while reductions in others – which doesn’t always go down well for those with less agency than before. This will be unique in every organisation.
Possessiveness, or bad relationships between the two teams, simply cannot be tolerated. Indeed, collaboration is incredibly important to properly understanding the data and processes being introduced, which will be new to many team members.
All these directions speak to a noble goal: everyone in the business pulling together to protect consumers from becoming the victims of bad actors.
If we’re willing to rethink the way in which we protect our businesses and our customers, and prioritise working together above all else, we put ourselves in the best possible position to help people.
, software service fraud (37%), and identity fraud (24%). And while you’d assume that most businesses could identify these fakes and protect their customers accordingly, this is much trickier than it sounds.){kind=link}