Through the GRC Lens – January 2020
- IT Risk & Cyber Risk
- 14 February 20
Introduction
Over the past decade, fraud has evolved to become more sophisticated and systemized. Thankfully, innovations in technology now enable businesses to better combat fraud. But there’s a catch. Modern technologies also present new opportunities to cyber criminals, making fraud harder to detect and easier to commit. This raises the question – is digitalization making fraud easy? Find out ‘Through the GRC lens’ – January 2020.
_____________________________________________________________________________________
Frauds are on the rise
Frauds are increasing every year at an alarming rate. The Federal Trade Commission received more than 3.2 million reports of fraud in 2019. The 2020 Global Identity and Fraud Report reported significant indications that business concerns around rising fraud persist, with nearly three in five businesses concurring that fraud has increased exponentially in the past 12 months.
Along with this increase is sophistication, scammers are also beginning to get extremely creative with their attacks. We recently witnessed the first case of CEO voice fraud using AI. An energy company in Germany, was cheated into allowing unauthorized transactions by mimicking the voice of its real CEO, reproduced using an AI software based on ML, to mislead the head of a UK subsidiary to transfer $220,000. The company managed to recover the amount later because it was covered by fraud insurance.
In another incident, PayPal users in the UK lost over £1 million to fraudsters in the last quarter of 2019, after being tricked by fake e-mails. E-tailers of electronics, vehicles, phones, and household furniture via online marketplaces, received an email allegedly from PayPal, asking for verification of a payment received for an item purchased. The fraudsters then sent a follow-up email asking for the tracking number, pressurizing the e-tailer to ship the item, without verifying his PayPal account, or the authenticity of the email, in order to provide the tracking number as requested. The clueless victims reported losing a total of £1,121,446.
Media stories such as these only go to show how fraudsters are continuously improvising scamming methods, often facilitated by developing technology.
Technology to Combat Fraud
Innovations in Artificial Intelligence (AI), Robotic Process Automation (RPA), Machine Learning (ML), and Blockchain, are helping businesses adapt to changing behavior and predict anomalies quicker than traditional tools. For instance, Highmark Inc.’s Financial Investigations and Provider Review (FIPR) department leveraged artificial intelligence to generate over $260 million in savings associated with fraud, waste, and abuse in 2019, reported Health IT Analytics.
According to the Association of Certified Fraud Examiners (ACFE) inaugural Anti-Fraud Technology Benchmarking Report, the amount organizations are expected to spend on AI and machine learning to thwart online fraud, is expected to triple by 2021.
Digitalization – creating a new spectrum of ‘smart’ fraud?
If technology has opened new doors for combating fraud, it has also allowed new and more pervasive forms of fraud to enter. Today, with the pace of technological advancements, it appears to be getting surprisingly easier to commit fraud.
Today fraudsters use sophisticated techniques to increase their success rate with high-quality attacks that circumvent bot-detection tools to enable greater efficiency with automated attacks. One such incident involved replicating human behavior such as faking human typing patterns.
And while technology can help predict an attack, a recent article by Payments Source, differentiated between basic and sophisticated attacks, pointing out that, “smart attacks work by using techniques that mimic human behavior and, by doing so, reduce the chances of being detected by bot-detection tools.”
“Expect criminals to increasingly utilize deepfakes to target the C-Suite and PSP’s authentication procedures to commit financial fraud.”, stated a recent article on Paypers, adding, “SMS spoofing impersonates a trusted party such as a PSP as the sender of an SMS message, that appears to be from their banks but is actually from fraudsters and acts out instructions believing to be from their PSP.”
How can organizations be better protected?
A recent report from Kount and Javelin, ‘Protecting Digital Innovation: Emerging Fraud and Attack Vectors’, revealed that the risk of fraud slows innovation across industries. However, fraud prevention strategies transcend industry, enabling different businesses to learn from each other and adopt similar fraud mitigation strategies and tactics when innovating their products and services.
As HelpNet security highlights, “digital innovation and the corresponding increase in revenue will never reach their full potential, without integrating suitable fraud prevention initiatives.”
Recent cases of fraud and social engineering are indicators of what fraudsters can achieve with technology. But even if these criminals try to stay one step ahead of their targets with technological advancements, organizations need to invest in the next generation of automated fraud risk management measures to ensure safety.
According to the 2020 Global Identity and Fraud Report, “…fraud prevention efforts are aimed at stopping fraud and reducing losses. But an effective program also makes it easier for your good customers to do business with you…It starts with moving away from a one-size-fits-all approach.”
To prevent fraud, preparation is key. By taking a holistic approach, employing tools that increase visibility into cyberattacks, and red-flagging unusual activity and behavior, with the right controls in place, organizations can identify anomalies before they occur, rather than after the damage is done.
