a good thing!
Software vendors often present their technology as a magic solution that will keep companies one step ahead of fraudsters. But companies’ counter fraud teams know it’s not that simple.
To start, digital commerce systems and processes are inherently complex. In any complex system, there will always be vulnerabilities that fraudsters can exploit. And until those vulnerabilities are discovered, there is no way to mitigate them.
Secondly, these systems must constantly evolve to meet changing customer needs; whenever a change is made, there’s a risk of introducing new vulnerabilities.
Lastly, fraudsters are continually probing these systems to find the slightest weakness.
So, is the idea of a counter fraud strategy then a myth, or is it something realistically attainable?
Even the most hardened counter fraud professional would admit that some of the fraudsters’ methods are extraordinarily sophisticated and ingenious, and it’s impossible to predict where the next attack will come from. That’s why the idea of staying “one step ahead” of the fraudsters is generally unrealistic.
In practice, the objective is to ensure that fraud detection stays one step—and no more than one step—behind. Defense teams should be snapping at fraudsters’ heels like a pack of bloodhounds, minimizing the opportunities to capitalize on newly uncovered exploits.
This is the same reason why so many professionals are skeptical about the idea of a counter fraud strategy altogether. The whole landscape is so fast-moving that by the time an organization has defined, agreed and implemented its strategy, new threats may have emerged that make it irrelevant.
However, this is a slightly reductive view. Certainly, if the strategy is defined in narrow terms, specifying the types of fraud that it will guard against and the tools and techniques it will use, rapid obsolescence is almost guaranteed. But if the strategy focuses on higher-level principles rather than implementation details, it can help the business make smarter decisions about the best approach to detecting, preventing and managing fraud.
For instance, a high-level counter fraud strategy can help to educate senior management about the importance of investing in counter fraud measures and the consequences of failing to make that investment. We’ve seen numerous examples of online merchants that decide to prioritize customer acquisition and revenue growth over fraud prevention without understanding that there are real dangers in this stance. These businesses typically rely on major credit card processing networks to handle customers’ payments and most of these networks set a threshold of around 1% for chargebacks related to fraud. If this limit is exceeded, the penalties and restrictions can be severe—or even terminal—for the merchant.
Rather than committing to a specific set of tools and techniques, a well-defined counter fraud strategy can outline the general principles for adopting, maintaining and reinforcing counter fraud measures through technology. A key point here is that this is an arms race; as fraudsters come up with new exploits, researchers and software companies develop new countermeasures. So, a pragmatic counter fraud strategy will emphasize the need to stay up to date through continuous investment in both new technologies and people with the skills to apply them.
Another important principle is that new counter fraud tools should not replace existing tools—they should be used to augment them. When automotive manufacturers began installing airbags in their vehicles, they didn’t remove the seatbelts because cars are safer when they have both. Similarly, new machine learning-based approaches to fraud detection should be used to reinforce existing rule-based approaches and human investigation to provide a comprehensive toolbox to combat all types of fraud.
As a concrete example: When our clients deploy PingOne Fraud, they’re strengthening their existing counter fraud measures, not superseding them. They may already have powerful predictive risk models that help them detect fraudulent transactions during the checkout process—and these models should remain in place.
PingOne Fraud adds an extra layer of protection by using biometrics, device and network data and machine learning to identify trusted customers based on their behavior as they log into their account and browse your website. By combining Ping’s behavioral analysis with traditional transaction-level fraud detection models and many other techniques, counter fraud teams can get a much more holistic picture of their users and identify suspicious activity faster and more accurately.
By enshrining these high-level principles in your organization’s counter fraud strategy, you can help your business make smarter decisions about how to prioritize and where to invest, setting realistic targets and keeping fraud prevention front-of-mind for senior decision-makers.
To learn more about how Ping Identity can help you map out your counter fraud strategy and adopt the latest technologies to keep fraudsters at bay, check out PingOne Fraud.