Finding and Fighting Fraud: Calling Out the Fakes Around Us

Next: Privacy, Regulation, and Data Fingerprinting
Previous: Cyber Fraud Summit: How to Fight Fraud by...
writer Munish W-P.
April 19, 2018

Art Coviello, the former CEO of RSA, opened his keynote to ISMG’s Fraud Summit 2018 with this profound, simple declaration: We are responsible for the proliferation of fraud because we permit it. Coviello discussed how technology “accelerated the pace and reach of fraud and fiction” and went on to connect the theme fraud to larger issues: Russian trolls and American politicians’ denials of simple facts. It was a powerful message that resonated with a lot of the audience. Although the conference only spanned one day, the speakers were both experts and experienced practitioners, so their insights were both hard earned and unique. Below are a few highlights of key takeaways from outstanding talks.

Jim Cunha of the Boston Federal Reserve highlighted that we, as fraud professionals, have to ask ourselves: how do you measure progress? We need to think along the lines of creating metrics that we can measure over decades. The fraudsters are constantly improving, and simply because the fraud moves to different channels, it doesn’t mean a reduction in losses. Collaboration is critical to outcompeting cybercriminals.

What are the insider threats of a fraud program? There isn’t a more dangerous adversary than one that knows the risk controls. Randy Trzeciak from CERT Insider Threat Center at Carnegie Mellon University explored the human factors of insider threats and the unpredictability of the audit and fraud detection process. For example, human resource choices can disenfranchise employees: “Good managers of technology aren’t always good managers of people.” Trzeciak insightfully identified that cultural and other factors can create a permissive environment for insiders. He concluded with an approach that we at Terbium share: “Building a risk profile is key to understanding how to deploy resources.”

Troy Leach of the PCI Security Standards Council educated the crowd about new and emerging standards within the payment ecosystem. Opportunities and challenges stem from innovation, as long as we understand how standards have changed; back to Cunha’s point, our effectiveness is a function of what we measure. Other talks covered the emergent threat of synthetic identities and signatures of behavioral analytics—for instance, how keystrokes can leave a clickstream of suspicious activity that reveals intent—to the proliferation of fake account creation, and how loyalty programs can be used to launder money and further amplify the impact of credit card fraud. Lastly, a number of talks touched on the “speed of security”—rather, that we depend on old security protocols for new technology. Very simply, today is a different environment, and requires updated data protection.

After a day of conversations and talks, little question remained in our minds that we are on the right pathway, focusing on the combination of automation, analytics, and partnerships. As we face today’s and anticipate tomorrow’s challenges, more of Coviello’s words resound: we need to stop being victims and have to call out fraud that we see in society each and every day.

RELATED ARTICLES
events September 06, 2018
Sharks and Shpiony: A Conversation with Andrei Soldatov and Irina Borogan, Authors of The Red Web

As part of our Black Hat programming this year, we had the distinct honor of hosting journalists Irina Borogan and Andrei Soldatov for an evening of discussion on security, surveillance, and the state of...

events August 30, 2018
Risk, Cyber Crime and Strategic Security: Highlights from Black Hat 2018

Members of the Terbium Labs team once again made the summer trek to Las Vegas for Black Hat USA in search of the latest developments in information security.