The 29th Annual Global Fraud Conference took place last week in Las Vegas. Hosted by the Association of Certified Fraud Examiners (ACFE), the conference attracted a variety of fraud professionals: investigators, auditors, risk managers, and law enforcement officers.
THE EXPANDING REACH OF THE DARK WEB
Three themes emerged early, with keynotes from Bruce Dorris, President and CEO of ACFE, and from Rob Wainwright, the former Executive Director of Europol. The two presentations shared a focus on the overlapping issues facing both fraud and security teams.
1. Criminals are benefiting from technical advancements as much as organizations are. Technical advancements are allowing for faster payments and expanded user experiences, but these same advancements are giving fraudsters the opportunity to test out new, faster, more lucrative fraud schemes. “Fraudsters have to do their research,” said Iain Cottingham, Vice President of Orange’s group for Fraud and Revenue Assurance, during a panel on fraud risk management, “but they only have to get lucky once.” Once they find a scheme, they can build on it, repeat it, and share it with others in their network.
The cyber crime schemes borne out of technological advancements present a sharp learning curve for fraud teams. In the same panel, Jean Turnbull, a VP in Financial Crimes & Fraud Management Group at TD Bank, admitted that cyber developments represent the biggest change in fraud management; fraud teams must work with information security teams to identify ways to incorporate available intelligence into fraud models.
2. “Data is an increasingly valuable commodity,” stressed Dorris, and fraudsters know that. The value of data, and the growth of illicit economies to trade in that data, is a threat facing both the fraud and security communities. The commoditization of data is an opportunity to drive collaboration across the teams—not continue in redundantly parallel development.
Mauriceo Castanheiro, Director of Fraud at Verafin, emphasized the need for fraud teams to begin to identify and manage fraud schemes at a level of data aggregation, rather than attempting to solve each fraud individually, calling the approach of investigating individual fraud schemes a “losing strategy.” Castanherio’s analogy for a better approach to fraud is an apt one: it’s like the flu shot, he said, in that we shouldn’t each need to get the flu and deal with it in isolation if we can aggregate data, research and identify trends, and work together on solutions that will benefit the entire ecosystem.
3. The dark web is a thriving hub to trade in data and data tools. Fraud investigators are looking to the dark web as a tool for expanded investigations, and fraud prevention and detections systems understand the value of tracking the accounts being leaked and traded.
Cary Moore, CEO of MetaByte Security, emphasized the economy for stolen information, noting the ease and frequency with which data and data harvesting tools are being traded in the criminal underground. “Data,” said Moore, “is the new currency.” Moore went on to call dark web markets “fantastic business models,” in the age of constant data breaches, in their ability to identify a market for data and make that data widely available.
Castanheiro also included the dark web in his discussion of fuller, more mature fraud intelligence, noting that “exploring the dark web is critical for financial institutions” as the dark web provides additional data points for investigators to identify potential fraud risks.
The themes were a preview of the topics front and center of the presentations, conversations, and panels that took place throughout the remainder of the conference. In addition to these themes, attendees and speakers shared insights into how the evergreen fraud schemes continue to manifest in their industries: how check fraud plagues financial institutions, how providers continue to benefit from Medicare and Medicaid frauds, and how the hubris of criminals can generate the most lazy of schemes in search of cold hard cash. One South American investigator shared a local trend of fraudsters bypassing cyber schemes and hardware hacks for compromising ATMs, instead favoring good, old fashioned dynamite.
DESPITE SHARED THREATS, GAPS IN COMMUNICATION PERSIST
The global draw of the conference created the perfect impromptu focus group to survey the level of communication between the fraud and information security teams within an organization.
When asking attendees “Are your teams talking? If so, more than before?”, the answers were uniform, and uniformly optimistic: “Not quite, not yet, but we’re getting there. It’s starting to get better.” Each of the respondents stressed the need for the teams to communicate, and the potential benefits to both sides of the house: shared technologies, shared insights, and, most importantly, shared budgets. The optimism faltered only when asked about how to more quickly bridge the gap—no one quite knew how to get from here to there.
The most progressive answers came from those who have found collaboration in the course of a trial by fire. In discussions with professionals at organizations that have come under scrutiny in recent months, they each stressed that the recent upheavals at their organizations forced the issue, pushing (if not requiring) fraud and information security to communicate and collaborate.
The stress of breaches and scandals created an opportunity for conversation, created a culture of oversight that saw the danger of missed collaboration between departments, and opened room for a shared solutions. In a conversation with a fraud investigator at an organization dealing with a major scandal, the investigator spoke openly about the collateral benefits, noting that budgets had now been opened wide to provide any and all funding for additional security technologies and anti-fraud systems. According to the investigator, many of the programs both teams (fraud and information security) had been requesting for years were finally being put in place, and the teams were both encouraged and required to find ways to work together to create a stronger system—and to prevent possible repeat offenses against an already outraged customer base.
A NOD TO THE ORGANIZERS
The ACFE Global Fraud Conference is a shining example of what can happen when organizers dedicate time, energy, and resources to developing a diverse and open community of professionals. In addition to the clockwork logistics—fraud professionals are timely—the conference took on a truly global feel that did justice to its name: the opening ceremonies included a parade of flags for the nations represented by the organizations, and representatives of those countries were present at every turn. Conversations moved easily between a discussion of bank fraud with a Brazilian police official, a breakdown on cultural norms for risk assessments with a security officer based in Abu Dhabi, and an introduction to international course materials from friendly ACFE staff members from Lagos.
The conference drew in a roughly even gender split, with tattoos, piercings, and multi-color hair a-plenty: at every turn, attendees could find their peers. From students to career professionals, seasoned investigators to veteran law enforcement, the conference facilitated open and honest conversation around a shared set of standards and a shared set of challenges. Terbium Labs will most certainly be present at the 30th annual conference next year in Austin, Texas, and we encourage other conference organizers to pause and take a few lessons from the fraud folks: diverse conferences can be done well, and the ACFE staff knows how to do it.