Advice from a CISO: How to beat the fraudsters
Security

Advice from a CISO: How to beat the fraudsters

CISOs are the business leaders everyone is talking about. But what do they have to say? Mike Turner is Chief Information Security Officer at Capgemini and shares his views.

Whether you work for an investment bank or a high-street retailer, you have to ask the same question hundreds, maybe even tens of thousands of times a day: Is this transaction passing through my systems legitimately, or is there an attempted fraud taking place?

Fraud costs the global economy £3.55 trillion ($4.65 trillion) every year, and rather than getting easier to track, it is getting more complicated. Detecting fraud has traditionally been a matter of identity validation and risk assessment. This takes time and adds steps to the transaction process. It is a simple problem that’s very tricky to solve: while the transactee wants the process completed as simply and quickly as possible, the processor carrying the financial risk needs to validate their ability to pay.

Machine Learning in security can be a tricky game… Welcome to the world of adversarial machine learning

Businesses have for decades created rules to mitigate the risks of fraudulent activity, but with transaction numbers rising and high customer demand for instant decisions, manual intervention in every transaction has been impossible for some time. Previously, processors have used authentication steps to validate cardholders, using protocols such as 3-D Secure.  Yet these methods do not assess behaviour, they simply confirm the individual holds the right credentials.

But the rigidity of a rules-based approach is fast becoming an Achilles heel. One of the reasons fraudsters are successful is because of their ability to adapt, and organisations are continuously playing catch up. The sheer volume of transactions makes it impossible to make individual decisions while maintaining a speed that won’t frustrate or deter customers. That’s why many organisations are turning to automation to balance speed with security.

Artificial Intelligence is now helping to level the playing field. Financial institutions have long been the battering ram when it comes to detecting fraud and they are leading the way by using AI to process huge amounts of data and identify risk factors in a way that can automatically modify the rules, or rather algorithms, to identify fraud. Machines are learning from fraudsters and adapting to their changing behaviour.

There are lots of ways fraud can take place, and they vary across vertical markets, too. It can be external or internal, or committed by someone with legitimate credentials, and depending on the aim of the fraudster have countless nuanced methods. So, how can the banking approach be relevant?

In the past transactions were processed by rules, but rules need to be defined, which is where artificial intelligence steps in. You can understand what a legitimate transaction looks like, by examining the behaviors of the people taking part. For example, you can tell whether a human or a machine is entering user credentials, because the key strokes happen in a particular way. Furthermore, humans will browse a supermarket website in a different way to a bot.

Adversarial machine learning looks set to increase over the next 18 months. What might ‘bad guy’ machine learning mean for security?

With cognitive learning, you can analyse data and see what the abnormal patterns look like – setting rules based on those patterns. This can all happen without a human in the loop slowing down the process: you can cater for millions of scenarios, becoming more agile in your fraud detection.

Elsewhere, sectors such as insurance are using AI to crosscheck claims from multiple sources. On trading floors, AI can monitor the behaviour of traders the way they manage their portfolios. Each of these examples have very different requirements, but the basic approach is the same, using technology to identify patterns, then building algorithms that can be adapted in real-time to trigger processes designed to mitigate risk. In the future, quantum computing will allow us to process billions of transactions in the time it takes to process thousands now.  Those gains in speed will enable more analysis, faster identification of trends, and better real-time risk mitigation.  

Criminals are working tirelessly to make their activities look legitimate.  They will also always look for the easiest way to defraud and for the most vulnerable targets.  It is time to think about how you currently assess fraud risks in your business, and whether Artificial Intelligence has a role to play in stopping your company and customers becoming a victim.

 

Read previous pieces of “Advice from a CISO”:
Advice from a CISO: We have traditionally failed at leadership

PREVIOUS ARTICLE

«Why accessing business data is still a struggle

NEXT ARTICLE

Cybersecurity giant McAfee puts collaboration at the heart of its strategy»
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Will Kotlin overtake Java as the most popular Android programming language in 2018?