Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 1 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Three Tips for Combating Fraud.

by The Gurus
October 29, 2018
in Opinions & Analysis
image of Chris Camacho, and flashpoint logo
Share on FacebookShare on Twitter

Chris Camacho, Chief Strategy Officer at Flashpoint

Fraud is an inevitability of business, and one that most won’t concede they’re susceptible to. But the blunt truth is, insiders who are close to critical systems—or outsiders who are skilled enough to exploit vulnerabilities in anti-fraud and other security controls—will steal. They may target assets they’re entrusted to protect or cook the books to hide their tracks; in the end both types of fraudsters aim to make off with significant money.

Fraud persists, and frankly, it’s not realistic to believe businesses can take measures that will permanently eradicate it. Fighting fraud, however, doesn’t have to be in vain. Here are three tips to help businesses combat fraud:

Get inside the adversary’s head
Anti-fraud systems may be effective and getting better, but they’re not going to deter a profit-motivated criminal. The challenge then becomes an exercise in anticipating the fraudster’s next move. In order to get inside an adversary’s head, anti-fraud professionals must consider what incentivises a fraudster and what their targets could be. In most cases, this is a simple exercise: credit card data, personally identifiable information (PII), user account login credentials, and other types of proprietary data and information are common targets.

It’s also imperative to consider how fraudsters might attempt to hurdle existing controls in order to access your business’ assets. Multi-factor authentication may protect some payment card transactions, but what about gift cards, for example. Unlike bank-issued credit and debit cards, gift cards are generally not held to strict anti-fraud standards, which is largely why they are a desirable asset among many fraudsters. Illicit vendors selling stolen gift cards have become commonplace on the Deep & Dark Web (DDW) in recent years, leading to an uptick in instances of gift card fraud.

Thinking like a fraudster means considering all of the options available to an attacker and admitting that certain systems or processes may be flawed. Proactively identifying and addressing any weaknesses in existing anti-fraud programs—such as what fraudsters determined are often present within gift card security controls—can help businesses better anticipate and prepare for fraud.

Have eyes and ears on DDW fraud forums
Thinking like a criminal is only one part of this strategy. To accurately anticipate how your company, your peers, or your industry is being targeted, it’s important to have insight into the conversations and behaviours of those perpetuating fraud. Not all organisations are going to have proper visibility into these realms, therefore it’s important to have a trusted partner with eyes and ears on the DDW, for example.

Certain DDW forums focus on fraud, and on these forums, certain trends emerge. For example, discussions related to the lax anti-fraud controls of gift cards eventually manifested in a spike in gift card fraud.

Many fraudsters’ ever-evolving tactics bear little resemblance to the tried-and-true fraud schemes with which most businesses are familiar. Although countless variations of credit card fraud, for example, are generally well-known and well-mitigated in the financial services and retail industries, many businesses continue to incur substantial losses from lesser-known types of fraud. In addition to gift card fraud, refund fraud, health savings account fraud, and rewards point fraud are only a few of many such examples that were initially conceived within the cybercriminal underground before posing a threat to businesses.

The DDW can be a rich source of insight into emerging fraud tactics and schemes. But because accessing and engaging within these online communities can be challenging and risky without the proper expertise and protections, businesses are encouraged to work with reputable intelligence vendors to more effectively, easily, and safely gain visibility into the cybercriminal underground.

Keep track of regional ties and variations
Analysts have tied different types of fraud certain regions such as Eastern Europe, forcing businesses go to great lengths to gain insight into new schemes and tactics. These types of insights are critical for establishing countermeasures, the most effective of which typically account for the social, cultural, and linguistic nuances known to characterise fraudulent activity originating in certain regions.

But in recent years, new cybercriminal communities and, as a result—new tactics and types of fraud—have quickly emerged in many more regions. Latin America is one such example. While fraudsters in Latin America have long been considered unsophisticated, unorganised, and unlikely to pose any substantial threats to businesses, this community has since evolved substantially. Many businesses that previously had no reason to monitor the Spanish-language cybercriminal underground are now striving to understand and combat threats originating from fraudsters in Latin America. And given that threats and indicators can vary substantially across different regions and communities, keeping track of these variations and new developments is a must for businesses and anti-fraud teams.

Assessment
Just as fraudsters are extremely resilient, persistent, and resourceful, businesses, too, should seek to emulate these characteristics when fighting fraud. This means approaching fraud from new perspectives, learning about emerging schemes and tactics proactively, and seeking third-party services and expertise when necessary. While businesses have little control over the existence of fraud, they can control the extent to which they prepare for and mitigate this ever-evolving threat.

[tpr-boilerplate company=’null’]

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

IBM Mobile Cybersecurity Center Makes RIT Its First University Stop On World Tour.

Next Post

Lessons For NHS Following US Healthcare Providers’ Low Resilience To Cyber-Attack, Warns Report.

Recent News

JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023
Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information