Title to view post

Eva lets out a deeply frustrated exhale as she navigates moving boxes in her new apartment towards a nearby chair. She was just trying to update her address online and take care of some online banking money transfers. Now her accounts are frozen, and she has received a message to call the bank's fraud department. How could she be a fraudster? She was only guilty of taking a job and moving to Chicago. Maybe it's time to start thinking about changing banks… Meanwhile, in the bank's Texas-based fraud department, Robert spots Eva's case in his fraud investigations list. He noticed some suspicious activities and leaves Eva a voicemail, wanting to ask her a few questions to verify her identity or otherwise confirm this is in fact a fraudster infiltrating Eva's account. To prevent this potential risk of fraud from escalating, Robert decides it is better to freeze Eva's accounts while he confirms that it's actually Eva who is trying to change her address and not a fraudster using a stolen password. As both Robert and Eva work to connect and clear up this mix-up, Robert isn't getting to spend his time finding actual fraud and protecting his bank from any potential losses. Fraud hubs bring together advanced authentication technology and risk mitigation systems into a single platform As fraud attacks grow more frequent and complex, new technologies have sprung up to help meet the challenge, using a variety of tactics and tools to detect fraud. This is the case of device recognition, malware detection, identity verification, behavioural biometrics, and document verification, just to name a few. Regardless of their choice of tools and techniques, businesses across banking, retail, telecommunications, healthcare, and services industries need to know that the person interacting with them online is who they say they are. Combating fraud with layered tools strengthens businesses' defenses. But without an intelligent approach to connecting those tools, businesses catch too many good customers (like Eva) in their fraud-mitigation nets. By bringing together different types of fraud mitigation and risk management systems on a single technology platform, fraud hubs provide a solid solution to this challenge. How do fraud hubs like CrossCore help both businesses and consumers? CrossCore brings together into a single platform best-in-class tools and services such as advanced analytics, data consortium, device recognition, endpoint malware, and bot detection, behavioural biometrics, and document verification. Experian has also been named by Gartner as a representative vendor in online fraud detection in their April 2019 Market Guide for Online Fraud Detection, for its CrossCore solution.* Our flagship identity and fraud hub connects various functionalities together in a smart, orchestrated way, leveraging machine learning-driven decisioning to deliver a single fraud decision across multiple tools and enabling businesses worldwide to improve their fraud detection capabilities. CrossCore equips businesses with the most applicable tools to combat the specific fraud threats they face in their organisation. The 100 million cumulative transactions we have run on CrossCore to date show us that while one client may need additional protection against synthetic identity fraud, another may face frequent bot attacks in their account opening application, therefore requiring different approaches. It also means that if one tool can't validate a user's identity, another system can provide evidence that this is, in fact, a real customer. It's precisely the advanced analytics underpinning data modeling what gives our clients greater confidence in their identity and fraud decisions. But let's go back to Eva. In her case, CrossCore's fraud risk engine would have fired rules when she was making a change of address, as this action elevates the potential for fraud. But CrossCore's device intelligence would have shown that Eva was logging in from a known mobile phone. She was also using her phone to type information in a way that a normal user (non-fraudster) would do. In that case, CrossCore would have asked for a step-up authentication where Eva is prompted to take a selfie for biometric authentication. Now, Eva can continue to do her banking and access her accounts as she would normally do. This is a relief as Eva checks off more moving-related tasks and can enjoy her new life in a new city. Back in the bank's fraud investigation office, Robert and his colleagues would have never seen a case for their customer, Eva. Instead, they would have been able to focus their energies on high-risk cases, mitigating any emerging fraud threats. They would have also treated Eva as the good, valued customer she is and helped ensure her business in the long run. Whether it's an automotive client in South Africa, a healthcare organisation in the U.S., an insurance company in the UK, a fintech in Australia or a bank in Brazil, CrossCore is helping to solve one of the greatest challenges in decision analytics today: identifying good customers, while reducing fraud. Download the 2019 Global Identity & Fraud Report. *Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.  

As a member of the Forbes Technology Council, I get to publish articles on some of the latest technology trends and best practices. A recent piece, entitled “Are we comfortable with machines having the final say?”, deals with the sensitive issue of decisions being made by complex algorithms and how it impacts all areas of our lives. The article takes a closer look at high-impact decisions, such as loan determinations and health diagnosis, where the lack of understanding how algorithms may be used is becoming of increasing concern. In this context, it raises the importance of Explainable AI (XAI). This is a concept where technology and science are being used to explain how an algorithm or machine reaches a decision and tries to do this in a way that is transparent to users. However, this approach is still being tested and is only used in certain limited circumstances. As humans, we are taught to explain our decisions but we all know how difficult it is – and science has repeatedly shown how easily biased we are. XAI still has some way to go, but we can inspect, test and pick machines apart in a way we can never do with the human mind. So perhaps one day we will find a way to truly explain a machine’s decision. Whether that would make us comfortable with the machines having the final say, is still to be seen. Check out the full article here.

Phishing attacks have become more sophisticated and personal. We are all busy with life – work, family, commute, and dinner plans, along with keeping up on the latest news cycle. Virtually anyone could be inclined to quickly click on a link stating there is an issue with their recent order. But there's more to phishing attacks than just baiting businesses and consumers. During a recent #ExperianLive event, Mike Gross, Head of Global Identity and Fraud Product Innovation, discussed what businesses can do to protect themselves and their customers. ​ Q: You say that phishers would make good digital marketers. What do you mean by that? Mike: Like a great marketer, a good phisher understands people and their tendencies; they know how to get people to take action on their message. Take my most recent “almost phishing" incident. During the holidays, I received an email from a top online retailer stating there was a “problem with my recent order." I knew that any delay would jeopardize my holiday gift delivery. I was just about to click the “Login" button and then stopped. Thankfully, I double-checked the sender and it wasn't my favorite shopping site after all – just a really good fake email from a "phishy" sender. Like a digital marketer, phishers understand how to specifically target the things that people care about. This is why phishing attempts focused around the holidays, tax season, natural disasters, and hot news topics are often so successful. Q: Are phishers counting on the relationship and roles people have in an organization? Mike: Yes. That's the whole nature behind one of the biggest phishing attacks over the past several years – business email compromises. As a phisher, I'm sending you an email that looks like I work with you, say a vendor with a message that reads, “I changed the account that you use to pay me; please update your payment to this new account." If there is urgency behind it, it is taken seriously – for example, to avoid being late on paying a vendor. Human nature is being helpful and reacting, especially in this fast-paced, hyper-connected world – and that's why these scams continue to work. Q: What other phishing trends are you seeing? Mike: They've evolved over time. Take the simple phishing email; it's not so simple anymore. Nowadays, attacks are personalized to both the business and specific person – and phishers are taking advantage of automation and targeting tools so they can get the most reward for their effort. “Smishing" is variant of phishing focused on the phone channel, where attackers target victims with an SMS-based attack; you've probably seen them. You get a text and link from what you think is your friend saying something like “Check out this funny video!" But it isn't legitimate; it's a fraudster that is spoofing your friend's phone number. Then there is “vishing" which is a voice-based attack. This is where a fraudster pretends to be someone they're not (like a consumer's financial institution) and tries to obtain personal information or take over an existing account. Q: Wow! Phishing fraud is sophisticated. What has led to that? Mike: We've seen a tremendous leap in technology used. There is a great example of that last year with a U.K. bank. Their customers expect that if there is an out-of-place transaction, the bank will call them. In this particular vishing scheme, vishers used compromised accountholder usernames and passwords to log into customer accounts and set up money transfers. Knowing that this would alert accountholders to the attempted transfer using the SMS one-time passcode, phishers called legitimate customers, impersonated the bank, and stated that since the customer was a recent fraud attack victim, the bank needed confirmation that they were the accountholder. The vishers told customers they would receive a passcode. While the customer confirmed the code, the vishers submitted the fraudulent transfer. Q: What trends and techniques are you seeing? Mike: Two of the big trends we're seeing is around Artificial Intelligence (AI), machine learning, and SMS to find victims. A big part of phishing is what we call “spear phishing." This targets individuals with access to an organization's financial accounts or internal systems. Another term is “whaling" which targets a specific high-profile individual. The phishers are no longer just sending out blanket lottery scam and Nigerian prince emails with misspellings to millions of people. It's very focused – and phishers can easily do this using machine learning and AI. Q: Do you notice any seasonality, or spikes in phishing based on a certain time of year? Mike: The holidays are one because so many people go to their favorite shopping sites and buy items that are completely out of pattern based on what they usually do online. Another good example is tax season. We saw phishers impersonate top tax and financial management software providers, allowing consumers to “quickly and easily submit their tax forms online." What's worse is that phishers use the knowledge you have about phishing against you. Things like “How do you protect yourself? Click on this link to learn more" or “Click this link to download software and protect your devices." Also, fraudsters pay attention to the news, so whether it's a natural disaster or the cathedral fire that happened in Paris last April, phishers see those as opportunities to prey on victims simply trying to donate to a worthy cause. Q: What advice do you have for businesses and consumers to protect themselves against phishing attacks? Mike: My advice for businesses is to focus on technology and training. Strong technology solutions must be in place at all businesses to block phishing emails that are coming from suspicious sites – and for the most part, large organizations do a great job of that. Smaller businesses can also take advantage of technology solutions from their internet providers. Businesses can implement web blocking software for less secure Internet sites and filter what types of content employees can have access to on business devices. A lot of companies hire outside consultants to talk about the different types of phishing attacks with employees. These are helpful, but the key is to not allow training to become static because attackers evolve so quickly. Both businesses and consumers can use the email filtering option that is available through nearly every email provider. Don't click on any attachments that even remotely look suspicious – especially if they've been texted to you from someone you either don't know or the message appears out of character for someone you know. Q: What activities is your group taking on that will help businesses and their customers fight phishing attacks? Mike: There are several things we're doing that impact businesses and consumers offline and digitally. We help businesses recognize their customers and authenticate them, whether that's helping customers with a new bank account, enabling easy checkout at a favorite retailer app, or protecting account logins. 99% of people trying to access accounts are the legitimate account holder; it's that 1% though that causes a lot of friction for good customers. So, we're trying to make it easier for those consumers to quickly pass through all of the controls so authentication is easier. That translates into consumer loyalty for brands. Q: And that's what it's really all about? Mike: It is. We help businesses recognize their customers and also ensure that they are catching fraudsters on the back end. But we also strive to make that recognition or user experience as seamless as possible, with the right scrutiny for the risk level of that business. Mike Gross leads product innovation strategy for Global Identity and Fraud at Experian. Check out the entire podcast and video on how to protect your business from phishing here.